EMC Storage M&R Security Vulnerabilities

CVE-2024-36963

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

CVE-2024-36963

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

CVE-2024-36963

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP...

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP...

CVE-2024-36963 tracefs: Reset permissions on remount if permissions are options

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

CVE-2024-36963 tracefs: Reset permissions on remount if permissions are options

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

Insecure Credential Storage

typo3/cms-core is vulnerable to Insecure Credential Storage. The vulnerability is due to the persistence of database records containing insecure or empty credentials when certain changes are made to user account types in the TYPO3 backend, which allows an attacker to cause insecure or empty...

RHEL 5 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: Intel SGX information leak (CVE-2019-0117) Improper conditions check in the voltage modulation...

SUSE: Security Advisory (SUSE-SU-2024:1874-1)

The remote host is missing an update for...

RHEL 8 : flatpak_libreoffice (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: Weak Master Keys (CVE-2022-26307) An Improper Certificate Validation vulnerability in...

RHEL 8 : jbossweb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) Note that Nessus has not...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

RHEL 8 : kernel (RHSA-2024:3528)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3528 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: NULL pointer dereference...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1793)

The remote host is missing an update for the Huawei...

RHEL 7 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: memory corruption flaw in parse_datetime() (CVE-2014-9471) coreutils: Non-privileged session...

libvirt security update

libvirt [9.0.0-5.el9] - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} libvirt-python [9.0.0-5.el9] - Update to libvirt 9.0.0-5 (Karl...

K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383

Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...

EulerOS 2.0 SP11 : shim (EulerOS-SA-2024-1793)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that...

RHEL 5 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. foomatic: foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing ...

Serendipity 2.5.0 Remote Code Execution

...

RHEL 4 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. foomatic: foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing ...

RHEL 7 : linux-firmware (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) An issue was discovered on...

RHEL 4 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: tty hijacking possible in su via TIOCSTI ioctl (CVE-2005-4890) In GNU Coreutils through 8.29,...

Serendipity 2.5.0 - Remote Code Execution (RCE)

...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

RHEL 5 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: memory corruption flaw in parse_datetime() (CVE-2014-9471) coreutils: race condition...

RHEL 8 : libvirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvirt: Insecure sVirt label generation (CVE-2021-3631) An improper locking issue was found in the...

Dotclear 2.29 - Remote Code Execution (RCE)

...

RHEL 6 : 389-ds-base (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. 389-ds-base: Password brute-force possible for locked account due to different return codes ...

RHEL 6 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. NetworkManager, wpa_supplicant: Improper x509v3 certificate and key file paths sanitization ...

SUSE: Security Advisory (SUSE-SU-2024:1886-1)

The remote host is missing an update for...

RHEL 6 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. foomatic: foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing ...

RHEL 6 : xen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: net: ne2000: OOB memory access in ioport r/w functions (CVE-2015-8743) The qemu implementation in...

RHEL 6 : rabbitmq-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. rabbitmq: MQTT connection authentication succeeds with empty password (CVE-2016-9877) An issue was...

SUSE: Security Advisory (SUSE-SU-2024:1895-1)

The remote host is missing an update for...

RHEL 8 : r (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. R: local buffer overflow in GUI preferences (CVE-2018-9060) Note that Nessus has not tested for this issue but has...

RHEL 7 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Intel firmware update for improper isolation of shared resources (CVE-2022-38090) Incorrect...

Dotclear 2.29 Remote Code Execution

...

RHEL 7 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wpa_supplicant: local configuration update allows privilege escalation (CVE-2016-4477) hostapd 0.6.7...

RHEL 7 : ovirt-engine-backend (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ovirt-engine: connection does not validate certificate attributes. (CVE-2014-3706) Red Hat Enterprise...

RHEL 8 : libyang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libyang: NULL pointer dereference in read_yin_leaf() (CVE-2021-28906) libyang: NULL pointer dereference...

CVE-2024-36963

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

RHEL 8 : kernel (RHSA-2024:3529)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3529 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nf_tables: use-after-free...

RHEL 8 : kernel-rt (RHSA-2024:3530)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3530 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

Android Security Bulletin—June 2024

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-06-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...

Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-Sniper ![CVE-2024-24919 Sniper...

[SECURITY] [DSA 5703-1] linux security update

Debian Security Advisory DSA-5703-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2022-48655 CVE-2023-52585...