OMICARD EDM 's SMS Security Vulnerabilities

Security Bulletin: IBM App Connect Enterprise is vulnerable to an attack to execute arbitrary code due to XMLUnit (CVE-2024-31573)

Summary IBM App Connect Enterprise is vulnerable to an attack to execute arbitrary code when XMLUnit is used to transform data with a stylesheet from an untrusted source. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-31573 ...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules (CVE-2024-4067 & CVE-2024-4068)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-4067 DESCRIPTION: **Node.js micromatch module is vulnerable to a...

Security Bulletin: An unspecified vulnerability in IBM Semeru Runtime that is shipped with IBM App Connect Enterprise (CVE-2024-21012)

Summary An unspecified vulnerability in IBM Semeru Runtime that is shipped with IBM App Connect Enterprise. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-21012 DESCRIPTION: **An unspecified vulnerability in Java SE related to the.....

Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...

Exploit for CVE-2024-27956

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection...

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27982, CVE-2024-27983)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2024-27982 ...

Rocky Linux 9 : gvisor-tap-vsock (RLSA-2024:3830)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3830 advisory. * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) Tenable has extracted the preceding description block directly from the...

Rocky Linux 8 : firefox (RLSA-2024:3783)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3783 advisory. * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) *...

Google Chrome Security Update (stable-channel-update-for-desktop_22-2024-02) - Linux

Google Chrome is prone to an unspecified ...

Google Chrome Security Update (stable-channel-update-for-desktop_22-2024-02) - Windows

Google Chrome is prone to an unspecified ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:2020-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2020-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the...

SUSE SLES15 / openSUSE 15 Security Update : python-pymongo (SUSE-SU-2024:1571-2)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1571-2 advisory. - CVE-2024-21506: Fixed out-of-bounds read in the BSON module (bsc#1222492) Tenable has extracted the preceding description block directly.....

Rocky Linux 9 : thunderbird (RLSA-2024:2888)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2888 advisory. * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) *...

AlmaLinux 9 : containernetworking-plugins (ALSA-2024:3831)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:3831 advisory. * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) Tenable has extracted the preceding description block directly from the...

Google Chrome Security Update (stable-channel-update-for-desktop_22-2024-02) - Mac OS X

Google Chrome is prone to an unspecified ...

Google Chrome Security Update (stable-channel-update-for-desktop_13-2024-02) - Windows

Google Chrome is prone to a stack-based buffer overflow...

AlmaLinux 9 : libreoffice (ALSA-2024:3835)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3835 advisory. * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission...

SUSE: Security Advisory (SUSE-SU-2024:2030-1)

The remote host is missing an update for...

Rocky Linux 8 : kernel (RLSA-2024:3138)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3138 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s),...

Cisco Firepower Threat Defense Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

AlmaLinux 9 : podman (ALSA-2024:3826)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3826 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods....

Google Chrome Security Update (stable-channel-update-for-desktop_13-2024-02) - Linux

Google Chrome is prone to a stack-based buffer overflow...

SUSE SLES12 Security Update : php8 (SUSE-SU-2024:2027-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2027-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has extracted the...

Fortinet FortiClient (FG-IR-23-274)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-274 advisory. A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack...

Boelter Blue System Management 1.3 - SQL Injection Vulnerability

...

Ubuntu: Security Advisory (USN-6832-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6833-1)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0218)

The remote host is missing an update for...

Rocky Linux 9 : libreoffice (RLSA-2024:3835)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3835 advisory. * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission...

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2024:3259)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3259 advisory. * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) * golang: net/http/cookiejar: incorrect forwarding...

Ubuntu: Security Advisory (USN-6834-1)

The remote host is missing an update for...

AlmaLinux 9 : gvisor-tap-vsock (ALSA-2024:3830)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:3830 advisory. * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) Tenable has extracted the preceding description block directly from the...

Fedora 40 : chromium (2024-5acee8c47f)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5acee8c47f advisory. update to 126.0.6478.55 * High CVE-2024-5830: Type Confusion in V8 * High CVE-2024-5831: Use after free in Dawn * High CVE-2024-5832: Use...

Rocky Linux 8 : kernel-rt (RLSA-2024:2950)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2950 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. ...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...

Boelter Blue System Management 1.3 - SQL Injection

...

PHP < 8.3.8 - Unauthenticated Remote Code Execution (Windows) Exploit

This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft...

RICOH Printers Improper Authentication Vulnerability (Mar 2024)

Multiple RICOH printers and multifunction printers are prone to an improper authentication...

Fortinet FortiClient (FG-IR-22-299)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-299 advisory. A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 -...

Fortinet FortiClient (FG-IR-22-235) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-235 advisory. An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0,...

Cisco Adaptive Security Appliance Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

Rocky Linux 9 : podman (RLSA-2024:3826)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3826 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods....

Mageia: Security Advisory (MGASA-2024-0217)

The remote host is missing an update for...

Rocky Linux 8 : webkit2gtk3 (RLSA-2024:2982)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2982 advisory. * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414) * webkitgtk: Processing web content may lead to arbitrary code.....

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tiff (SUSE-SU-2024:2028-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2028-1 advisory. - CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233) Tenable has extracted the...

SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2024:1673-2)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1673-2 advisory. - Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816) - Use snprintf instead of sprintf (bsc#1188574,....

Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:3254)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3254 advisory. * buildah: full container escape at build time (CVE-2024-1753) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters.....

Fedora 39 : chromium (2024-86e4115138)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-86e4115138 advisory. update to 126.0.6478.55 * High CVE-2024-5830: Type Confusion in V8 * High CVE-2024-5831: Use after free in Dawn * High CVE-2024-5832: Use...

PHP &lt; 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

...