DP300,IPS Module,NGFW Module,NIP6300,NIP6600,NIP6800,RP200,SVN5600,SVN5800,SVN5800-C,Secospace USG6300,Secospace USG6500,Secospace USG6600,TE30,TE40,TE50,TE60,TP3206,USG9500, Security Vulnerabilities

Slackware: Security Advisory (SSA:2024-174-01)

The remote host is missing an update for...

Adobe FrameMaker Publishing Server Authentication Bypass (CVE-2024-30299)

The Adobe FrameMaker Publishing Server running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to access certain application...

Amazon Linux 2 : webkitgtk4 (ALAS-2024-2577)

The version of webkitgtk4 installed on the remote host is prior to 2.42.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2577 advisory. An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4,...

RHEL 8 : Red Hat OpenStack Platform 16.2 (RHSA-2024:4053)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4053 advisory. Affected components: * python-yaql: a library that contains a large set of commonly used functions * openstack-tripleo-heat-templates: Heat...

Netis MW5360 Remote Command Execution

...

FreeBSD : emacs -- Arbitrary shell code evaluation vulnerability (4f6c4c07-3179-11ef-9da5-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4f6c4c07-3179-11ef-9da5-1c697a616631 advisory. GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Hibernate vulnerability (USN-6845-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6845-1 advisory. It was discovered that Hibernate incorrectly handled certain inputs with unsanitized literals. If a user or an automated system were...

CVE-2024-34992

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via...

Mageia: Security Advisory (MGASA-2024-0231)

The remote host is missing an update for...

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate()...

CVE-2024-36683

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent...

Google Chrome < 126.0.6478.126 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 126.0.6478.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_24 advisory. Use after free in Dawn. (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293) ...

SUSE: Security Advisory (SUSE-SU-2024:2140-1)

The remote host is missing an update for...

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2024-644)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-644 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, &gt;, or...

Amazon Linux 2 : php (ALASPHP8.1-2024-005)

The version of php installed on the remote host is prior to 8.1.29-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2024-005 advisory. The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default),...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-073)

The version of kernel installed on the remote host is prior to 5.4.149-73.259. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-073 advisory. A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a ...

Amazon Linux 2 : booth (ALAS-2024-2575)

The version of booth installed on the remote host is prior to 1.0-8.ef769ef.git. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2575 advisory. A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(),...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gnome-settings-daemon (SUSE-SU-2024:2168-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2168-1 advisory. - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). Tenable has...

AlmaLinux 8 : python3.11 (ALSA-2024:4058)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4058 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...

Amazon Linux 2 : python-crypto (ALASANSIBLE2-2024-011)

It is, therefore, affected by a vulnerability as referenced in the ALAS2ANSIBLE2-2024-011 advisory. Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted...

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate()...

WordPress 6.0 < 6.5.5

WordPress versions 6.0 &lt; 6.5.5 are affected by one or more...

AlmaLinux 9 : libreswan (ALSA-2024:4050)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:4050 advisory. * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652) Tenable has extracted the preceding description block directly from the AlmaLinux.....

Fedora 40 : python-PyMySQL (2024-b26f07d27b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b26f07d27b advisory. Update to 1.1.1 to fix CVE CVE-2024-36039 Tenable has extracted the preceding description block...

SUSE SLES12 Security Update : qpdf (SUSE-SU-2024:2173-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2173-1 advisory. - CVE-2018-9918: Fixed mishandled 'expected dictionary key but found non-name object' cases that could have allowed attackers to cause a...

CVE-2024-36681

SQL Injection vulnerability in the module "Isotope" (pk_isotope) &lt;=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via pk_isotope::saveData and pk_isotope::removeData...

Amazon Linux 2 : python3-jinja2 (ALAS-2024-2573)

The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2573 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-037 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling...

Oracle Linux 8 : python3.11 (ELSA-2024-4058)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4058 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Amazon Linux 2 : libndp (ALAS-2024-2571)

The version of libndp installed on the remote host is prior to 1.2-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2571 advisory. A vulnerability was found in libndp. A buffer overflow in NetworkManager that can be triggered by sending a malformed IPv6 router...

Amazon Linux 2 : python3-jinja2 (ALAS-2024-2582)

The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2582 advisory. In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. (CVE-2019-10906) Tenable has extracted the preceding.....

Amazon Linux AMI : kernel (ALAS-2024-1942)

The version of kernel installed on the remote host is prior to 4.14.348-187.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1942 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on...

SUSE SLES15 Security Update : gnome-settings-daemon (SUSE-SU-2024:2170-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2170-1 advisory. - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). Tenable has extracted the preceding description...

Amazon Linux 2 : python-jinja2 (ALAS-2024-2574)

The version of python-jinja2 installed on the remote host is prior to 2.7.2-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2574 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...

Google Chrome < 126.0.6478.126 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_24 advisory. Use after free in Dawn. (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293) ...

Amazon Linux 2 : kernel (ALAS-2024-2581)

The version of kernel installed on the remote host is prior to 4.14.348-265.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2581 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-647 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into...

Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery

...

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) &lt;= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods...

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

CVE-2024-34991

In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions...

RHEL 9 : pki-core (RHSA-2024:4051)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4051 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...

Fedora 39 : thunderbird (2024-6de8bb7c1b)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-6de8bb7c1b advisory. Update to 115.12.1 * https://www.thunderbird.net/en-US/thunderbird/115.12.1/releasenotes/ * https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/ ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wget (SUSE-SU-2024:2174-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2174-1 advisory. - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ...

Amazon Linux 2 : unbound (ALASUNBOUND-2024-002)

The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-002 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-060)

The version of kernel installed on the remote host is prior to 5.10.217-205.860. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-060 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN)...

RHEL 8 : python3.11 (RHSA-2024:4058)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4058 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 8 : Red Hat Certificate System 10.4 for RHEL 8 (RHSA-2024:4070)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4070 advisory. Red Hat Certificate System (RHCS) is a complete implementation of an enterprise software system designed to manage enterprise Public Key...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-061)

The version of kernel installed on the remote host is prior to 5.10.201-191.748. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2024-061 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related...

Amazon Linux AMI : tomcat8 (ALAS-2024-1941)

The version of tomcat8 installed on the remote host is prior to 8.5.99-1.97. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1941 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to...