HPE Superdome Flex Servers; HPE Superdome Flex 280 Servers Security Vulnerabilities

RHEL 6 : curl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. curl: NTLM password overflow via integer overflow (CVE-2018-14618) The default configuration for cURL...

RHEL 7 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvncserver: Multiple heap out-of-bound writes in VNC client code (Incomplete fix for CVE-2018-20019) ...

RHEL 5 : libxrandr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrandr: Insufficient validation of server responses result in various data mishandlings...

RHEL 6 : mingw32-gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gnutls: incorrect handling of V1 intermediate certificates (CVE-2009-5138) gnutls: incorrect error...

RHEL 6 : vnc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tigervnc: NULL pointer dereference flaw in XRegion (CVE-2014-8241) Integer overflow in TigerVNC allows...

RHEL 5 : fetchmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. fetchmail: DoS (crash) in the base64 decoder upon server NTLM protocol exchange abort right after the ...

RHEL 7 : flex (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. flex: buffer overflow in generated code (yy_get_next_buffer) (CVE-2016-6354) An issue was discovered in...

RHEL 5 : gtk-vnc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gtk-vnc: Integer overflow when processing SetColorMapEntries (CVE-2017-5885) gtk-vnc 0.4.2 and older...

RHEL 7 : gtk-vnc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gtk-vnc: Integer overflow when processing SetColorMapEntries (CVE-2017-5885) gtk-vnc before 0.7.0 does...

RHEL 6 : libxrandr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrandr: Insufficient validation of server responses result in various data mishandlings...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2024-2511)

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service. This problem can occur in...

RHEL 7 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: scp allows command injection when using backtick characters in the destination argument ...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1785)

The remote host is missing an update for the Huawei...

RHEL 6 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1783)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1795)

The remote host is missing an update for the Huawei...

RHEL 6 : libxi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXi: Insufficient validation of server responses result in various data mishandlings (CVE-2016-7946) ...

Job For .local Domain Fails When Using Ubuntu-base VMware Backup Proxy

This issue occurs because .local is only intended for multicast DNS, and Ubuntu's default configuration prevents the use of .local for unicast DNS. As a result, the Ubuntu-based machine does not contact the network's DNS server when attempting to resolve .local...

RHEL 5 : privoxy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. privoxy: several use-after-free issues in list.c (CVE-2015-1031) privoxy: invalid read via empty host...

RHEL 5 : mutt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mutt: buffer overflow via base64 data (CVE-2018-14359) mutt_ssl.c in mutt 1.5.16 and other versions...

RHEL 5 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file ...

RHEL 6 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) libxml2: Missing...

RHEL 6 : gtk-vnc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gtk-vnc: Integer overflow when processing SetColorMapEntries (CVE-2017-5885) gtk-vnc 0.4.2 and older...

RHEL 6 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php-pear: Unsafe deserialization of data in Archive_Tar class (CVE-2018-1000888) PECL in the download...

RHEL 6 : libx11 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) The XGetImage function in...

RHEL 7 : libxi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXi: Insufficient validation of server responses result in various data mishandlings (CVE-2016-7946) ...

RHEL 7 : libxrandr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrandr: Insufficient validation of server responses result in various data mishandlings...

RHEL 7 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openldap: ACL restrictions bypass due to sasl_ssf value being set permanently (CVE-2019-13565) ...

RHEL 5 : libxcursor (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c (CVE-2015-9262) ...

Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`

Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Mass Auto Scanner for CVE-2024-24919 This script is designed to...

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...

TeamCity Server < 2023.5.6 XSS Vulnerability

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.5.6 It is, therefore, affected by a reflected XSS on the subscriptions page is possible Note that Nessus did not actually test for these issues, but instead...

nginx 1.1.x < 1.1.19 / 1.0.x < 1.0.15 A Buffer Overflow Vulnerability

According to its Sever response header, the installed version of nginx is 1.0.x prior to 1.0.15 or 1.1.x prior to 1.1.19. It is, therefore, affected by the following issue : Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)

The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-012)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0_312.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-012 advisory. There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is.....

TeamCity Server Multiple Vulnerabilities (CVE-2024-36362 / CVE-2024-36365)

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2024.3.2, prior to 2023.11.5, prior to 2023.5.6, prior to 2022.10.6, prior to 2022.04.7. It is, therefore, affected by multiple vulnerabilities: Path traversal...

TeamCity Server < 2024.3.2 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2024.3.2 It is, therefore, affected by multiple vulnerabilities: Users can perform actions that should not be available to them based on their permissions...

Amazon Linux 2 : golang (ALAS-2024-2554)

The version of golang installed on the remote host is prior to 1.22.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2554 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...

Nginx 1.25.0 - 1.26.0 Multiple HTTP/3 Vulnerabilities

Nginx is prone to multiple HTTP/3...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to...

CVE-2024-35228

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even....

CVE-2024-35228

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even....

CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even....

CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even....

Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks

My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....

CVE-2024-24919: Check Point Security Gateway Information Disclosure

On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade. On May 29, 2024, security firm mnemonic published a...

Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors

A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. "The campaign is geared toward establishing long-term...

‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort.....

CVE-2024-36020

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the...