Ad Directory & Listings By AWP Classifieds Security Vulnerabilities

zergdir.com Cross Site Scripting vulnerability OBB-3931853

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

insuedthueringen.de Cross Site Scripting vulnerability OBB-3931834

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

houseofhackney.com Cross Site Scripting vulnerability OBB-3931833

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

filmfestival-goeast.de Cross Site Scripting vulnerability OBB-3931831

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

exportersindia.com Cross Site Scripting vulnerability OBB-3931830

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

avise.org Cross Site Scripting vulnerability OBB-3931825

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

beroeinc.com Cross Site Scripting vulnerability OBB-3931826

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dshop.dietshin.com Cross Site Scripting vulnerability OBB-3931824

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 274 Vulnerability Details ** CVEID: CVE-2022-40897 DESCRIPTION: **Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a...

IP Address Spoofing

Symfony is vulnerable to IP Address Spoofing The vulnerability is due to the potential manipulation of client IP addresses returned by the Request::getClientIp() method for sensitive decisions. It allows malicious actors to manipulate or spoof their IP...

Regular Expression Denial Of Service (ReDoS)

tecnickcom/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to a regular expression with inefficient complexity utilized when parsing a SVG file. This allows an attacker to cause a denial of service by crafting a malicious svg...

CVE-2024-3924

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-37018

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery...

CVE-2024-37018

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery...

global-value-management.de Cross Site Scripting vulnerability OBB-3931816

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

zfin.org Cross Site Scripting vulnerability OBB-3931815

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

cleverdeal24.de Cross Site Scripting vulnerability OBB-3931814

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Debian: Security Advisory (DLA-3824-1)

The remote host is missing an update for the...

AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2024:3466)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3466 advisory. * python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python39:3.9/python39: python: The zipfile module is...

Amazon Linux 2 : unbound (ALASUNBOUND-2024-001)

The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-001 advisory. An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a...

JetBrains TeamCity < 2023.11.3 Authentication Bypass

JetBrains TeamCity version prior to 2023.11.3 suffer from an authentication bypass allowing an unauthenticated attacker to gain administrative control of the TeamCity server via a specially crafted...

nginx 1.1.x < 1.1.19 / 1.0.x < 1.0.15 A Buffer Overflow Vulnerability

According to its Sever response header, the installed version of nginx is 1.0.x prior to 1.0.15 or 1.1.x prior to 1.1.19. It is, therefore, affected by the following issue : Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3...

G DATA Total Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...

TeamCity Server < 2023.5.6 XSS Vulnerability

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.5.6 It is, therefore, affected by a reflected XSS on the subscriptions page is possible Note that Nessus did not actually test for these issues, but instead...

HP LaserJet Printers XSS (HPSBPI03940)

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

TensorFlow < 2.12.0 Multiple Vulnerabilities

The version of TensorFlow installed on the remote host is prior to 2.12.0. It is, therefore, affected by multiple vulnerabilities as referenced in the release notes. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

JetBrains TeamCity 0.0.x < 2023.05.6 / 2023.6.x < 2023.11.5 (CVE-2024-36371)

The version of JetBrains TeamCity installed on the remote host is prior to 2023.05.6 or 2023.11.5. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36371 advisory. In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit status publisher was possible ...

Aquatronica Control System 5.1.6 - Information Disclosure

...

CVE-2024-36886

In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0...

CVE-2024-36887

In the Linux kernel, the following vulnerability has been resolved: e1000e: change usleep_range to udelay in PHY mdic access This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround for sporadic MDI error on Meteor Lake systems"). The referenced commit used usleep_range inside the PHY.....

CVE-2024-36020

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...

Rockwell Studio 5000 Logix Designer < V34 Code Hiding

The version of Rockwell Studio 5000 Logix Designer installed on the remote Windows host is prior to V34. It is, therefore, affected by a vulnerability. An attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable...

Atlassian Confluence 7.20.x < 8.5.9 Remote Code Execution

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1 It is, therefore, affected by a remote code execution vulnerability. Note that the scanner has not tested for these...

Check Point Quantum Gateway Directory Traversal

Check Point Quantum Gateway has a vulnerability that allows an unauthenticated attacker to access sensitive information by sending a specifically forged...

gnome-shell Installed (Linux / UNIX)

gnome-shell is installed on the remote Linux / UNIX...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)

The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Cisco Firepower Threat Defense Software Snort 3 HTTP Intrusion Prevention System Rule Bypass (cisco-sa-snort3-ips-bypass-uE69KBMd)

According to its self-reported version, Cisco Firepower Threat Defense (FTD) Software is affected by a vulnerability. Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to...

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

Ubuntu: Security Advisory (USN-6803-1)

The remote host is missing an update for...

AlmaLinux 8 : ruby:3.0 (ALSA-2024:3500)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3500 advisory. * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) * ruby: ReDoS vulnerability in URI (CVE-2023-28755) * ruby: ReDoS vulnerability in Time...

Amazon Linux 2 : amazon-ecr-credential-helper (ALASECS-2024-036)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-036 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive ...

Amazon Linux 2 : tigervnc (ALAS-2024-2558)

The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2558 advisory. A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : GNU C Library vulnerabilities (USN-6804-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6804-1 advisory. It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local.....

Contact Form 7 Plugin for WordPress < 5.8.4 Arbitrary File Upload

The WordPress Contact Form 7 Plugin installed on the remote host is affected by an authenticated file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

Amazon Linux 2 : kernel (ALAS-2024-2560)

The version of kernel installed on the remote host is prior to 4.14.158-129.185. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2560 advisory. The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-068)

The version of kernel installed on the remote host is prior to 5.4.271-184.369. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-068 advisory. In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in ...

Amazon Linux 2 : git (ALAS-2024-2548)

The version of git installed on the remote host is prior to 2.40.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2548 advisory. Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4,...

BWL Advanced FAQ Manager 2.0.3 SQL Injection

...

Amazon Linux 2 : golist (ALAS-2024-2556)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2556 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read...