Microsoft Windows Server 2003 SP1, SP2 Windows XP - SP3 Security Vulnerabilities

OpenSSL UAF Vulnerability (20240528) - Windows

OpenSSL is prone to a use after free (UAF)...

EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1735)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

EulerOS Virtualization 2.11.1 : libuv (EulerOS-SA-2024-1717)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in...

Oracle Linux 8 : python-dns (ELSA-2024-3275)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3275 advisory. [1.15.0-12] - Security fix for CVE-2023-29483 Resolves: RHEL-32630 Tenable has extracted the preceding description block directly from the Oracle Linux...

TeamCity Server < 2023.11.0 Restore From Backup XSS

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.0. It is, therefore, affected by Cross Side Scripting Vulnerability during a Restore from Backup. Note that Nessus did not actually test for these issues,...

ROS-20240529-01

Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

EulerOS Virtualization 2.11.0 : libuv (EulerOS-SA-2024-1728)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in...

EulerOS Virtualization 2.11.1 : edk2 (EulerOS-SA-2024-1722)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via...

Progress Software Telerik Reporting ValidateMetadaUri XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software Telerik Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

xorg-x11-server-Xwayland security update

[21.1.3-16] - CVE fix for: CVE-2024-31080, CVE-2024-31081,...

bind and dhcp security update

bind [32:9.11.36-14] - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Do not use header_prev in expire_lru_headers dhcp [4.3.6] - Change bug tracker path [12:4.3.6-50] - Rebuild...

EulerOS Virtualization 2.11.0 : edk2 (EulerOS-SA-2024-1733)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via...

Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability

Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2...

krb5 security update

[1.18.2-27.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.18.2-27] - Fix memory leak in GSSAPI interface Resolves: RHEL-27250 - Fix memory leak in PMAP RPC interface Resolves: RHEL-27244 - Make TCP waiting time configurable Resolves:...

EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1734)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

Oracle Linux 8 : .NET / 7.0 (ELSA-2024-3340)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3340 advisory. [7.0.119-1.0.1] - Add support for Oracle Linux [7.0.119-1] - Update to .NET SDK 7.0.119 and Runtime 7.0.19 - Resolves: RHEL-35313 [7.0.118-2] - Update...

JVN#22182715: Redmine DMSF Plugin vulnerable to path traversal

Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability (CWE-22). ## Impact When the affected version of the plugin is enabled on the Redmine instance, the logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process). ##...

Security Bulletin: Triton Inference Server - May 2024

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

tigervnc security update

[1.13.1-10] - Drop patches that are already part of xorg-x11-server Resolves: RHEL-30755 Resolves: RHEL-30767 Resolves: RHEL-30761 [1.13.1-9] - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-30755 - Fix...

Oracle Linux 8 : bind / and / dhcp (ELSA-2024-3271)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3271 advisory. bind [32:9.11.36-14] - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Prevent increased CPU consumption in DNSSEC...

FreeBSD : OpenSSL -- Use after free vulnerability (73a697d7-1d0f-11ef-a490-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 73a697d7-1d0f-11ef-a490-84a93843eb75 advisory. The OpenSSL project reports: Use After Free with SSL_free_buffers (low). Calling the OpenSSL API...

RHEL 7 : rh-nodejs14 (RHSA-2024:3472)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3472 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security...

idm:DL1 and idm:client security update

bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc: invalidate forest trust intfo cache when filtering out realm domains Resolves: RHEL-28559 - Backport latests test fixes in python3-tests ipatests: add xfail for...

CVE-2024-3657

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of...

dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....

dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....

2024-05 .NET 6.0.31 Security Update for x64 Server (KB5039843)

2024-05 .NET 6.0.31 Security Update for x64 Server...

2024-05 .NET 8.0.6 Security Update for x64 Server (KB5039845)

2024-05 .NET 8.0.6 Security Update for x64 Server...

2024-05 .NET 7.0.20 Security Update for x64 Server (KB5039844)

2024-05 .NET 7.0.20 Security Update for x64 Server...

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

pcTattletale spyware leaks database containing victim screenshots, gets website defaced

The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)

Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service (CVE-2024-25062). AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details ** CVEID: CVE-2024-25062 DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a...

Security Bulletin: WebSphere Application Server Liberty is vulnerable to denial of service (CVE-2023-38737)

Summary IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to...

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-38264, CVE-2024-21011, CVE-2024-21085 and CVE-2024-21094 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified...

CVE-2024-36107

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

CVE-2024-36107 Information disclosure in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC

The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to....

CVE-2024-5433 Path Traversal in Campbell Scientific CSI Web Server and RTMC

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

TIBCO Security Advisory: May 28, 2024 - TIBCO Managed File Transfer Platform Server for Unix - CVE-2024-4407

TIBCO Managed File Transfer Platform Server for Unix and z/Linux privilege escalation vulnerability Original release date: May 28, 2024 Last revised: --- CVE-2024-4407 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for Unix versions 8.0.0, 8.0.1, 8.1.0,...

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...

CVE-2024-30164

Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this...

CVE-2024-35563

CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in...

CVE-2024-26024 SUBNET Substation Server Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation...

rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter

Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ruby runs =...

rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter

Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ruby runs =...

Kaminari Insecure File Permissions Vulnerability

A moderate severity security vulnerability has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This advisory outlines the vulnerability, affected versions, and provides guidance for mitigation. Impact This vulnerability is of moderate...