ESET, Spol. S R.o. Security Vulnerabilities

(RHSA-2024:3261) Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

(RHSA-2024:3062) Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial...

(RHSA-2024:2953) Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) rubygem-rack: Possible DoS Vulnerability with Range Header in Rack...

s-promotion.de Cross Site Scripting vulnerability OBB-3832022

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

(RHSA-2024:2910) Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to...

Low: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fix(es): Mozilla: Denial of Service using HTTP/2 CONTINUATION frames (CVE-2024-3302) For more details about the security issue(s), including the impact, a CVSS score,...

Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2023-2650. Vulnerability Details ** CVEID: CVE-2023-2650 DESCRIPTION:...

Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fix(es): PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE...

CVE-2024-5050

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated.....

K000139616: MySQL vulnerability CVE-2024-21051

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

K000139615: Node.js vulnerability CVE-2024-27982

Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

(RHSA-2024:2793) Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) For more details about the...

Exploit for CVE-2024-24919

Check point:CVE-2024-24919 ...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual.....

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox: Potential...

tls-listener affected by the slow loris vulnerability with default configuration

Summary With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. Details The default configuration options make any public service using TlsListener::new() vulnerable to a slow-loris DoS attack. rust /// Default...

(RHSA-2024:2843) Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...

Exploit for Cross-site Scripting in Helpsystems Cobalt Strike

CVE-2022-39197-RCE First This project was modified from...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to elevated privileges due to OpenShift.

Summary OpenShift included with IBM Storage Fusion HCI is affected by the CVE listed below. CVE-2023-5408. Vulnerability Details ** CVEID: CVE-2023-5408 DESCRIPTION: **OpenShift Kubernetes could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

CVE-2022-41340

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature...

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...

Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

Heap Based Buffer Overflow

qemu is vulnerable to a heap-based buffer overflow. The vulnerability is due to insufficient bounds checking in the SDHCI device emulation code of QEMU, when both s->data_count and the size of s->fifo_buffer are set to 0x200, allows a malicious guest to crash the QEMU process on the host,...

CVE-2023-2816

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager

CVE-2022-1388 A remote code execution vulnerability...

CVE-2022-3515

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME...

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH...

Exploit for Uncontrolled Resource Consumption in Apache Log4J

CVE-2021-44228-Log4Shell-Hashes Hashes for vulnerable LOG4J...

(RHSA-2024:3411) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

CVE-2023-52868

In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev-&gt;id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will...

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

Security Bulletin: IBM Aspera Console has addressed a denial of service vulnerability (CVE-2024-27316)

Summary IBM Aspera Console is vulnerable to Apache HTTP Server denial of service vulnerability caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that can be sent within a single stream, a remote attacker could exploit this vulnerability to cause an out of memory (OOM)...

CVE-2023-52868

In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev-&gt;id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will...

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. Notes Author| Note ---|--- sbeattie | QUIC support was added in nginx...

CVE-2024-4139

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

(RHSA-2024:2952) Moderate: resource-agents security and bug fix update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

(RHSA-2024:2911) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...

(RHSA-2024:2904) Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...

Moderate: apr security update

The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es): apr: integer overflow/wraparound in apr_encode (CVE-2022-24963) For more details about the security...

(RHSA-2024:2820) Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): varnish: HTTP/2 Broken Window Attack may result in denial of service...

Apache Struts2 S2-053 - Remote Code Execution

Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Freemarker tag instead of string literals, which makes it susceptible to remote code execution...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

CVE-2022-35652

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this.....

K000139573: node.js vulnerability CVE-2024-22017

Security Advisory Description setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects.....