ChakraCore, Internet Explorer Security Vulnerabilities

K000139446 : Oracle Java vulnerability CVE-2024-21005

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

Amazon Linux 2 : java-17-amazon-corretto (ALAS-2024-2528)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.11+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2528 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...

RHEL 9 : libreswan (RHSA-2024:2565)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2565 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2024-2527)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.23+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2527 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...

RHEL 8 : libreswan (RHSA-2024:2082)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2082 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

RHEL 9 : tigervnc (RHSA-2024:2298)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2298 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

(RHSA-2024:2101) Low: Red Hat Satellite Client bug fix and security update

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...

James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape

If state-sponsored actors are after one thing, it's to spread fear and uncertainty across the internet. There's always money to be made targeting individual businesses and organizations, but for James Nutland's work, it's always about the bigger picture. And his background in studying...

(RHSA-2024:2085) Moderate: libreswan security and bug fix update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

(RHSA-2024:2082) Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

(RHSA-2024:2081) Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

(RHSA-2024:2080) Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

Amazon Linux 2023 : java-21-amazon-corretto, java-21-amazon-corretto-devel, java-21-amazon-corretto-headless (ALAS2023-2024-598)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-598 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...

Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2024-602)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-602 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle...

Amazon Linux 2023 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2023-2024-599)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-599 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2024:1450-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1450-1 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2024:1452-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1452-1 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

RHEL 7 : tigervnc (RHSA-2024:2080)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2080 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...

Amazon Linux 2023 : java-22-amazon-corretto, java-22-amazon-corretto-devel, java-22-amazon-corretto-headless (ALAS2023-2024-601)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-601 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...

Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2024-600)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-600 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openjdk (SUSE-SU-2024:1451-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1451-1 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of ...

RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2024:2101)

The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2101 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

[SECURITY] [DLA 3797-1] frr security update

Debian LTS Advisory DLA-3797-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost April 28, 2024 https://wiki.debian.org/LTS Package : frr Version : 7.5.1-1.1+deb10u2 CVE ID :...

RHEL 8 : bind and dhcp (RHSA-2024:1782)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1782 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....

RHEL 8 : Satellite 6.13.1 Async Security Update (Moderate) (RHSA-2023:3387)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3387 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

RHEL 8 : Red Hat Satellite 6 (RHSA-2024:1061)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1061 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : Satellite 6.13.3 Async Security Update (Important) (RHSA-2023:4466)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4466 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : Satellite 6.14.3 Async Security Update (Moderate) (RHSA-2024:1536)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1536 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : Satellite 6.12.3 Async Security Update (Important) (RHSA-2023:1630)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1630 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

RHEL 8 : Satellite 6.13.5 Async Security Update (Important) (RHSA-2023:5931)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5931 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : Satellite 6.12.5.2 Async Security Update (Important) (RHSA-2023:5979)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5979 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 7 / 8 : Satellite 6.11.5 Async Security Update (Critical) (RHSA-2023:1151)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1151 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

RHEL 8 : Satellite 6.12.1 Async Security Update (Critical) (RHSA-2023:0261)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0261 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : Satellite 6.14.2 Async Security Update (Important) (RHSA-2024:0797)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0797 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 7 / 8 : Satellite 6.11.5.6 async (RHSA-2023:5980)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5980 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

RHEL 7 / 8 : Satellite 6.11.4 Async Security Update (Important) (RHSA-2022:7242)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7242 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

RHEL 8 : Satellite 6.14.1 Async Security Update (Moderate) (RHSA-2023:7851)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7851 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 7 : opendaylight (RHSA-2018:2598)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2598 advisory. OpenDaylight (ODL) is a modular open platform for customizing and automating networks of any size and scale. The OpenDaylight Project arose out of...

K000139423 : OpenJDK vulnerabilities CVE-2024-21002, CVE-2024-21003, and CVE-2024-21004

Security Advisory Description CVE-2024-21002 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to...

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2024-20952 and CVE-2023-33850)

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. CVE-2023-33850 covers the GSKIT-Crypto (ICC) package used by IBM Runtime Environment, Java Technology Edition. This is separate to the GSKit-SSL package which...

Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to a denial of service issue (CVE-2024-25015)

Summary IBM MQ Internet Pass-Thru has addressed a vulnerability in which HTTP requests could cause a denial of service. Vulnerability Details CVEID: CVE-2024-25015 DESCRIPTION: IBM MQ Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would...

Security Bulletin: IBM MQ is affected by a vulnerability in the IBM Semeru Runtime (CVE-2024-20952)

Summary An issue was identified with IBM Semeru Runtime, Version 17, which is used in IBM MQ Explorer. Vulnerability Details CVEID: CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality...

internet-marketing-services.nl Improper Access Control vulnerability OBB-3922306

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CSAF - Cyber Security Awareness Framework

The Cyber Security Awareness Framework (CSAF) is a structured approach aimed at enhancing Cybersecurity" title="Cybersecurity">cybersecurity awareness and understanding among individuals, organizations, and communities. It provides guidance for the development of effective Cybersecurity"...

CVE-2024-0740

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE...

CVE-2024-0740

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE...