SCALANCE XB213-3 (SC, PN) Security Vulnerabilities

CVE-2023-25136 affecting package openssh 8.9p1-3

CVE-2023-25136 affecting package openssh 8.9p1-3. This CVE either no longer is or was never...

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH's...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2023-45283, CVE-2023-45284)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity of host system, caused by failure related with filepath and safefilepath packages. This bulletin identifies the steps to address the vulnerabilities....

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1865)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for less (EulerOS-SA-2024-1874)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-3830-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3831-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5703-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3852-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3825-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5702-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5709-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for less (EulerOS-SA-2024-1860)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-3848-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1851)

The remote host is missing an update for the Huawei...

Exploit for Improper Preservation of Permissions in Mobyproject Moby

CVE-2021-41091 This exploit offers an in-depth look at the...

CVE-2024-6415

A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross...

CVE-2024-6415

A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross...

CVE-2024-6415 Ingenico Estate Manager New Widget cross site scripting

A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross...

Fedora 39 : mingw-python-urllib3 (2024-73f181db2a)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-73f181db2a advisory. Update to 1.26.19, fixes CVE-2024-0444. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Debian dla-3846 : libmojolicious-perl - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] ...

Debian dla-3850 : glibc-doc - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3850 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3850-1 [email protected] ...

Fedora 40 : mingw-python-urllib3 (2024-da86a4f061)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-da86a4f061 advisory. Update to 1.26.19, fixes CVE-2024-0444. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

edk2 - security update

Bulletin has no...

Fedora 40 : mingw-poppler (2024-94068499c9)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-94068499c9 advisory. Backport fix for CVE-2024-6239. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

[SECURITY] Fedora 39 Update: kitty-0.31.0-3.fc39

Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...

Fedora 39 : freeipa (2024-1d1b485611)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1d1b485611 advisory. Fix CVE-2024-2698 and CVE-2024-3183 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora 39 : kitty (2024-c7b79bc227)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c7b79bc227 advisory. rebuild for rhbz#2292712 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Debian dla-3849 : emacs - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3849 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3849-1 [email protected] ...

org-mode - security update

Bulletin has no...

SUSE SLES15 Security Update : frr (SUSE-SU-2024:2245-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2245-1 advisory. - CVE-2023-38406: Fixed nlri length of zero mishandling, aka 'flowspec overflow'. (bsc#1216900) - CVE-2023-47235: Fixed a crash on.....

Debian dla-3848 : elpa-org - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3848 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3848-1 [email protected] ...

Exploit for CVE-2024-34102

🚨 CVE-2024-34102 Exploit Script 🚨 Description This...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Open Container Initiative runc

Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes

Summary Multiple vulnerabilities in Kubernetes used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2020-8562 DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a time-of-check time-of-use...

Friday Squid Blogging: New Squid Species

A new squid species--of the Gonatidae family--was discovered. The video shows her holding a brood of very large eggs. Research...

Metasploit Weekly Wrap-Up 06/28/2024

Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password...

CVE-2024-38428 affecting package wget for versions less than 1.21.2-3

CVE-2024-38428 affecting package wget for versions less than 1.21.2-3. A patched version of the package is...

CVE-2024-3727 affecting package cri-o for versions less than 1.22.3-3

CVE-2024-3727 affecting package cri-o for versions less than 1.22.3-3. A patched version of the package is...

Exploit for Use After Free in Arm Avalon Gpu Kernel Driver

Exploit for CVE-2022-46395 The write up can be found...

Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062

Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-34064

Summary There is a vulnerability in Jinja that could allow an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....

runc vulnerable to container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

runc vulnerable to container breakout through process.cwd trickery and leaked fds in...

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-30171

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-34447

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to perform a DNS poisoning attack on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: Vulnerability in Netty affects IBM Process Mining CVE-2024-29025

Summary There is a vulnerability in Netty that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-29025 ...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-30172

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Security Bulletin: Vulnerability in Pydantic affects IBM Process Mining CVE-2024-3772

Summary There is a vulnerability in Pydantic that could allow an attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3772 ...