APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) Security Vulnerabilities

Malicious code in gradient-tiny (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (072e069157bae3a21204a965538030cd1d107c5a79c9574cc9b663c06225b36a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 40 Update: moodle-4.3.5-1.fc40

Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning...

CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....

[SECURITY] Fedora 39 Update: moodle-4.3.5-1.fc39

Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-35116)

Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See: ...

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-35155)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID: CVE-2024-35155 DESCRIPTION: IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the...

Security Bulletin: IBM MQ is affected by a password disclosure vulnerability (CVE-2024-35156)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ REST API. Vulnerability Details CVEID: CVE-2024-35156 DESCRIPTION: IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...

Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2024-22201)

Summary An issue was found in Eclipse Jetty that is shipped with the IBM MQ Explorer. Vulnerability Details CVEID: CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a specially crafted request,.....

Security Bulletin: IBM MQ is affected by a vulnerability in the IBM Runtime Environment, Java Technology Edition (CVE-2024-21085)

Summary An issue was identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. Vulnerability Details CVEID: CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low...

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary Multiple issues were identified with IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID: CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-31919)

Summary IBM MQ has addressed a denial of service vulnerability caused by an error processing messages when an API Exit using MQBUFMH is used. Vulnerability Details CVEID: CVE-2024-31919 DESCRIPTION: IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error...

Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack (CVE-2024-31912)

Summary IBM MQ has addressed a privilege escalation vulnerability. Vulnerability Details CVEID: CVE-2024-31912 DESCRIPTION: IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. CVSS Base score: 7.5 CVSS Temporal...

CVE-2024-1493

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...

CVE-2024-1493

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...

CVE-2024-1493

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...

UNKNOWN READ in spvtools::disassemble::InstructionDisassembler::EmitInstruction

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69804 Crash type: UNKNOWN READ Crash state: spvtools::disassemble::InstructionDisassembler::EmitInstruction spvtools::DisassembleInstruction...

Ubuntu 14.04 LTS : SQLite vulnerability (USN-5615-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5615-3 advisory. USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Original advisory...

Debian dsa-5723 : libcolorcorrect5 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5723 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5723-1 [email protected] ...

ROS-20240627-06

A vulnerability in the Calendar component of cloud storage creation and utilization software Nextcloud Server is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information Vulnerability in the 2FA component.....

Ubuntu: Security Advisory (USN-6854-1)

The remote host is missing an update for...

Ubuntu 22.04 LTS : OpenSSL vulnerability (USN-6854-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6854-1 advisory. It was discovered that OpenSSL failed to choose an appropriately short private key size when computing shared-secrets in the Diffie-Hellman Key Agreement...

Fedora: Security Advisory for moodle (FEDORA-2024-9df8ef935b)

The remote host is missing an update for...

OpenSSL Buffer Overread Vulnerability (20240627) - Windows

OpenSSL is prone to a buffer overread...

Node.js Multiple Vulnerabilities (Jul 2024) - Windows

Node.js is prone to multiple...

GitLab 9.2 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-1493)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing...

IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD Privilege Escalation (7158072)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158072 advisory. IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. (CVE-2024-31912) Note that...

GitLab 16.9 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-4901)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS ...

GitLab 16.1 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-4011)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows...

Debian dla-3841 : linux-config-5.10 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3841 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3841-1 [email protected] ...

Microsoft Edge (Chromium) < 126.0.2592.81 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.81. It is, therefore, affected by multiple vulnerabilities as referenced in the June 27, 2024 advisory. Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to...

IBM MQ 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7157976)

The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7157976 advisory. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service,...

Ubuntu: Security Advisory (USN-6843-1)

The remote host is missing an update for...

Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95943)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95943 advisory. Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform...

Ubuntu: Security Advisory (USN-6852-1)

The remote host is missing an update for...

Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95974)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95974 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users...

Ubuntu: Security Advisory (USN-6853-1)

The remote host is missing an update for...

IBM MQ 9.0 <= 9.0.0.26 / 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.4 CD (7158057)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158057 advisory. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can...

OpenSSL 3.3.0 < 3.3.2 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.3.2. It is, therefore, affected by a vulnerability as referenced in the 3.3.2 advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or...

Important: pki-core security update

The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): dogtag ca: token authentication bypass vulnerability (CVE-2023-4727) For more details about the security issue(s), including the impact, a CVSS score,...

Atlassian Confluence 1.0.1 < 7.19.24 / 7.20.x < 8.5.11 / 8.6.x < 8.9.3 (CONFSERVER-95973)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95973 advisory. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on...

Ubuntu: Security Advisory (USN-6850-1)

The remote host is missing an update for...

pki-core security update

[11.5.0-2.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.5.0-2] - RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass...

OpenSSL 1.0.2 < 1.0.2zk Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zk. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zk advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash...

CVE-2024-36074

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint...

Debian dla-3840 : hyperv-daemons - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3840 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3840-1 [email protected] ...

The Windows Registry Adventure #3: Learning resources

Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry......

IBM MQ DoS (7157979)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157979 advisory. IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used....

GitLab 12.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-1816)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an...

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

Ubuntu: Security Advisory (USN-6851-1)

The remote host is missing an update for...