HPE Superdome Flex Servers; HPE Superdome Flex 280 Servers Security Vulnerabilities

RHEL 6 : dnsmasq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dnsmasq: fixed outgoing port used when --server is used with an interface name (CVE-2021-3448) A...

RHEL 7 : c-ares (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. c-ares: Single byte out of buffer write (CVE-2016-5180) The c-ares function ares_parse_naptr_reply(),...

RHEL 7 : irssi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. irssi: heap buffer overflow due to calculation error in the completion code (CVE-2018-5208) The buf.pl...

RHEL 6 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) An existing mitigation of...

RHEL 5 : libx11 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) The XGetImage function in...

RHEL 6 : libx11 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libX11: missing request length checks (CVE-2021-31535) The XGetImage function in X.org libX11 before...

RHEL 7 : libxrender (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...

RHEL 5 : flex (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. flex: Recursive calls in the function mark_beginning_as_normal resulting in a denial of service (CVE-2019-6293) ...

RHEL 7 : fetchmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. fetchmail: STARTTLS session encryption bypassing (CVE-2021-39272) report_vbuild in report.c in Fetchmail...

RHEL 5 : mutt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mutt: buffer overflow via base64 data (CVE-2018-14359) An issue was discovered in Mutt before 1.10.1 and...

RHEL 6 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...

RHEL 6 : oracle_jdk (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) ...

RHEL 7 : netkit-rsh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. netkit-rsh: possible overwrite of arbitrary files by a malicious rsh server (CVE-2019-7283) In NetKit...

RHEL 6 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: loading of untrusted PKCS#11 modules in ssh-agent (CVE-2016-10009) openssh: scp allows command...

RHEL 6 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...

RHEL 7 : openjdk (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) OpenJDK: integer truncation issue...

RHEL 7 : gtk-vnc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gtk-vnc: Integer overflow when processing SetColorMapEntries (CVE-2017-5885) gtk-vnc before 0.7.0 does...

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

RHEL 7 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. subversion: svnserve/sasl may authenticate users using the wrong realm (CVE-2016-2167) The...

RHEL 7 : flex (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. flex: buffer overflow in generated code (yy_get_next_buffer) (CVE-2016-6354) Note that Nessus has not tested for...

RHEL 6 : irssi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. irssi: heap buffer overflow due to calculation error in the completion code (CVE-2018-5208) The buf.pl...

RHEL 6 : mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) (CVE-2016-3477) mysql:...

RHEL 6 : perl-dbd-mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() (CVE-2017-10788) ...

RHEL 5 : perl-dbd-mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() (CVE-2017-10788) ...

RHEL 6 : fetchmail (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. fetchmail: STARTTLS session encryption bypassing (CVE-2021-39272) report_vbuild in report.c in Fetchmail...

RHEL 8 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) Kernel:...

RHEL 7 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvncserver: Multiple heap out-of-bound writes in VNC client code (Incomplete fix for CVE-2018-20019) ...

RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: arbitrary command execution via VCS path (CVE-2018-7187) golang: Command-line arguments may...

RHEL 6 : python-requests (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) ...

RHEL 5 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code ...

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Co-authored by Rapid7 analysts Tyler McGraw, Thomas Elkins, and Evan McCann Executive Summary Rapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response (MDR) customers. The incident involves a threat actor overwhelming a user's...

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

tigervnc security update

An update is available for tigervnc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing (VNC) is a remote display system which allows...

mod_http2 security update

An update is available for mod_http2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on...

Moderate: mod_http2 security update

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

varnish security update

An update is available for varnish. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Varnish Cache is a high-performance HTTP accelerator. It stores web pages in....

Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): varnish: HTTP/2 Broken Window Attack may result in denial of service...

Dell notifies customers about data breach

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1585)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1567)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1589)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1563)

The remote host is missing an update for the Huawei...

Low: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...

Medium: edk2

Issue Overview: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem.....

Medium: freerdp

Issue Overview: 2024-06-06: CVE-2024-32660 was added to this advisory. FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdp_bitmap_planar_context_reset leads to heap-buffer overflow. This affects FreeRDP based...

APT trends report Q1 2024

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published.....

[SECURITY] Fedora 39 Update: freerdp-2.11.7-1.fc39

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...

[SECURITY] Fedora 38 Update: freerdp-2.11.7-1.fc38

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...

[SECURITY] Fedora 40 Update: freerdp2-2.11.7-1.fc40

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...

[SECURITY] Fedora 40 Update: freerdp-3.5.1-1.fc40

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...