DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 Security Vulnerabilities

BIT-nginx-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

BIT-nginx-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

Improper Permission Check

Wagtail is vulnerable to Improper Permission Check. The vulnerability is due to an improperly applied permission check in the wagtail.contrib.settings module, allowing users with admin access to modify settings models without proper...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3581)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3581 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

SUSE SLES15 / openSUSE 15 Security Update : squid (SUSE-SU-2024:1896-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1896-1 advisory. - CVE-2024-33427: Fixed possible buffer overread that could have led to a denial-of-service (bsc#1225417). Tenable has...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glibc (SUSE-SU-2024:1895-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1895-1 advisory. - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) -....

Mageia: Security Advisory (MGASA-2024-0207)

The remote host is missing an update for...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg-4 (SUSE-SU-2024:1907-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1907-1 advisory. - CVE-2020-22021: Fixed a buffer overflow vulnerability in filter_edges() (bsc#1186586) -...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg-4 (SUSE-SU-2024:1909-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1909-1 advisory. - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2024:1908-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1908-1 advisory. - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) Tenable has extracted the...

SUSE SLES15 / openSUSE 15 Security Update : 389-ds (SUSE-SU-2024:1906-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1906-1 advisory. - Update to version 2.2.8~git65.347aae6: - CVE-2024-1062: Resolved possible denial of service when audit logging is enabled....

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3580)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3580 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

Updated microcode packages fix security vulnerabilities

The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. (CVE-2023-45733) Sequence of processor instructions leads to unexpected...

PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...

CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...

Security Bulletin: IBM MaaS360 Cloud Extender Mobile Enterprise Gateway (MEG) and VPN Module affected by multiple vulnerabilities (CVE-2024-29025, CVE-2024-22262, CVE-2023-6129, CVE-2024-0727, CVE-2024-22201, CVE-2023-6237)

Summary Vulnerabilities contained within OpenSSL (a 3rd party component) were addressed in the IBM MaaS360 VPN Module. Vulnerabilities contained within Netty, Spring Framework and Eclipse Jetty (3rd party components) were addressed in the IBM MaaS360 Mobile Enterprise Gateway (MEG) Module. ...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2024-33883]

Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for generating user interfaces in the DesignerAuthoring operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch...

(RHSA-2024:3553) Important: nodejs : security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs/16: CONTINUATION frames DoS (CVE-2024-27983) For more details about the security issue(s), including the impact, a CVSS score,...

Security Bulletin: Multiple vulnerabilities in angular.js affect IBM Business Automation Workflow.

Summary IBM Business Automation Workflow packages a vulnerable copy of angular.js. Vulnerability Details ** CVEID: CVE-2023-26117 DESCRIPTION: **AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the $resource service. By providing...

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...

CVE-2024-36022

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD,...

Advisory ROSA-SA-2024-2430

Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 package_evr_string: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2021-3631 BDU-ID: 2024-02428 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libvirt virtualization management library is related to the creation of SELinux.....

SQL Injection

typo3/cms-core is vulnerable to SQL injection. The vulnerability is due to improper dissociation of system-related configuration from user-generated configuration, allowing instructions to be persisted to a form definition file that were not configured to be modified. This allows attackers to...

(RHSA-2024:3546) Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) ruby: Buffer overread vulnerability in StringIO...

(RHSA-2024:3544) Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security...

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...

SUSE: Security Advisory (SUSE-SU-2024:1874-1)

The remote host is missing an update for...

RHEL 5 : perl-dbd-mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() (CVE-2017-10788) ...

RHEL 5 : flash-plugin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. flash-plugin: multiple code execution issues fixed in APSB17-07 (CVE-2017-3003) Unspecified...

RHEL 7 : pulseaudio (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pulseaudio: denial of service in module-rtp-recv (CVE-2014-3970) Note that Nessus has not tested for this issue but...

RHEL 7 : freeradius (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer ...

RHEL 8 : perl-dbi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-dbi: Buffer overflow on an overlong DBD class name (CVE-2020-14393) An issue was discovered in the...

RHEL 9 : nodejs:18 (RHSA-2024:3544)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3544 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. ...

RHEL 5 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: Integer overflow in...

RHEL 7 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. firefox: Possible integer overflow to fix inside XML_Parse in Expat (CVE-2016-9063) mod_lua.c in the...

ROS-20240603-02

A vulnerability in the Format Detection component of the Mojolicious module for Perl is related to errors in releasing resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the secure_compare() function of the....

RHEL 6 : python33-python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python: missing boundary check in JSON module (CVE-2014-4616) Note that Nessus has not tested for this issue but has...

RHEL 6 : perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl: heap buffer overflow in pp_pack.c (CVE-2018-6913) Perl 5.10.x allows context-dependent attackers...

FreePBX 16 Remote Code Execution

...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

RHEL 5 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. spamassassin: Local user code injection in the meta rule syntax (CVE-2018-11781) A denial of service...

K000139876: Linux kernel vulnerability CVE-2021-46955

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...

RHEL 8 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. subversion: SVN authz protected copyfrom paths regression (CVE-2021-28544) Subversion's mod_dav_svn...

RHEL 6 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c ...

RHEL 5 : python33-python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. python: missing boundary check in JSON module (CVE-2014-4616) Note that Nessus has not tested for this issue but has...

RHEL 6 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. spamassassin: Local user code injection in the meta rule syntax (CVE-2018-11781) A denial of service...

RHEL 7 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py (CVE-2018-19787) Incomplete blacklist...

RHEL 4 : audiofile (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. audiofile: heap-based overflow in Microsoft ADPCM compression module (app crash, arb. code execution) ...

RHEL 6 : pulseaudio (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pulseaudio: denial of service in module-rtp-recv (CVE-2014-3970) Note that Nessus has not tested for this issue but...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...