Newsletter – Send Awesome Emails From WordPress Security Vulnerabilities

Rocky Linux 9 : libreoffice (RLSA-2024:3835)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3835 advisory. * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission...

Rocky Linux 8 : kernel-rt (RLSA-2024:2950)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2950 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. ...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...

Ubuntu: Security Advisory (USN-6832-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6833-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6834-1)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0218)

The remote host is missing an update for...

Apple TV < 16.3 Multiple Vulnerabilities (HT213601)

According to its banner, the version of Apple TV on the remote device is prior to 16.3. It is therefore affected by multiple vulnerabilities as described in the...

Oracle Linux 8 : ruby:3.1 (ELSA-2024-3546)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3546 advisory. ruby [3.1.5-143] - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE...

AlmaLinux 9 : 389-ds-base (ALSA-2024:3837)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3837 advisory. * 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) * 389-ds-base: Malformed userPassword may cause...

Rocky Linux 8 : python3.11-urllib3 (RLSA-2024:2986)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:2986 advisory. * python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) Tenable has extracted the preceding description block...

tagDiv Composer < 4.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode

Description The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

Boelter Blue System Management 1.3 - SQL Injection

...

Fedora 39 : chromium (2024-86e4115138)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-86e4115138 advisory. update to 126.0.6478.55 * High CVE-2024-5830: Type Confusion in V8 * High CVE-2024-5831: Use after free in Dawn * High CVE-2024-5832: Use...

SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2024:1673-2)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1673-2 advisory. - Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816) - Use snprintf instead of sprintf (bsc#1188574,....

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tiff (SUSE-SU-2024:2028-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2028-1 advisory. - CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233) Tenable has extracted the...

How to Exclude Applications from Dashboard & Compliance Reporting

This article provides steps to exclude system namespaces from the Veeam Kasten for Kubernetes dashboard and compliance...

Mageia: Security Advisory (MGASA-2024-0217)

The remote host is missing an update for...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:3254)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3254 advisory. * buildah: full container escape at build time (CVE-2024-1753) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters.....

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2024:3253)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3253 advisory. * libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494) Tenable has extracted the preceding description block directly from the.....

Rocky Linux 8 : kernel-rt (RLSA-2024:3627)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3627 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

Rocky Linux 9 : .NET 7.0 (RLSA-2024:2843)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2843 advisory. * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in...

AlmaLinux 9 : rpm-ostree (ALSA-2024:3823)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3823 advisory. * rpm-ostree: world-readable /etc/shadow file [9.4.z] (JIRA:AlmaLinux-31852) Tenable has extracted the preceding description block directly from the AlmaLinux...

Rocky Linux 8 : glibc (RLSA-2024:3344)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3344 advisory. * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599) * glibc: null pointer dereferences after failed netgroup cache insertion ...

Rocky Linux 9 : ruby:3.1 (RLSA-2024:3668)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3668 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby:...

Rocky Linux 8 : exempi (RLSA-2024:3066)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3066 advisory. * exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) * exempi: denial of service via opening of crafted webp...

Rocky Linux 8 : LibRaw (RLSA-2024:2994)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2994 advisory. * LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) Tenable has extracted the preceding...

Rocky Linux 8 : python-pillow (RLSA-2024:3005)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3005 advisory. * python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271) Tenable has...

Rocky Linux 8 : idm:DL1 (RLSA-2024:3755)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3755 advisory. * CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service * CVE-2024-3183 freeipa:...

AlmaLinux 9 : gdk-pixbuf2 (ALSA-2024:3834)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3834 advisory. * gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) Tenable has extracted the preceding description block directly from the AlmaLinux security...

Rocky Linux 9 : nghttp2 (RLSA-2024:3501)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3501 advisory. * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) Tenable has extracted the preceding description block directly from the Rocky Linux security advisory. Note...

Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:3466)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3466 advisory. * python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python39:3.9/python39: python: The zipfile module is...

Rocky Linux 8 : squashfs-tools (RLSA-2024:3139)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3139 advisory. * squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) * squashfs-tools: possible Directory Traversal via...

Rocky Linux 8 : ruby:3.1 (RLSA-2024:3546)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3546 advisory. * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby:...

Rocky Linux 9 : glibc (RLSA-2024:3339)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3339 advisory. * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961) * glibc: stack-based buffer overflow in netgroup cache...

Rocky Linux 8 : gstreamer1-plugins-good (RLSA-2024:3089)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3089 advisory. * gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling (CVE-2023-37327) Tenable has extracted the preceding...

Fortinet FortiClient (FG-IR-22-059) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...

Fortinet FortiClient (FG-IR-22-235) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-235 advisory. An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0,...

Rocky Linux 8 : tomcat (RLSA-2024:3666)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3666 advisory. * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug...

Cisco Adaptive Security Appliance Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

AlmaLinux 9 : c-ares (ALSA-2024:3842)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3842 advisory. * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) Tenable has extracted the preceding description block directly from the AlmaLinux security...

GitLab 16.10.0 < 16.10.6 / 16.11.0 < 16.11.3 (CVE-2024-5469)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. (CVE-2024-5469) Note that...

Rocky Linux 8 : pki-core:10.6 and pki-deps:10.6 (RLSA-2024:3061)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3061 advisory. * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) Tenable has extracted the preceding description block directly from...

Rocky Linux 8 : webkit2gtk3 (RLSA-2024:2982)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2982 advisory. * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414) * webkitgtk: Processing web content may lead to arbitrary code.....

Rocky Linux 9 : 389-ds-base (RLSA-2024:3837)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3837 advisory. * 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) * 389-ds-base: Malformed userPassword may cause.....

Rocky Linux 9 : podman (RLSA-2024:3826)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3826 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods....

PHP &lt; 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

...

Fedora 40 : cyrus-imapd (2024-f3e0255c75)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f3e0255c75 advisory. - Security fix for CVE-2024-34055 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus.....

Rocky Linux 8 : kernel update (Moderate) (RLSA-2024:3618)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

Rocky Linux 9 : tomcat (RLSA-2024:3307)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3307 advisory. * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug...