Flexi – Guest Submit Security Vulnerabilities

appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

...

RHEL 7 : rhev-guest-tools (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. rhevm: rhev agent service unquoted search path (CVE-2013-2151) Note that Nessus has not tested for this issue but...

RHEL 5 : xen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. xsa224 xen: grant table operations mishandle reference counts (XSA-224) (CVE-2017-10921) The qemu...

RHEL 7 : qemu-kvm-rhev (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: ps2: information leakage via post_load routine (CVE-2017-16845) QEMU (aka Quick Emulator) built...

RHEL 8 : virtio-win (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. QEMU: local privilege escalation via the QEMU Guest Agent on Windows (CVE-2023-0664) Note that Nessus has not tested...

WBCE CMS 1.6.2 Remote Code Execution

...

RHEL 7 : qemu-kvm-ma (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. QEMU: msix: OOB access during mmio operations may lead to DoS (CVE-2020-13754) The Virtio Vring...

Monstra CMS 3.0.4 - Remote Code Execution (RCE)

...

Serendipity 2.5.0 - Remote Code Execution (RCE)

...

RHEL 8 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...

RHEL 8 : libvirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvirt: Insecure sVirt label generation (CVE-2021-3631) An improper locking issue was found in the...

Dotclear 2.29 - Remote Code Execution (RCE)

...

WBCE CMS v1.6.2 - Remote Code Execution (RCE)

...

RHEL 6 : qemu-kvm-rhev (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: i386: leakage of stack memory to guest in kvmvapic.c (CVE-2016-4020) QEMU (aka Quick Emulator)...

RHEL 6 : xen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: net: ne2000: OOB memory access in ioport r/w functions (CVE-2015-8743) The qemu implementation in...

RHEL 8 : fence-agents (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-httplib2: Regular expression denial of service via malicious header (CVE-2021-21240) A flaw was...

appRain CMF 4.0.5 Shell Upload

...

RHEL 8 : rhel_qemu-kvm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS (CVE-2020-10717) Note that Nessus has not...

Dotclear 2.29 Remote Code Execution

...

Monstra CMS 3.0.4 Remote Code Execution

...

RHEL 7 : dpdk (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dpdk: Information exposure in unchecked guest physical to host virtual address translations ...

RHEL 8 : virglrenderer (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. virglrenderer: out-of-bounds read in the vrend_blit_need_swizzle may lead to DoS (CVE-2019-18390) A NULL...

RHEL 7 : xen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: audio: host memory leakage via capture buffer (CVE-2017-8309) The qemu implementation in libvirt...

RHEL 7 : qemu-kvm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. QEMU: net: ignore packets with large size (CVE-2018-17963) Buffer overflow in the send_control_msg...

qemu-kvm security update

[7.2.0-11.el9] - vfio/migration: Add a note about migration rate limiting (Avihai Horon) [Orabug: 36329758] - vfio/migration: Refactor vfio_save_state() return value (Avihai Horon) [Orabug: 36329758] - migration: Don't serialize devices in qemu_savevm_state_iterate() (Avihai Horon) [Orabug:...

CVE-2024-5588

A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...

CVE-2024-5588

A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...

CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection

A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...

CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection

A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...

CVE-2024-5587

A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack...

CVE-2024-5587

A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack...

CVE-2024-5587 Casdoor Configuration File app.conf file access

A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack...

changedetection 0.45.20 Remote Code Execution Exploit

...

Ticketmaster confirms customer data breach

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...

HackerOne: [ Spot Check ] Team members can edit a user's write-up

This report was created as part of the investigation for the Spot Check about the Spot Checks feature. Hi, I discovered team members / hackerone staff can modify a user's spot check write-up. I believe this is not intended functionality for the following reasons: 1. There is no option to edit the.....

Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-3253)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3253 advisory. hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog...

XML Entity Expansion (XEE)

symfony/routing is vulnerable to XML Entity Expansion (XEE). The vulnerability is due to allowing custom entities in PHP, which allows an attacker to submit XML which results in a XEE Quadratic...

Regular Expression Denial Of Service (ReDoS)

micromatch is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due a regex expression with inefficient complexity within the micromatch.braces() method. An attacker can submit a large payload without a closing bracket, which results in Regular Expression Denial of...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...

(Pwn2Own) VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within.....

changedetection < 0.45.20 - Remote Code Execution (RCE)

...

changedetection 0.45.20 Remote Code Execution

...

(Pwn2Own) VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within.....

CVE-2024-5519

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2024-5519

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2024-5518

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

CVE-2024-5518

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

CVE-2024-36936

In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel...

CVE-2024-36936

In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel and.....

CVE-2024-36936

In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel and.....