Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & More! Security Vulnerabilities

CVE-2024-36902

In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1]....

Important: less security update

The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...

A Bootiful Podcast: Microsoft's Sandra Ahlgrimm on cloud, Java, AI, and more

Hi, Spring fans, from the amazing Spring IO conference in Barcelona, Spain! In this interview I talked to Microsoft's Sandra Ahlgrimm on all things cloud, Java, AI, and more. Also, a special and quick discussion with Spring IO founder Sergi Almar, who was last on the show in, I think,...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1724)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1712)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1713)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1717)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1723)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1721)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1734)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1743)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

SUSE SLES12 Security Update : python36 (SUSE-SU-2024:1847-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1847-1 advisory. - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). -...

Veritas System Recovery Installed (Windows)

Veritas System Recovery, a backup and disaster recovery application is installed on the remote Windows...

EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2024-1757)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC'...

EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2024-1780)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC'...

Cisco IOS XE Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)

According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an...

Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...

RHEL 8 : ruby:3.0 (RHSA-2024:3500)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3500 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1776)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

Important: less security update

The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1728)

The remote host is missing an update for the Huawei...

Oracle Linux 9 : glibc (ELSA-2024-3339)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3339 advisory. [2.34-100.0.1.2] - Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi Tenable has extracted the preceding description block...

RHEL 9 : nghttp2 (RHSA-2024:3501)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3501 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...

Oracle Linux 8 : python3 (ELSA-2024-3347)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3347 advisory. [3.6.8-62.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-62] - Security fix for CVE-2024-0450 Resolves: RHEL-33683 ...

CVE-2024-36949

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call...

CVE-2024-36901

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported:...

Mageia: Security Advisory (MGASA-2024-0198)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1776)

The remote host is missing an update for the Huawei...

RHEL 8 : edk2 (RHSA-2024:3497)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3497 advisory. EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI...

SUSE SLED12 / SLES12 Security Update : freerdp (SUSE-SU-2024:1835-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1835-1 advisory. - CVE-2024-32658: Fixed out-of-bounds read in Interleaved RLE Bitmap Codec (bsc#1223353). - CVE-2024-32659:...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1735)

The remote host is missing an update for the Huawei...

Fedora 40 : mingw-python-requests (2024-efc4802051)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-efc4802051 advisory. Update to requests-2.32.0, fixes CVE-2024-35195. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

PostgreSQL vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages postgresql-14 - Object-relational SQL database postgresql-15 - Object-relational SQL database postgresql-16 - Object-relational SQL database Details Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in...

SUSE: Security Advisory (SUSE-SU-2024:1807-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1764)

The remote host is missing an update for the Huawei...

Ubuntu: Security Advisory (USN-6800-1)

The remote host is missing an update for...

Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2024-3343)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3343 advisory. [21.1.3-16] - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083 Tenable has extracted the preceding description block directly from the...

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1766)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

virt:ol and virt-devel:rhel security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23.1.el8] - remote: check for negative array lengths before allocation...

Fedora 39 : mingw-python-requests (2024-7e4f058c2f)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7e4f058c2f advisory. Update to requests-2.32.0, fixes CVE-2024-35195. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

ORing IAP-420 2.01e Cross Site Scripting / Command Injection

...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : browserify-sign vulnerability (USN-6800-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6800-1 advisory. It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an...

Stable Channel Update for Desktop

The Stable channel has been updated to 125.0.6422.141/.142 for Windows, Mac and 125.0.6422.141 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1753)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

Ubuntu: Security Advisory (USN-6802-1)

The remote host is missing an update for...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : git (SUSE-SU-2024:1807-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1807-1 advisory. - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic.....

FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (320a19f7-1ddd-11ef-a2ae-8c164567ca3c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 320a19f7-1ddd-11ef-a2ae-8c164567ca3c advisory. The nginx development team reports: This update fixes the following vulnerabilities: Tenable...

(RHSA-2024:3479) Important: Red Hat OpenStack Platform 16.2 director Operator container images security update

Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a...

Updated perl-Email-MIME packages fix security vulnerabilities

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts....

Security Bulletin: IBM Aspera Console has addressed multiple HTTP vulnerabilities (CVE-2022-43841, CVE-2024-24795, CVE-2023-38709)

Summary This Security Bulletin addresses security vulnerabilities related to HTTP responses that would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information (CVE-2022-43841, CVE-2024-24795, CVE-2023-38709)....