AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,NetEngine16EX,SRG1300,SRG2300,SRG3300 Security Vulnerabilities

Security Bulletin: IBM Sterling B2B Integrator - The Document Service Container in IBM Sterling B2B Integrator is vulnerable to denial of service due to jackson-core (256137)

Summary The Document Service Container in IBM Sterling B2B Integrator is vulnerable to a denial of service due to jackson-core (256137). IBM Sterling B2B Integrator has addressed the vulnerabilty in the Remediation/Fixes section of this bulletin. Vulnerability Details ** IBM X-Force ID: 256137 ...

Security Bulletin: A vulnerability in Apache Xerces C++ XML parser may affect IBM Storage Protect HSM for Windows

Summary IBM Storage Protect HSM for Windows can be affected by a security flaw in Apache Xerces C++ XML parser. The flaw can lead to arbitrary code execution, as described in the "Vulnerability Details" section. CVE-2024-23807. Vulnerability Details ** CVEID: CVE-2024-23807 DESCRIPTION: **Apache...

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.2 addresses multiple vulnerabilities. Vulnerability Details ** CVEID: CVE-2014-3643 DESCRIPTION: **Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by jersey SAX parser. By...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK (CVE-2024-38264)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM...

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to a denial of service and a remote authenticated attacker (CVE-2024-29857, CVE-2024-30171 & CVE-2024-30172)

Summary IBM App Connect for Manufacturing is vulnerable to a denial of service and a remote authenticated attacker accessing sensitive information. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.

Summary IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details ** CVEID: CVE-2023-6004 DESCRIPTION: **libssh could allow a local...

Security Bulletin: IBM Maximo Application Suite uses jose-2.0.6.tgz which is vulnerable to CVE-2024-28176.

Summary Security Bulletin: IBM Maximo Application Suite uses jose-2.0.6.tgz which is vulnerable to CVE-2024-28176. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-28176 DESCRIPTION: **Node.js jose module is vulnerable to a...

Security Bulletin: IBM Maximo Application Suite uses follow-redirects-1.15.4.tgz which is vulnerable to CVE-2024-28849

Summary IBM Maximo Application Suite uses follow-redirects-1.15.4.tgz which is vulnerable to CVE-2024-28849. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a...

Exploit for CVE-2023-38831

💥 WinRAR 漏洞说明（CVE-2023-38831） ...

NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...

RHEL 8 : firefox (RHSA-2024:3952)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3952 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

RHEL 8 : flatpak (RHSA-2024:3961)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3961 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

Ubuntu: Security Advisory (USN-6818-3)

The remote host is missing an update for...

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:2039-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2039-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has...

SUSE SLES15 / openSUSE 15 Security Update : booth (SUSE-SU-2024:2040-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2040-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server....

RHEL 7 : linux-firmware (RHSA-2024:3939)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3939 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...

RHEL 9 : firefox (RHSA-2024:3958)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3958 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

RHEL 9 : firefox (RHSA-2024:3955)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3955 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

RHEL 8 : firefox (RHSA-2024:3953)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3953 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...

RHEL 8 : flatpak (RHSA-2024:3962)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3962 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

Mageia: Security Advisory (MGASA-2024-0221)

The remote host is missing an update for...

Fedora: Security Advisory for booth (FEDORA-2024-8a545718b1)

The remote host is missing an update for...

RHEL 7 : firefox (RHSA-2024:3951)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3951 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

RHEL 8 : firefox (RHSA-2024:3950)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3950 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

Mageia: Security Advisory (MGASA-2024-0222)

The remote host is missing an update for...

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

Mageia: Security Advisory (MGASA-2024-0219)

The remote host is missing an update for...

RHEL 9 : flatpak (RHSA-2024:3959)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3959 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

Mageia: Security Advisory (MGASA-2024-0224)

The remote host is missing an update for...

XAMPP <= 7.3.2 DoS Vulnerability

XAMPP is prone to a denial of service (DoS)...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...

RHEL 8 : firefox (RHSA-2024:3954)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3954 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

Mageia: Security Advisory (MGASA-2024-0223)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6821-4)

The remote host is missing an update for...

Mozilla Thunderbird Security Update (mfsa_2024-28) - Mac OS X

Mozilla Thunderbird is prone to multiple ...

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:2038-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2038-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...

Microsoft Edge (Chromium-Based) Multiple Spoofing Vulnerabilities - Jun24

Microsoft Edge (Chromium-Based) is prone to multiple spoofing...

Fedora: Security Advisory for thunderbird (FEDORA-2024-748bedc96c)

The remote host is missing an update for...

RHEL 9 : flatpak (RHSA-2024:3960)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3960 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...

RHEL 9 : firefox (RHSA-2024:3949)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3949 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

Mozilla Thunderbird Security Update (mfsa_2024-28) - Windows

Mozilla Thunderbird is prone to multiple ...

RHEL 8 : flatpak (RHSA-2024:3963)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3963 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

Ivanti Endpoint Manager < 2022 (CVE-2024-22058)

The version of Ivanti Endpoint Manager installed on the remote host is prior to 2022. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22058 advisory. A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute...