Mate 9, P9 Security Vulnerabilities

CVE-2019-12280 affecting package toolbox 0.0.18-9

CVE-2019-12280 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...

CVE-1999-0817 affecting package lynx 2.9.0~dev.9-5

CVE-1999-0817 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...

CVE-2020-25207 affecting package toolbox 0.0.18-9

CVE-2020-25207 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...

CVE-2019-18368 affecting package toolbox 0.0.18-9

CVE-2019-18368 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...

CVE-2020-25013 affecting package toolbox 0.0.18-9

CVE-2020-25013 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...

CVE-2019-14959 affecting package toolbox 0.0.18-9

CVE-2019-14959 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...

CVE-2020-8563 affecting package kubernetes-1.18.17 1.18.17-9

CVE-2020-8563 affecting package kubernetes-1.18.17 1.18.17-9. No patch is available...

CVE-2021-25741 affecting package kubernetes-1.20.7 1.20.7-9

CVE-2021-25741 affecting package kubernetes-1.20.7 1.20.7-9. No patch is available...

CVE-2020-15945 affecting package lua 5.3.5-9

CVE-2020-15945 affecting package lua 5.3.5-9. This CVE either no longer is or was never...

CVE-2022-33099 affecting package lua 5.3.5-9

CVE-2022-33099 affecting package lua 5.3.5-9. This CVE either no longer is or was never...

CVE-2022-1941 affecting package grpc 1.35.0-9

CVE-2022-1941 affecting package grpc 1.35.0-9. No patch is available...

CVE-2022-3857 affecting package syslinux 6.04-9

CVE-2022-3857 affecting package syslinux 6.04-9. No patch is available...

CVE-2022-4904 affecting package grpc 1.35.0-9

CVE-2022-4904 affecting package grpc 1.35.0-9. No patch is available...

CVE-2023-39325 affecting package coredns for versions less than 1.9.3-9

CVE-2023-39325 affecting package coredns for versions less than 1.9.3-9. A patched version of the package is...

CVE-2023-44487 affecting package kubevirt for versions less than 0.59.0-9

CVE-2023-44487 affecting package kubevirt for versions less than 0.59.0-9. A patched version of the package is...

Oracle Linux 8 : idm:DL1 / and / idm:client (ELSA-2024-3267)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3267 advisory. bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc:...

Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-3253)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3253 advisory. hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog...

Updated netatalk packages fix security vulnerability

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary...

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent checking DSA keys and parameters. (CVE-2024-4603) Use After Free with SSL_free_buffers....

Updated python-jinja2 packages fix security vulnerabilities

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting (XSS)...

CVE-2023-38551

A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting...

python39:3.9 and python39-devel:3.9 security update

mod_wsgi numpy python39 [3.9.19-1] - Update to 3.9.19 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33676, RHEL-33688 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography...

Oracle Linux 8 : glibc (ELSA-2024-3344)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3344 advisory. [2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: ...

CVE-2024-36119

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running....

CVE-2024-36933

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:...

CVE-2024-36933

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols: ...

CVE-2024-36933 nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

(RHSA-2024:3513) Important: less security update

The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...

(RHSA-2024:3501) Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...

(RHSA-2024:3486) Moderate: gdisk security update

The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line interface similar to fdisk, direct manipulation of partition table structures, recovery tools to deal with corrupt partition tables, and the ability to convert Master....

Oracle Linux 9 : less (ELSA-2024-3513)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3513 advisory. [590-4] - Fix CVE-2024-32487 - Resolves: RHEL-33773 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note.....

Oracle Linux 8 : grafana (ELSA-2024-3265)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3265 advisory. [9.2.10-16] - Check OrdID is correct before deleting snapshot - fix CVE-2024-1313 - fix CVE-2024-1394 Tenable has extracted the preceding description...

EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2024-1762)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

RHEL 9 : less (RHSA-2024:3513)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3513 advisory. The less utility is a text file browser that resembles more, but allows users to move backwards in the file as well as forwards. Since less does...

Oracle Linux 8 : git-lfs (ELSA-2024-3346)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3346 advisory. [3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32543, RHEL-28377, RHEL-28399, RHEL-28423 [3.4.1-1] - Update to version 3.4.1 - Resolves:...

RHEL 8 : OpenShift Container Platform 4.12.58 (RHSA-2024:3351)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3351 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

CVE-2024-36933

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols: ...

Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

less security update

[590-4] - Fix CVE-2024-32487 - Resolves:...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1759)

The remote host is missing an update for the Huawei...

Oracle Linux 8 : glibc (ELSA-2024-3269)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3269 advisory. [2.28-251.0.2.1] - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi <[email protected]> Tenable has extracted the...

AlmaLinux 9 : less (ALSA-2024:3513)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:3513 advisory. * less: OS command injection (CVE-2024-32487) Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Nessus.....

AlmaLinux 9 : nghttp2 (ALSA-2024:3501)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3501 advisory. * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that...

RHEL 8 : gdisk (RHSA-2024:3486)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3486 advisory. The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line...

Fedora 39 : chromium (2024-151b368efb)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-151b368efb advisory. update to 125.0.6422.112 * High CVE-2024-5274: Type Confusion in V8 Tenable has extracted the preceding description block directly from the Fedora...

Oracle Linux 8 : .NET / 8.0 (ELSA-2024-3345)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3345 advisory. [8.0.105-1.0.1] - Add support for Oracle Linux [8.0.105-1] - Update to .NET SDK 8.0.105 and Runtime 8.0.5 - Resolves: RHEL-35316 Tenable has extracted...

Fedora 40 : thunderbird (2024-7ade906120)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7ade906120 advisory. Update to 115.11.0 * https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/ *...