IPS,Module,NGFW,Module,NIP6300,NIP6600,Secospace,USG6300,Secospace,USG6500,Secospace,USG6600,USG9500 Security Vulnerabilities

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

CVE-2024-5663

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

CVE-2024-5663

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

CVE-2024-5663 Cards for Beaver Builder <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Cards Widget

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

CVE-2024-5663 Cards for Beaver Builder <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Cards Widget

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

SUSE SLES12 Security Update : python-requests (SUSE-SU-2024:1946-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1946-1 advisory. - CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify (bsc#1224788). Tenable has extracted the preceding...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glib2 (SUSE-SU-2024:1950-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1950-1 advisory. Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in...

SUSE SLES12 Security Update : python-Jinja2 (SUSE-SU-2024:1948-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1948-1 advisory. - CVE-2024-34064: Fixed HTML attribute injection when passing user input as keys to xmlattr filter (bsc#1223980) Tenable has extracted...

SUSE SLES15 Security Update : python-docker (SUSE-SU-2024:1937-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1937-1 advisory. - CVE-2024-35195: Fixed missing certificate verification (bsc#1224788). Tenable has extracted the preceding description block directly from.....

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-base (SUSE-SU-2024:1945-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1945-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata ...

zfr authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication...

zfr authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication...

linux-azure, linux-azure-6.5, linux-starfive, linux-starfive-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

linux, linux-gcp, linux-gcp-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-raspi vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability....

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability....

Metasploit Weekly Wrap-Up 06/07/2024

New OSX payloads:ARMed and Dangerous In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress Hash form, this release features the addition of several new binary OSX stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and Shell Reverse TCP. The new...

TYPO3 Cross-Site Scripting in Filelist Module

It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the...

TYPO3 Cross-Site Scripting in Filelist Module

It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the...

Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities

Summary IBM QRadar SIEM includes a vulnerable version of kernel that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13631 DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code...

PHP CGI Argument Injection Remote Code Execution

This module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD)....

CVE-2024-1689 WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation

The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-1689 WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation

The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level...

Fedora: Security Advisory for fcitx5-qt (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtwayland (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtmqtt (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtquickcontrols (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtx11extras (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtquickcontrols2 (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtwayland (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtscxml (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtscxml (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtshadertools (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtdatavis3d (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

ruby:3.3 security, bug fix, and enhancement update

ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37448 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability...

Fedora: Security Advisory for qt6-qtremoteobjects (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtwebchannel (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtcharts (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for fcitx5-qt (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtdoc (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qttranslations (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtwebsockets (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtimageformats (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtxmlpatterns (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtgraphs (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtspeech (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtimageformats (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtspeech (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtdatavis3d (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtcharts (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...