+ Message Security Vulnerabilities

CVE-2024-34696

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...

CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...

CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...

Exploit for CVE-2024-34102

CosmicSting: critical unauthenticated XXE vulnerability in...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to denial of service, loss of confidentiality and availability of host system. This bulletin identifies the steps to address the vulnerabilities. CVE-2023-39318, CVE-2023-39321, CVE-2023-39319,...

[SECURITY] [DLA 3855-1] pdns-recursor security update

Debian LTS Advisory DLA-3855-1 [email protected] https://www.debian.org/lts/security/ ; Daniel Leidert July 01, 2024 https://wiki.debian.org/LTS Package : pdns-recursor Version : 4.1.11-1+deb10u2 CVE...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1850)

The remote host is missing an update for the Huawei...

CVE-2024-6291

Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser.....

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1864)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1862)

The remote host is missing an update for the Huawei...

FreeBSD-SA-24:04.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:04.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication remote code execution Category: contrib Module: openssh Announced:...

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

SUSE: Security Advisory (SUSE-SU-2024:2245-1)

The remote host is missing an update for...

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

CVE-2023-50953

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2023-50953

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2023-50953 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35119

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35119

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...

Exploit for CVE-2024-34102

CVE-2024-34102 Usage ```bash python3 CVE-2024-34102.py...

CVE-2024-35119 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...

Google to Block Entrust Certificates in Chrome Starting November 2024

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...

Virtuozzo Hybrid Infrastructure 6.2 (6.2.0-136)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service, high availability of the management node, object storage management, networking, and monitoring. Additionally, this release delivers stability improvements and addresses issues found...

Debian dla-3849 : emacs - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3849 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3849-1 [email protected] ...

SUSE SLES15 Security Update : frr (SUSE-SU-2024:2245-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2245-1 advisory. - CVE-2023-38406: Fixed nlri length of zero mishandling, aka 'flowspec overflow'. (bsc#1216900) - CVE-2023-47235: Fixed a crash on.....

Debian dla-3848 : elpa-org - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3848 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3848-1 [email protected] ...

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to improper error handling (CVE-2023-50953)

Summary An improper error handling vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50953 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information (CVE-2024-35119)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35119 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical...

CVE-2024-39828

R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. This was fixed in a hotfix to 1.9.5 on...

CVE-2024-39828

R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. This was fixed in a hotfix to 1.9.5 on...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2023-3817 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check()...

CVE-2024-35156

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35156

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35155

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35155

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35156 IBM MQ information disclosure

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35155 IBM MQ information disclosure

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

runc vulnerable to container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

runc vulnerable to container breakout through process.cwd trickery and leaked fds in...

Moby (Docker Engine) Insufficiently restricted permissions on data directory in github.com/docker/docker

Moby (Docker Engine) Insufficiently restricted permissions on data directory in...

Grafana information disclosure in github.com/grafana/grafana

Grafana information disclosure in...

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware...

Updated erofs-utils packages fix security vulnerabilities

Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem...

Updated libopenmpt packages fix security vulnerabilities

Possible out-of-bounds read or write when reading malformed MED files. (r19389). [Null-pointer write (32bit platforms) or excessive memory allocation (64bit platforms) when reading close to 4GiB of data from unseekable files (r20336, r20338). Write buffer overflow when reading unseekable files...