EMC Storage M&R Security Vulnerabilities

SUSE: Security Advisory (SUSE-SU-2024:1874-1)

The remote host is missing an update for...

RHEL 5 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: Intel SGX information leak (CVE-2019-0117) Improper conditions check in the voltage modulation...

RHEL 4 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: tty hijacking possible in su via TIOCSTI ioctl (CVE-2005-4890) In GNU Coreutils through 8.29,...

RHEL 4 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. foomatic: foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing ...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

Serendipity 2.5.0 - Remote Code Execution (RCE)

...

RHEL 7 : linux-firmware (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) An issue was discovered on...

RHEL 6 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. foomatic: foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing ...

RHEL 6 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. NetworkManager, wpa_supplicant: Improper x509v3 certificate and key file paths sanitization ...

RHEL 5 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: memory corruption flaw in parse_datetime() (CVE-2014-9471) coreutils: race condition...

RHEL 8 : libvirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvirt: Insecure sVirt label generation (CVE-2021-3631) An improper locking issue was found in the...

SUSE: Security Advisory (SUSE-SU-2024:1886-1)

The remote host is missing an update for...

RHEL 6 : 389-ds-base (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. 389-ds-base: Password brute-force possible for locked account due to different return codes ...

Dotclear 2.29 - Remote Code Execution (RCE)

...

RHEL 6 : xen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: net: ne2000: OOB memory access in ioport r/w functions (CVE-2015-8743) The qemu implementation in...

RHEL 7 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wpa_supplicant: local configuration update allows privilege escalation (CVE-2016-4477) hostapd 0.6.7...

RHEL 6 : rabbitmq-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. rabbitmq: MQTT connection authentication succeeds with empty password (CVE-2016-9877) An issue was...

RHEL 8 : r (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. R: local buffer overflow in GUI preferences (CVE-2018-9060) Note that Nessus has not tested for this issue but has...

RHEL 7 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Intel firmware update for improper isolation of shared resources (CVE-2022-38090) Incorrect...

SUSE: Security Advisory (SUSE-SU-2024:1895-1)

The remote host is missing an update for...

Dotclear 2.29 Remote Code Execution

...

RHEL 7 : ovirt-engine-backend (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ovirt-engine: connection does not validate certificate attributes. (CVE-2014-3706) Red Hat Enterprise...

RHEL 8 : libyang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libyang: NULL pointer dereference in read_yin_leaf() (CVE-2021-28906) libyang: NULL pointer dereference...

RHEL 8 : kernel-rt (RHSA-2024:3530)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3530 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

RHEL 8 : kernel (RHSA-2024:3529)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3529 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nf_tables: use-after-free...

CVE-2024-36963

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...

Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-Sniper ![CVE-2024-24919 Sniper...

[SECURITY] [DSA 5703-1] linux security update

Debian Security Advisory DSA-5703-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2022-48655 CVE-2023-52585...

EvilSlackbot - A Slack Bot Phishing Framework For Red Teaming Exercises

EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk. Background...

Exploit for CVE-2024-25600

CVE-2024-25600 Exploit Tool 🚀 Disclaimer: This tool is...

Exploit for CVE-2024-25600

CVE-2024-25600 Exploit Tool 🚀 Disclaimer: This tool is...

[SECURITY] Fedora 39 Update: rust-python-launcher-1.0.0-12.fc39

The Python Launcher for Unix. Launch your Python interpreter the lazy/smart way! This launcher is an implementation of the py command for Unix-based platfor ms. The goal is to have py become the cross-platform command that Python users typically use to launch an interpreter while doing...

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated) Vulnerability

...

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before...

Debian dsa-5703 : affs-modules-5.10.0-29-4kc-malta-di - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5703 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5703-1 [email protected] ...

changedetection 0.45.20 Remote Code Execution Exploit

...

Aquatronica Control System 5.1.6 Password Disclosure Exploit

Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords....

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit

...

Exploit for Link Following in Git

CVE-2024-32002 漏洞概述(⚠️注意！：请不要clone此仓库！！！⚠️) 描述...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 Exploit CVE Identifier: CVE-2024-24919...

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)

...

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access

...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

...

Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-3253)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3253 advisory. hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog...

CVE-2024-23316

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied...

CVE-2024-23316

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied...

CVE-2024-23316 PingAccess HTTP Request Desynchronization Weakness

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied...