F-Secure Endpoint Protection Products On Windows And Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant & F-Secure Internet Gatekeeper Security Vulnerabilities

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-3254)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3254 advisory. aardvark-dns buildah [2:1.33.7-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 ...

Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

...

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)

...

Fedora 39 : python3.6 (2024-18b9c9b9cf)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-18b9c9b9cf advisory. Security fix for CVE-2024-0450 and CVE-2023-6597 Tenable has extracted the preceding description block directly from the Fedora security advisory....

gst-plugins-base1.0 - security update

Bulletin has no...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:1874-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1874-1 advisory. This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added...

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access

...

SUSE SLES15 Security Update : gstreamer-plugins-base (SUSE-SU-2024:1886-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1886-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806) Tenable has extracted...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-base (SUSE-SU-2024:1882-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1882-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata ...

Oracle Linux 8 : idm:DL1 / and / idm:client (ELSA-2024-3267)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3267 advisory. bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc:...

Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-3253)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3253 advisory. hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-3259)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3259 advisory. delve golang [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 go-toolset [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 ...

Fedora 39 : python-jinja2 (2024-ce7649d28e)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-ce7649d28e advisory. Update to 3.1.4 (rhbz#2279211,rhbz#2279491) Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

...

outdooractive.com Cross Site Scripting vulnerability OBB-3931948

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-5564

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length...

CVE-2024-5564

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-36843

libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free()...

CVE-2024-36843

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-36845

An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the...

CVE-2024-36844

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-36845

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-36844

libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the...

Exploit for CVE-2024-24919

Exploit for CVE-2024-24919 Description This Python...

continentalpancakehouse.com Cross Site Scripting vulnerability OBB-3931947

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

niagarafallsoptimist.ca Cross Site Scripting vulnerability OBB-3931946

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

luposlittleeataly.com Cross Site Scripting vulnerability OBB-3931945

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

queenscoachrestaurant.com Cross Site Scripting vulnerability OBB-3931944

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

svabinsurance.com Cross Site Scripting vulnerability OBB-3931943

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

hoopsalytics.com Cross Site Scripting vulnerability OBB-3931942

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of.....

Friday Squid Blogging: Baby Colossal Squid

This video might be a juvenile colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...

CVE-2024-34009 moodle: ReCAPTCHA can be bypassed on the login page

Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is...

CVE-2024-34005 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file...

CVE-2024-34004 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file...

CVE-2024-34003 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file...

CVE-2024-34002 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file...

Exploit for CVE-2024-27348

CVE-2024-27348 **For Ethical Usages only, Any harmful or...

yardmastersniagara.com Cross Site Scripting vulnerability OBB-3931941

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

summerofloveconcert.com Cross Site Scripting vulnerability OBB-3931940

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-33998 moodle: stored XSS via user's name on participants page when opening some options

Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some...

italianicecream.ca Cross Site Scripting vulnerability OBB-3931938

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

riverrapidsinn.com Cross Site Scripting vulnerability OBB-3931937

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

greekonportage.com Cross Site Scripting vulnerability OBB-3931936

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

daverotella.com Cross Site Scripting vulnerability OBB-3931935

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

eccdc.org Cross Site Scripting vulnerability OBB-3931934

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

yowdesign.com Cross Site Scripting vulnerability OBB-3931932

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2022-36765 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2022-36765 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1. An upgraded version of the package is available that resolves this...