3com – Asesor De Cookies Para Normativa Española Security Vulnerabilities

Exploit for Vulnerability in Microsoft

Gerenciamento da implantação de alterações de associação de...

jeu-de-puzzle.net Cross Site Scripting vulnerability OBB-3927632

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

BypassFuzzer - Fuzz 401/403/404 Pages For Bypasses

The original 403fuzzer.py :) Fuzz 401/403ing endpoints for bypasses This tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACL's or URL validation. It will output the response codes and length for each request, in a nicely organized, color coded way so.....

Exploit for Vulnerability in Reportlab

CODE INJECTION VULNERABILITY IN REPORTLAB PYTHON LIBRARY...

Delta Electronics CNCSoft-B DOPSoft Uncontrolled Search Path Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

RHEL 6 : chromium-browser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. chromium-browser: Heap buffer overflow in clipboard (CVE-2020-16025) chromium-browser: Out of bounds...

RHEL 7 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c (CVE-2019-15505) kernel: lack...

RHEL 5 : xsa240_xen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. xsa240 xen: Unlimited recursion in linear pagetable de-typing (XSA-240) (CVE-2017-15595) Note that Nessus has not...

RHEL 6 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...

RHEL 5 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Sandbox escape with improperly separated process types (CVE-2020-12389) Mozilla: Memory safety...

RHEL 6 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: XML External Entity in XML...

RHEL 5 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: Stack-based buffer overflow in...

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: request mixup (CVE-2022-25762) When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80...

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

RHEL 6 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. firefox: Possible integer overflow to fix inside XML_Parse in Expat (CVE-2016-9063) firefox: arbitrary...

RHEL 5 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...

RHEL 6 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...

RHEL 7 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. firefox: Possible integer overflow to fix inside XML_Parse in Expat (CVE-2016-9063) firefox: arbitrary...

RHEL 8 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. firefox: mixed content warning is not displayed when HTTPS page loads a favicon over HTTP...

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage (LFS) replaces large files such as audio samples,...

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) golang: net/http/cookiejar:...

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

golang security update

An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

watchband24.de Cross Site Scripting vulnerability OBB-3927281

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for Improper Preservation of Permissions in Mobyproject Moby

CVE-2021-41091 Un bug en Moby (Docker Engine) permite a...

Openmediavault Remote Code Execution / Local Privilege Escalation Exploit

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse....

glibc security update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 159 vulnerabilities disclosed in 141...

How to Create Collaboration and Shared Goals with IT and Security Teams

In today’s ITSM landscape, merging IT operations and security practices is no longer “ideal”, but imperative. According to a recent Gartner® Board of Directors Survey 1, 88% of respondents indicated that their organization perceives cybersecurity as a business risk. This was up from 58% in 2016,...

(RHSA-2024:2799) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...

APT trends report Q1 2024

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published.....

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1592)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...

RHEL 8 : glibc (RHSA-2024:2799)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2799 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when...

Microsoft PlayReady Complete Client Identity Compromise

...

AlmaLinux 8 : glibc (ALSA-2024:2722)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...

Oracle Linux 8 : glibc (ELSA-2024-2722)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to...

Rocky Linux 8 : glibc (RLSA-2024:2722)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...

Openmediavault Remote Code Execution / Local Privilege Escalation

...

State of ransomware in 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely –...

Exploit for Expression Language Injection in Vmware Spring Cloud Function

CVE-2022-22963 En las versiones 3.1.6, 3.2.2 y versiones...

glibc security update

[2.28-236.0.1.13] - Forward port of Oracle patches. Reviewed-by: Jose E....

Ubuntu: Security Advisory (USN-6766-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6765-1)

The remote host is missing an update for...

linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

linux-oem-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander.....

(RHSA-2024:2724) Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...