HPE Integrated Lights-out 5 (iLO 5), HPE Integrated Lights-out 6 (iLO 6), Security Vulnerabilities

CVE-2023-36504

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:2020-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2020-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the...

Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:2985)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2985 advisory. * pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897) * python-cryptography: memory corruption via...

Apple TV < 19K53 Multiple Vulnerabilities (HT212980)

According to its banner, the version of Apple TV on the remote device is prior to 19K53. It is therefore affected by multiple vulnerabilities as described in the...

Rocky Linux 8 : gdk-pixbuf2 (RLSA-2024:3341)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3341 advisory. * gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) Tenable has extracted the preceding description block directly from the Rocky Linux security.....

Rocky Linux 9 : nodejs (RLSA-2024:2910)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2910 advisory. * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of...

AlmaLinux 9 : fence-agents (ALSA-2024:3820)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3820 advisory. * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064) Tenable has extracted the preceding description block directly from the AlmaLinux...

Rocky Linux 8 : xorg-x11-server-Xwayland (RLSA-2024:3343)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3343 advisory. * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) * xorg-x11-server: Heap buffer overread/data leakage in.....

Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2024:3267)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3267 advisory. * JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681) * python-jwcrypto: malicious JWE token can cause denial of service...

SUSE SLES15 / openSUSE 15 Security Update : python-pymongo (SUSE-SU-2024:1571-2)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1571-2 advisory. - CVE-2024-21506: Fixed out-of-bounds read in the BSON module (bsc#1222492) Tenable has extracted the preceding description block directly.....

Rocky Linux 8 : 389-ds:1.4 (RLSA-2024:3047)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3047 advisory. * 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) (CVE-2024-1062) Tenable has...

Rocky Linux 8 : python-jinja2 (RLSA-2024:3102)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:3102 advisory. * jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195) Tenable has extracted the preceding description block...

Rocky Linux 8 : libxml2 (RLSA-2024:3626)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3626 advisory. * libxml2: use-after-free in XMLReader (CVE-2024-25062) Tenable has extracted the preceding description block directly from the Rocky Linux security advisory....

Debian dsa-5710 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5710 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5710-1 [email protected] ...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6821-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-4 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....

Rocky Linux 8 : fence-agents (RLSA-2024:2968)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2968 advisory. * urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803) * pycryptodome: side-channel...

Rocky Linux 9 : gvisor-tap-vsock (RLSA-2024:3830)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3830 advisory. * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) Tenable has extracted the preceding description block directly from the...

Rocky Linux 8 : libssh (RLSA-2024:3233)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3233 advisory. * libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (CVE-2023-6004) * libssh: Missing checks for return...

Rocky Linux 8 : python-dns (RLSA-2024:3275)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:3275 advisory. * dnspython: denial of service in stub resolver (CVE-2023-29483) Tenable has extracted the preceding description block directly from the Rocky Linux security...

RHEL 8 / 9 : Red Hat Ceph Storage 7.1 (RHSA-2024:3925)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3925 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...

Rocky Linux 8 : bind and dhcp (RLSA-2024:3271)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3271 advisory. * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator...

Rocky Linux 8 : firefox (RLSA-2024:3783)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3783 advisory. * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) *...

Rocky Linux 9 : kernel (RLSA-2024:3619)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3619 advisory. * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: fs: sysfs: Fix reference leak in...

Fedora 39 : cyrus-imapd (2024-123f2b3666)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-123f2b3666 advisory. - Security fix for CVE-2024-34055 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus.....

Rocky Linux 8 : .NET 8.0 (RLSA-2024:3345)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3345 advisory. * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in...

XMB 1.9.12.06 - Stored XSS

...

ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated)

...

Rocky Linux 8 : python3 (RLSA-2024:3347)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3347 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

CVE-2024-37831

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...

Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication may or may not be required to exploit this vulnerability, depending upon configuration. Furthermore, only systems with ksmbd enabled are vulnerable. The specific...

Linux Kernel USB Core Out-Of-Bounds Read Local Privilege Escalation Vulnerability

This vulnerability allows physically present attackers to escalate privileges on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of USB descriptors. The issue results from the lack of proper...

AlmaLinux 9 : python-idna (ALSA-2024:3846)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:3846 advisory. * python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651) Tenable has extracted the preceding...

Rocky Linux 8 : ruby:3.3 (RLSA-2024:3670)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3670 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby:...

Rocky Linux 9 : python-idna (RLSA-2024:3846)

The remote Rocky Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:3846 advisory. * python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651) Tenable has extracted the preceding...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

Apple TV < 15.5 Multiple Vulnerabilities (HT213254)

According to its banner, the version of Apple TV on the remote device is prior to 15.5. It is therefore affected by multiple vulnerabilities as described in the...

SUSE SLES12 Security Update : php8 (SUSE-SU-2024:2027-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2027-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has extracted the...

Rocky Linux 8 : .NET 7.0 (RLSA-2024:3340)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3340 advisory. * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in...

Rocky Linux 8 : pcp (RLSA-2024:3264)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3264 advisory. * pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019) Tenable has extracted the preceding description block...

Rocky Linux 8 : httpd:2.4 (RLSA-2024:3121)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3121 advisory. * httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) * mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)...

Rocky Linux 8 : sssd (RLSA-2024:3270)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3270 advisory. * sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758) Tenable has extracted the preceding description...

Rocky Linux 9 : thunderbird (RLSA-2024:2888)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2888 advisory. * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) *...

AlmaLinux 9 : containernetworking-plugins (ALSA-2024:3831)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:3831 advisory. * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) Tenable has extracted the preceding description block directly from the...

AlmaLinux 9 : podman (ALSA-2024:3826)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3826 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods....

Rocky Linux 8 : Image builder components bug fix, enhancement and (RLSA-2024:2961)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2961 advisory. * osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) Tenable has extracted the preceding description block...

Rocky Linux 8 : pam (RLSA-2024:3163)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3163 advisory. * pam: allowing unprivileged user to block another user namespace (CVE-2024-22365) Tenable has extracted the preceding description block directly from the Rocky...

AlmaLinux 9 : libreoffice (ALSA-2024:3835)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3835 advisory. * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission...

Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting

...

Rocky Linux 8 : kernel (RLSA-2024:3138)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3138 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s),...