OMGF | Host Google Fonts Locally Security Vulnerabilities

CGA-5xfh-j46h-x23q

Bulletin has no...

CGA-qfjm-7vpv-9jgw

Bulletin has no...

CGA-p6hq-rr8r-gjcp

Bulletin has no...

BIT-kibana-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

BIT-elk-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

ClassGraph XML External Entity Reference

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...

CVE-2024-4755

The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-4755

The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2021-47621

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...

CVE-2024-4755 Google CSE <= 1.0.7 - Admin+ Stored XSS

The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-4755 Google CSE <= 1.0.7 - Admin+ Stored XSS

The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Exploit for CVE-2024-28397

Perkenalan 中文 `js2pyadalah paket python...

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to a flaw in IBM TCP/IP Connectivity Utilities for i [CVE-2024-31890].

Summary IBM i is vulnerable to a local user with command line access gaining elevated privilege due to a flaw in IBM TCP/IP Connectivity Utilities for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm

CVE-2023-30253 CVE-2023-30253 PoC Description This is my...

SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2106-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2106-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...

Fedora 39 : webkitgtk (2024-826bf5a09a)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-826bf5a09a advisory. Update to 2.44.2: * Make gamepads visible on axis movements, and not only on button presses. * Disable the gst-libav AAC decoder. * Make user scripts and...

Ivanti Endpoint Manager < 2022 SU4 Privilege Escalation (SA-2023-06-20)

A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a...

Streamline NX Client < 3.4.3.2 / 3.5.x < 3.5.1.202 / 3.6.x < 3.6.2.2 / 3.7.x < 3.7.2.1 Privilege Escalation (2024-000005)

The version of Streamline NX Client installed on the remote host is prior to 3.4.3.2, 3.5.1.202, 3.6.2.2, or 3.7.2.1. It is, therefore, affected by a vulnerability as referenced in the 2024-000005 advisory. Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and...

Streamline NX Client < 3.4.3.2 / 3.5.x < 3.5.1.202 / 3.6.x < 3.6.2.2 RCE (2024-000004)

The version of Streamline NX Client installed on the remote host is prior to 3.231.0, 3.4.3.2, 3.5.1.202 or 3.6.2.2. It is, therefore, affected by a vulnerability as referenced in the 2024-000004 advisory. Improper restriction of communication channel to intended endpoints issue exists in Ricoh...

FreeBSD : openvpn -- two security fixes (142c538e-b18f-40a1-afac-c479effadd5c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 142c538e-b18f-40a1-afac-c479effadd5c advisory. Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs (three on Windows):...

FreeBSD : chromium -- multiple security fixes (007e7e77-2f06-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 007e7e77-2f06-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 6 security fixes: Tenable has extracted the...

CentOS 7 : thunderbird (RHSA-2024:4016)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4016 advisory. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects...

Oracle Linux 9 : nghttp2 (ELSA-2024-3501)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3501 advisory. [1.43.0-5.2] - fix CONTINUATION frames DoS (CVE-2024-28182, CVE-2024-27316) Tenable has extracted the preceding description block directly from the Oracle Linux.....

RHEL 8 : thunderbird (RHSA-2024:4036)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4036 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

FreeBSD : qt5-webengine -- Multiple vulnerabilities (aa2b65e4-2f63-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the aa2b65e4-2f63-11ef-9cab-4ccc6adda413 advisory. Backports for 5 security bugs in Chromium: Tenable has extracted the preceding description...

Kibana 8.6.3 < 8.14 (ESA-2024-15)

The version of Kibana installed on the remote host is between 8.6.3 and 8.13.4. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-15 advisory. A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run...

SUSE: Security Advisory (SUSE-SU-2024:2106-1)

The remote host is missing an update for...

Streamline NX Client Installed (Windows)

Streamline NX Client is installed on the remote Windows...

Mattermost Desktop CVE-2024-36287 (macOS) (MMSA-2024-00326)

According to MMSA-2024-00326, Mattermost Desktop App versions &lt;= 5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

SUSE SLES15 / openSUSE 15 Security Update : containerd (SUSE-SU-2024:2108-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2108-1 advisory. Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request...

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for google-cloud SDK (SUSE-SU-SUSE-RU-2024:1637-2)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:1637-2 advisory. - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5....

Oracle Linux 8 : thunderbird (ELSA-2024-4036)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-4036 advisory. [115.12.1-1.0.1] - Add Oracle prefs file [115.12.1] - Add OpenELA debranding [115.12.1-1] - Update to 115.12.1 build1 [115.12.0-2] - Update to...

(Pwn2Own) HP Color LaserJet Pro MFP 4301fdw CFF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro MFP 4301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of embedded fonts. The issue results...

Fedora 39 : chromium (2024-dd14eefb0e)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-dd14eefb0e advisory. update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High...

Fedora 40 : chromium (2024-d2b54d5a9d)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d2b54d5a9d advisory. update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High...

AlmaLinux 8 : thunderbird (ALSA-2024:4036)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:4036 advisory. * thunderbird: Use-after-free in networking (CVE-2024-5702) * thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) * thunderbird:...

(Pwn2Own) Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can...

RHEL 8 : ovn-2021 (RHSA-2024:4035)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4035 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...

urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891)

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with 'ProxyManager', the 'Proxy-Authorization' header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

Streamline NX Client Multiple Vulnerabilities (2024-000006, 2024-000007)

The version of Streamline NX Client installed on the remote host is prior to 3.2.1.19, 3.3.1.3, 3.3.2.201, 3.4.3.1, 3.5.1.201, 3.6.100.53, or 3.6.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-000006 and 2024-000007 advisories. Use of potentially dangerous...

Ubuntu: Security Advisory (USN-6842-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:2108-1)

The remote host is missing an update for...

FreeBSD : qt6-webengine -- Multiple vulnerabilities (c5415838-2f52-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c5415838-2f52-11ef-9cab-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: Tenable has...

Mageia: Security Advisory (MGASA-2024-0230)

The remote host is missing an update for...

SUSE SLES12 Security Update : hdf5 (SUSE-SU-2024:2105-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2105-1 advisory. - Fix various security issues in hdf5 (bsc#1224158): CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, ...

SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2107-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2107-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...

Ivanti Endpoint Manager < 2022 SU3 Privilege Escalation (SA-2023-06-06)

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version...

Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)

The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...

Mattermost Desktop Installed (macOS)

Mattermost Desktop is installed on the remote macOS...

CVE-2024-38361

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NO_PERMISSION when permission is expected. If the resource exists under multiple...