AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,NetEngine16EX,SRG1300,SRG2300,SRG3300 Security Vulnerabilities

symfony/translation XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Celebrating Excellence: Joanne Guariglia and Kelly Hiscoe Recognized as CRN's 2024 Women of the Channel

We are thrilled to announce that two of our exceptional team members, Joanne Guariglia and Kelly Hiscoe, have been recognized as CRN's 2024 Women of the Channel. This recognition celebrates the achievements and leadership of women within the channel community, and we are incredibly proud to see...

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

(RHSA-2024:3501) Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

(RHSA-2024:3500) Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...

(RHSA-2024:3497) Important: edk2 security update

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234) edk2: Buffer...

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...

CVE-2024-3583

The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Supply Chain Attack against Courtroom Software

No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode...

CVE-2024-3583 Simple Like Page Plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

The Ticketmaster &#8220;breach&#8221;—what you need to know

Earlier this week, a cybercriminal group posted an alleged database up for sale online which, it says, contains customer and card details of 560 million Live Nation/Ticketmaster users. The data was offered for sale on one forum under the name "Shiny Hunters". ShinyHunters is the online handle for.....

CVE-2024-35200

A flaw was found in NGINX. When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause the NGINX worker processes to...

CVE-2024-34161

A flaw was found in NGINX. When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause the NGINX worker processes to leak previously.....

CVE-2024-31079

A flaw was found in NGINX. When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impacts. This attack requires that a request be timed specifically during the connection-draining....

CVE-2024-32760

A flaw was found in NGINX. When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause the NGINX worker processes to terminate or cause other potential...

(RHSA-2024:3486) Moderate: gdisk security update

The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line interface similar to fdisk, direct manipulation of partition table structures, recovery tools to deal with corrupt partition tables, and the ability to convert Master....

(RHSA-2024:3351) Moderate: OpenShift Container Platform 4.12.58 security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.58. See the following advisory for the container...

(RHSA-2024:3349) Moderate: OpenShift Container Platform 4.12.58 security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.58. See the following advisory for the RPM...

(RHSA-2024:3483) Moderate: Red Hat Ansible Automation Platform 2.4 Container Security and Bug Fix Update

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...

Symfony XXE security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Symfony XXE security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

(RHSA-2024:3331) Important: OpenShift Container Platform 4.14.27 bug fix and security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.27. See the following advisory for the RPM...

SUSE: Security Advisory (SUSE-SU-2024:1846-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for less (EulerOS-SA-2024-1716)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1720)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1732)

The remote host is missing an update for the Huawei...

Ubuntu: Security Advisory (USN-6798-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-1722)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2024-1756)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1748)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1737)

The remote host is missing an update for the Huawei...

Akaunting 3.1.8 Server-Side Template Injection

...

Ubuntu: Security Advisory (USN-6801-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1781)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2024-1778)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1760)

The remote host is missing an update for the Huawei...

SUSE SLES15 Security Update : gdk-pixbuf (SUSE-SU-2024:1842-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1842-1 advisory. - CVE-2022-48622: Fixed files rejection with multiple anih chunks (bsc#1219276). Tenable has extracted the preceding description block...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1766)

The remote host is missing an update for the Huawei...

SUSE: Security Advisory (SUSE-SU-2024:1833-1)

The remote host is missing an update for...

SUSE SLES15 / openSUSE 15 Security Update : libxml2 (SUSE-SU-2024:0461-2)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0461-2 advisory. - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). Tenable has extracted the preceding description block...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2024:1808-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1808-1 advisory. - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). Tenable has...

SUSE SLES12 Security Update : python3 (SUSE-SU-2024:1843-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1843-1 advisory. - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). Tenable has extracted the preceding...

RHEL 9 : less (RHSA-2024:3513)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3513 advisory. The less utility is a text file browser that resembles more, but allows users to move backwards in the file as well as forwards. Since less does...

Oracle Linux 8 : git-lfs (ELSA-2024-3346)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3346 advisory. [3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32543, RHEL-28377, RHEL-28399, RHEL-28423 [3.4.1-1] - Update to version 3.4.1 - Resolves:...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1741)

The remote host is missing an update for the Huawei...

Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...

RHEL 8 : OpenShift Container Platform 4.12.58 (RHSA-2024:3351)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3351 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1763)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1769)

The remote host is missing an update for the Huawei...