HP LaserJet Enterprise Printers, HP PageWide Enterprise Printers, HP LaserJet Managed Printers, HP OfficeJet Enterprise Printers Security Vulnerabilities

CVE-2021-47591 mptcp: remove tcp ulp setsockopt support

In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections...

SUSE: Security Advisory (SUSE-SU-2024:2061-1)

The remote host is missing an update for...

SUSE SLES15 Security Update : podman (SUSE-SU-2024:2050-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2050-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry...

Nextcloud Server < 23.0.12.17, 24.x < 24.0.12.13, 25.x < 25.0.13.8, 26.x < 26.0.13, 27.x < 27.1.8, 28.x < 28.0.4 Improper Access control Vulnerability (GHSA-jjm3-j9xh-5xmq)

Nextcloud Server is prone to an improper access control ...

SUSE: Security Advisory (SUSE-SU-2024:2068-1)

The remote host is missing an update for...

RHEL 6 : vertx-core (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300) Note that...

SUSE: Security Advisory (SUSE-SU-2024:2050-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:2082-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:2081-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:2080-1)

The remote host is missing an update for...

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-3968)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3968 advisory. aardvark-dns [2:1.10.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 [2:1.9.0-1] -...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:2061-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2061-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking -.....

Oracle Linux 7 : glibc (ELSA-2024-12444)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory. [2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi &lt;[email protected]&gt; Oracle history: ...

SUSE: Security Advisory (SUSE-SU-2024:2077-1)

The remote host is missing an update for...

Nextcloud Server < 25.0.13.7, 26.x < 26.0.13, 27.x < 27.1.8, 28.x < 28.0.4 Improper Access Control Vulnerability (GHSA-xwgx-f37p-xh8c)

Nextcloud Server is prone to an improper access control ...

RHEL 8 / 9 : OpenShift Container Platform 4.14.30 (RHSA-2024:3918)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3918 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

SUSE: Security Advisory (SUSE-SU-2024:2065-1)

The remote host is missing an update for...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:2065-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2065-1 advisory. - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery, bypass of security restrictions, denial of service, and arbitrary.....

Exploit for Improper Input Validation in Microsoft

About CVE-2024-30078 and the Corresponding KB Update...

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive...

The Annual SaaS Security Report: 2025 CISO Plans and Priorities

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA)....

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

Oracle Linux 8 : flatpak (ELSA-2024-3961)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3961 advisory. - Update to 1.12.9 (CVE-2024-32462) Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has.....

RHEL 8 : container-tools:rhel8 update (Moderate) (RHSA-2024:3968)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3968 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): *...

RHEL 8 : flatpak (RHSA-2024:3969)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3969 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

Oracle Linux 9 : firefox (ELSA-2024-3955)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3955 advisory. [115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.12.0-1] - Update to 115.12.0 build1 Tenable has...

SUSE: Security Advisory (SUSE-SU-2024:2033-1)

The remote host is missing an update for...

RHEL 7 : flatpak (RHSA-2024:3980)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3980 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape...

Nextcloud Server < 23.0.12.16, 24.x < 24.0.12.12, 25.x < 25.0.13.16 26.x < 26.0.12, 27.x < 27.1.7, 28.x < 28.0.3 Improper Access Control Vulnerability (GHSA-5mq8-738w-5942)

Nextcloud Server is prone to an improper access control ...

RHEL 9 : flatpak (RHSA-2024:3970)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3970 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

Toshiba e-STUDIO2518A unzip Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unzip method. The issue results from the lack of proper...

Hewlett Packard Enterprise OneView clusterService Authentication Bypass Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clusterService. The issue results from the lack of...

SUSE SLES15 Security Update : php7 (SUSE-SU-2024:2037-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2037-1 advisory. - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure...

RHEL 8 : firefox (RHSA-2024:3972)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3972 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

SUSE: Security Advisory (SUSE-SU-2024:2038-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:2043-1)

The remote host is missing an update for...

Toshiba e-STUDIO2518A vsftpd Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. Authentication is required to exploit this vulnerability. The specific flaw exists within the vsftpd daemon. The issue results from incorrect permissions set on folders.....

SUSE: Security Advisory (SUSE-SU-2024:2039-1)

The remote host is missing an update for...

Toshiba e-STUDIO2518A Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Toshiba e-STUDIO2518A printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue results from improper...

Not Just Another 100% Score: MITRE ENGENIUTY ATT&CK

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—.....

Nextcloud Server < 21.0.9.17, 22.x < 22.2.10.22, 23.x < 23.0.12.17, 24.x < 24.0.12.14, 25.x < 25.0.13.8, 26.x < 26.0.13, 27.x < 27.1.8, 28.x < 28.0.4 Improper Authentication Vulnerability (GHSA-9v72-9xv5-3p7c)

Nextcloud Server is prone to an improper authentication ...

Oracle Linux 7 : flatpak (ELSA-2024-3980)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3980 advisory. [1.0.9-13] - Fix CVE-2024-32462 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not.....

SUSE: Security Advisory (SUSE-SU-2024:2036-1)

The remote host is missing an update for...

Not Just Another 100% Score: MITRE ENGENUITY ATT&CK

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—.....

Insyde BIOS June 2024 EDK II Reference Vulnerabilities

Potential EDK II reference code vulnerabilities have been identified in certain HP PC products using Insyde BIOS (Insyde H20 UEFI Firmware), which might allow arbitrary code execution. Inysde has released updates to mitigate the potential vulnerabilities. Insyde has released updates to mitigate...

SUSE SLES15 Security Update : bind (SUSE-SU-2024:2033-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2033-1 advisory. - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed...

K000140042: libldap vulnerability CVE-2020-15719

Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8.....

SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2024:2043-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2043-1 advisory. - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may...

Oracle Linux 9 : flatpak (ELSA-2024-3959)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3959 advisory. [1.12.9-1] - Update to 1.12.9 (CVE-2024-32462) Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that.....