F-Secure Endpoint Protection Products On Mac, F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper & F-Secure Security Cloud Security Vulnerabilities

SUSE: Security Advisory (SUSE-SU-2024:2106-1)

The remote host is missing an update for...

Mattermost Desktop CVE-2024-36287 (macOS) (MMSA-2024-00326)

According to MMSA-2024-00326, Mattermost Desktop App versions <= 5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Oracle Linux 9 : nghttp2 (ELSA-2024-3501)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3501 advisory. [1.43.0-5.2] - fix CONTINUATION frames DoS (CVE-2024-28182, CVE-2024-27316) Tenable has extracted the preceding description block directly from the Oracle Linux.....

Dell Client BIOS DoS (DSA-2024-168)

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. Note that Nessus has not tested for this issue but has instead relied only on the...

Dell Client BIOS Incorrect Authorization (DSA-2024-122)

Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS. Note that Nessus has not tested for this issue but has instead relied.....

Kibana 8.6.3 < 8.14 (ESA-2024-15)

The version of Kibana installed on the remote host is between 8.6.3 and 8.13.4. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-15 advisory. A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run...

RHEL 8 : thunderbird (RHSA-2024:4036)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4036 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

Streamline NX Client Installed (Windows)

Streamline NX Client is installed on the remote Windows...

Dell Client BIOS Multiple Vulnerabilities (DSA-2024-124)

Dell Client Platform BIOS contains multiple Improper Input Validation vulnerabilities in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has...

SUSE SLES15 / openSUSE 15 Security Update : containerd (SUSE-SU-2024:2108-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2108-1 advisory. Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request...

Fedora 39 : chromium (2024-dd14eefb0e)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-dd14eefb0e advisory. update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High...

RHEL 8 : ovn-2021 (RHSA-2024:4035)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4035 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for google-cloud SDK (SUSE-SU-SUSE-RU-2024:1637-2)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:1637-2 advisory. - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5....

Ubuntu: Security Advisory (USN-6842-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:2108-1)

The remote host is missing an update for...

CVE-2024-38874

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...

Streamline NX Client Multiple Vulnerabilities (2024-000006, 2024-000007)

The version of Streamline NX Client installed on the remote host is prior to 3.2.1.19, 3.3.1.3, 3.3.2.201, 3.4.3.1, 3.5.1.201, 3.6.100.53, or 3.6.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-000006 and 2024-000007 advisories. Use of potentially dangerous...

FreeBSD : qt6-webengine -- Multiple vulnerabilities (c5415838-2f52-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c5415838-2f52-11ef-9cab-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: Tenable has...

Dell Client BIOS Improper Input Validation (DSA-2024-125)

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has instead...

urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891)

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with 'ProxyManager', the 'Proxy-Authorization' header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

Mageia: Security Advisory (MGASA-2024-0230)

The remote host is missing an update for...

SUSE SLES12 Security Update : hdf5 (SUSE-SU-2024:2105-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2105-1 advisory. - Fix various security issues in hdf5 (bsc#1224158): CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, ...

Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)

The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...

CVE-2024-38874

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...

SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2107-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2107-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...

Mattermost Desktop Installed (macOS)

Mattermost Desktop is installed on the remote macOS...

browardlegaldirectory.com Cross Site Scripting vulnerability OBB-3937038

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to curl (CVE-2023-27536, CVE-2023-28321)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to cURL. A patch has been provided that updates the curl library. (CVE-2023-30630, CVE-2023-28321) Vulnerability Details ** CVEID: CVE-2023-27536 DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security...

Security Bulletin: TSSC/IMC is vulnerable to a denial of service attack due to ncruses (CVE-2023-29491)

Summary TSSC/IMC is vulnerable to a denial of service attack due to ncruses (CVE-2023-29491). A patch has been provided that updates the Dmidecode library. Vulnerability Details ** CVEID: CVE-2023-29491 DESCRIPTION: **ncurses is vulnerable to a denial of service, caused by a memory corruption...

cartecgroup.com Cross Site Scripting vulnerability OBB-3937037

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Java (CVE-2023-22081)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Java library. (CVE-2023-22081) Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a...

cybercomplianceinthecloud.com Cross Site Scripting vulnerability OBB-3937036

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

riskassess.complianceobjects.com Cross Site Scripting vulnerability OBB-3937034

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

calcoastrails.com Cross Site Scripting vulnerability OBB-3937033

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-37899

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable.....

CVE-2024-38359

The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version &gt; v0.17.0 to....

CVE-2024-38361

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NO_PERMISSION when permission is expected. If the resource exists under multiple...

CVE-2024-37899

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable.....

CVE-2024-38361

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NO_PERMISSION when permission is expected. If the resource exists under multiple...

CVE-2024-38359

The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version &gt; v0.17.0 to....

britishjournalofmidwifery.com Cross Site Scripting vulnerability OBB-3937031

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-38361 Permissions processing error in spacedb

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NO_PERMISSION when permission is expected. If the resource exists under multiple...

CVE-2024-38359 Lightning Network Daemon Onion Bomb

The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version &gt; v0.17.0 to....

CVE-2024-38359 Lightning Network Daemon Onion Bomb

The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version &gt; v0.17.0 to....

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

CVE-2024-37899 Disabling a user account changes its author, allowing RCE from user account in XWiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable.....

Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)

Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions (CVE-2024-0853). AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details ** CVEID: CVE-2024-0853 ...

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode (CVE-2023-30630)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Dmidecode library. (CVE-2023-30630) Vulnerability Details ** CVEID: CVE-2023-30630 DESCRIPTION: **Dmidecode could allow a local authetnicated attacker to bypass security...

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...