1756-EN2TRK Series A, B Security Vulnerabilities

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...

Rockwell Studio 5000 Logix Designer < V34 Code Hiding

The version of Rockwell Studio 5000 Logix Designer installed on the remote Windows host is prior to V34. It is, therefore, affected by a vulnerability. An attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)

The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Fuji Electric Alpha5 C5V File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5 Smart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

VSS Snapshot Creation Delay on Server with DFSR Enabled

When preparing the DFS VSS writer for backup, the Veeam Agent gets into a recursion while checking the files in the scope of the DFS...

Ubuntu: Security Advisory (USN-6803-1)

The remote host is missing an update for...

How to Configure PXE Booting of Veeam Agent for Linux Recovery Media

This article documents how to configure Linux to PXE boot the Veeam Agent for Linux Recovery Media over a...

Amazon Linux 2 : amazon-ecr-credential-helper (ALASECS-2024-036)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-036 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive ...

Amazon Linux 2 : tigervnc (ALAS-2024-2558)

The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2558 advisory. A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : GNU C Library vulnerabilities (USN-6804-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6804-1 advisory. It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local.....

Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2.....

Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD.....

Amazon Linux 2 : kernel (ALAS-2024-2560)

The version of kernel installed on the remote host is prior to 4.14.158-129.185. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2560 advisory. The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-068)

The version of kernel installed on the remote host is prior to 5.4.271-184.369. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-068 advisory. In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in ...

Amazon Linux 2 : git (ALAS-2024-2548)

The version of git installed on the remote host is prior to 2.40.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2548 advisory. Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4,...

Cisco Firepower Threat Defense Software Snort 3 HTTP Intrusion Prevention System Rule Bypass (cisco-sa-snort3-ips-bypass-uE69KBMd)

According to its self-reported version, Cisco Firepower Threat Defense (FTD) Software is affected by a vulnerability. Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to...

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

CVE-2024-36884

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a...

CVE-2024-5493

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser....

CVE-2024-36026

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 While doing multiple S4 stress tests, GC/RLC/PMFW get into an invalid state resulting into hard hangs. Adding a GFX reset as workaround just before sending the MP1_UNLOAD...

CVE-2024-36017

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a struct ifla_vf_vlan_info so the size of such attribute needs to be at least of sizeof(struct...

BWL Advanced FAQ Manager 2.0.3 SQL Injection

...

iMLog Cross Site Scripting

...

Amazon Linux 2 : golist (ALAS-2024-2556)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2556 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read...

Lexmark CX331adwe Firmware Downgrade Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /usr/bin/hydra service, which listens on TCP port 9100 by...

TeamCity Server Multiple Vulnerabilities (CVE-2024-36362 / CVE-2024-36365)

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2024.3.2, prior to 2023.11.5, prior to 2023.5.6, prior to 2022.10.6, prior to 2022.04.7. It is, therefore, affected by multiple vulnerabilities: Path traversal...

Progress WhatsUp Gold < 23.1.2 Multiple Vulnerabilities (000255428)

The version of Progress WhatsUp Gold installed on the remote host is prior to 23.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 000255428 advisory. In WhatsUp Gold versions released before 2023.1.2, a blind SSRF vulnerability exists in Whatsup Gold's ...

Amazon Linux 2 : hsqldb (ALAS-2024-2557)

The version of hsqldb installed on the remote host is prior to 1.8.1.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2557 advisory. A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script file with a SCRIPT...

GNOME Shell < 45.7 Code Execution in Portal Helper (CVE-2024-36472)

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource...

changedetection 0.45.20 Remote Code Execution

...

Amazon Linux 2 : python38 (ALASPYTHON3.8-2024-011)

The version of python38 installed on the remote host is prior to 3.8.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2024-011 advisory. An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13,...

Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Canon imageCLASS MF753Cdw setResource Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper.....

Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF.....

Contact Form 7 Plugin for WordPress < 5.9.2 Cross-Site Scripting

The WordPress Contact Form 7 Plugin installed on the remote host is affected by a Cross-Site Scripting (XSS) vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2.....

changedetection &lt; 0.45.20 - Remote Code Execution (RCE)

...

CVE-2024-36882

In the Linux kernel, the following vulnerability has been resolved: mm: use memalloc_nofs_save() in page_cache_ra_order() See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"), ensure that page_cache_ra_order() do not attempt to reclaim file-backed pages too, or it leads to a...

CVE-2024-36889

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 ...

CVE-2024-5494

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

CVE-2024-36883

In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array,....

CVE-2024-36031

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set...

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

Fuji Electric Monitouch V-SFT V9C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

...

Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BIP...

Nginx 1.25.0 - 1.26.0 Multiple HTTP/3 Vulnerabilities

Nginx is prone to multiple HTTP/3...

Fuji Electric Alpha5 C5V File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5 Smart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...