Microsoft Windows Server 2003 SP1, SP2 Windows XP - SP3 Security Vulnerabilities

Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-2962)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2962 advisory. hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream...

Oracle Linux 8 : qt5-qtbase (ELSA-2024-3056)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3056 advisory. [5.15.3-7] - Fix CVE-2024-25580: potential buffer overflow when reading KTX images Resolves: RHEL-25725 [5.15.3-6] - Fix incorrect integer...

Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. [1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix ...

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-2988)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2988 advisory. The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type...

Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2024-632)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-632 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP...

Oracle Linux 8 : freeglut (ELSA-2024-3120)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3120 advisory. [3.0.0-9] - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25175 Resolves:...

Siemens CP-XXXX Series Exposed Serial Shell

...

Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2024-2996)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2996 advisory. [21.1.3-15] Fix for CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 [21.1.3-14] - Fix for...

MariaDB 11.4.0 < 11.4.2

The version of MariaDB installed on the remote host is prior to 11.4.2. It is, therefore, affected by a vulnerability as referenced in the mariadb-1142-release-notes advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are...

Oracle Linux 8 : webkit2gtk3 (ELSA-2024-2982)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2982 advisory. [2.42.5-1] - Update to 2.42.5 Resolves: RHEL-3961 [2.42.4-1] - Update to 2.42.4 Resolves: RHEL-3961 Resolves: RHEL-19365 [2.42.3-1]...

Oracle Linux 8 : Image / builder / components (ELSA-2024-2961)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2961 advisory. osbuild [110-1] - New upstream release [109-1] - New upstream release [106-1] - New upstream release [105-1] - New upstream release [104-2] - Fix unit...

Oracle Linux 8 : idm:DL1 (ELSA-2024-3044)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3044 advisory. bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves:...

Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...

Oracle Linux 8 : frr (ELSA-2024-2981)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2981 advisory. [7.5.1-22.0.1] - Fix POSTIN scriptlet [Orabug: 34712485] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out.....

Oracle Linux 8 : zziplib (ELSA-2024-3127)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3127 advisory. [0.13.68-13] - Fix CVE-2020-18770 Previous patch contained segfault bug Resolves: RHEL-14966 [0.13.68-12] - Add the gating tests from the 8.8.0...

Oracle Linux 8 : linux-firmware (ELSA-2024-3178)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3178 advisory. [20240415-999.32.git5da74b16.el8] - Rebase to latest upstream [Orabug: 36482906] Tenable has extracted the preceding description block directly from...

Oracle Linux 8 : libsndfile (ELSA-2024-3030)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3030 advisory. [1.0.28-14] - fix integer overflows causing CVE-2022-33065 (#RHEL-3750) Tenable has extracted the preceding description block directly from the Oracle Linux...

RHEL 8 : pcp (RHSA-2024:3392)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3392 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

libigl readOFF stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1784 libigl readOFF stack-based buffer overflow vulnerabilities May 28, 2024 CVE Number CVE-2023-35950,CVE-2023-35953,CVE-2023-35952,CVE-2023-35951,CVE-2023-35949 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp...

Oracle Linux 8 : libXpm (ELSA-2024-2974)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2974 advisory. [3.5.12-11] - Drop hardening patches from previous version to keep ABI compatibility [3.5.12-10] - CVE-2023-43786 libX11: stack exhaustion from...

Oracle Linux 8 : pmix (ELSA-2024-3008)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3008 advisory. [2.2.5-3] - Add gating test - Resolves: RHEL-3692 [2.2.5-2] - Fix CVE-2023-41915 - Resolves: RHEL-3692 Tenable has extracted the preceding description block...

HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation

...

Oracle Linux 8 : xorg-x11-server (ELSA-2024-2995)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2995 advisory. [1.20.4-24] - Fix use after free related to CVE-2024-21886 [1.20.11-21] - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885,...

Oracle Linux 8 : gstreamer1-plugins-good (ELSA-2024-3089)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3089 advisory. [1.16.1-4] - CVE-2023-37327: integer overflow leading to heap overwrite in FLAC image tag handling - Resolves: RHEL-19469 Tenable has extracted the...

Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2024-3061)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3061 advisory. apache-commons-collections apache-commons-lang apache-commons-net bea-stax fasterxml-oss-parent [49-1] - Rebase to upstream version 49 ...

Oracle Linux 8 : poppler (ELSA-2024-2979)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2979 advisory. [21.01.0-11] - Fix crashes in FoFiType1C - Rebuild for inclusion of poppler-glib-doc in CRB - Resolves: RHEL-4255, RHEL-4273 [21.01.0-10] - Check XRef's Catalog.....

RHEL 9 : rpm-ostree (RHSA-2024:3401)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3401 advisory. The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be...

Oracle Linux 8 : fence-agents (ELSA-2024-2968)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2968 advisory. [4.2.1-129] - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18132 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20915 -...

Oracle Linux 8 : tigervnc (ELSA-2024-3067)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3067 advisory. [1.13.1-8] - Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20530 [1.13.1-7] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer...

Oracle Linux 8 : python-jinja2 (ELSA-2024-3102)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3102 advisory. [2.10.1-4] - Security fix for CVE-2024-22195 Resolves: RHEL-21347 [2.10.1-3] - Fix CVE-2020-28493: ReDOS vulnerability due to the sub-pattern Resolves:...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2024:1788-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1788-1 advisory. - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code (bsc#1222330). - CVE-2024-24795: Fixed...

Oracle Linux 8 : python3.11 (ELSA-2024-3062)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3062 advisory. [3.11.7-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-21915 [3.11.5-2] - Security fix for...

Oracle Linux 8 : gmp (ELSA-2024-3214)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3214 advisory. [1:6.1.2-11] - Fix: CVE-2021-43618 Resolves: RHEL-23055 Tenable has extracted the preceding description block directly from the Oracle Linux security...

SUSE: Security Advisory (SUSE-SU-2024:1788-1)

The remote host is missing an update for...

Oracle Linux 8 : edk2 (ELSA-2024-3017)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3017 advisory. [20220126gitbb1bba3d77-13] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] -...

Oracle Linux 8 : perl-CPAN (ELSA-2024-3094)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3094 advisory. [2.18-399] - Fix tests to run in correct order [2.18-398] - Fix CVE-2023-31484 - Package tests [2.18-397] - Rebuilt for...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2024-631)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-631 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP...

Oracle Linux 8 : python-pillow (ELSA-2024-3005)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3005 advisory. [5.1.1-20] - Security fix for CVE-2023-50447 Resolves: RHEL-22240 [5.1.1-19] - Security fix for CVE-2023-44271 Resolves: RHEL-15460 Tenable has...

Oracle Linux 8 : squashfs-tools (ELSA-2024-3139)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3139 advisory. [4.3-21] - CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix CVE-2021-40153 squashfs-tools: unvalidated...

Oracle Linux 8 : python3.11-cryptography (ELSA-2024-3105)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3105 advisory. [37.0.2-6] - Security fix for CVE-2023-49083 - Resolves: RHEL-19831 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 8 : gstreamer1-plugins-bad-free (ELSA-2024-3060)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3060 advisory. [1.16.1-4.0.1] - Update origin URL [Orabug: 36209826] [1.16.1-4] - Patch CVE-2023-40474: Integer overflow - Patch CVE-2023-40475: Integer overflow -...

Oracle Linux 8 : perl-Convert-ASN1 (ELSA-2024-3049)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3049 advisory. [0.27-18] - Fix unsafe decoding in indef case (CVE-2013-7488) Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 8 : vorbis-tools (ELSA-2024-3095)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3095 advisory. [1:1.4.0-29] - fix out-of-bounds read in oggenc (CVE-2023-43361) Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 8 : exempi (ELSA-2024-3066)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3066 advisory. [2.4.5-4] - Fix CVE-2020-18652 - Resolves: RHEL-5416 [2.4.5-3] - Fix CVE-2020-18651 - Resolves: RHEL-5415 Tenable has extracted the preceding...

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

Exploit for CVE-2024-5084

🚀 HashForm Exploit Script This script demonstrates the...

CVE-2024-35182

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

CVE-2024-35181

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

CVE-2024-35181

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...