Newsletter – Send Awesome Emails From WordPress Security Vulnerabilities

EulerOS 2.0 SP11 : glusterfs (EulerOS-SA-2024-1812)

According to the versions of the glusterfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use- after-free.(CVE-2022-48340) Tenable...

RHEL 8 : [23.1] Security update for the 23.1 (RPMs) (Low) (RHSA-2024:4079)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4079 advisory. The quarkus-mandrel-java and quarkus-mandrel-231 packages provide the GraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1...

Rockwell Automation ThinManager ThinServer Improper Input Validation (CVE-2024-5990)

The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.4, 13.1.x prior to 13.1.2. It is therefore, affected by an improper input validation...

EulerOS 2.0 SP11 : expat (EulerOS-SA-2024-1810)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-1822)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and...

AlmaLinux 8 : git (ALSA-2024:4084)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4084 advisory. * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git:...

This Week in Spring - June 25th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in...

Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability

Talos Vulnerability Report TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability June 25, 2024 CVE Number CVE-2024-21827 SUMMARY A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN....

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1827)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1834)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1846)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1836)

The remote host is missing an update for the Huawei...

SUSE: Security Advisory (SUSE-SU-2024:2180-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1814)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1813)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1810)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1842)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1843)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2024-1826)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1825)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1845)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1849)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libyaml (EulerOS-SA-2024-1838)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-1819)

The remote host is missing an update for the Huawei...

Aimeos HTML client may potentially reveal sensitive information in error log

Debug information can reveal sensitive information from environment variables in error...

RHEL 9 : git (RHSA-2024:4083)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4083 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

Rockwell Automation ThinManager ThinServer SD1677 Multiple Vulnerabilites

The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.5, 13.1.x prior to 13.1.3 or 13.2.x prior to 13.2.2. It is therefore, affected by mutliple.....

CVE-2024-36819

MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee...

EulerOS 2.0 SP11 : llvm (EulerOS-SA-2024-1818)

According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to...

RHEL 8 : kpatch-patch (RHSA-2024:4075)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4075 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

EulerOS 2.0 SP11 : glibc (EulerOS-SA-2024-1832)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1814)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...

EulerOS 2.0 SP11 : python-pillow (EulerOS-SA-2024-1845)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.(CVE-2024-28219) Tenable...

EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2024-1841)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the...

RHEL 9 : python3.9 (RHSA-2024:4078)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4078 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

WordPress < 6.5.5 - Contributor+ Stored XSS in HTML API

Description WordPress does not properly escape URL attributes in the HTML API, allowing high-privileged users to perform Stored Cross-Site Scripting (XSS)...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2183-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2183-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1842)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary:...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1823)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1811)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-1840)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1835)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1815)

The remote host is missing an update for the Huawei...

Ubuntu: Security Advisory (USN-6844-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1832)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1848)

The remote host is missing an update for the Huawei...

Mageia: Security Advisory (MGASA-2024-0235)

The remote host is missing an update for...

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-2 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same...

EulerOS 2.0 SP11 : libyaml (EulerOS-SA-2024-1838)

According to the versions of the libyaml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function...

EulerOS 2.0 SP11 : python-pillow (EulerOS-SA-2024-1824)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.(CVE-2024-28219) Tenable...