Trend Micro Apex One, Trend Micro OfficeScan (OSCE), Trend Micro Worry-Free Business Security (WFBS) Security Vulnerabilities

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1852)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan regression (USN-6851-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-2 advisory. USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : CUPS regression (USN-6844-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-2 advisory. USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2024-1856)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of...

EulerOS 2.0 SP12 : expat (EulerOS-SA-2024-1854)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426) Tenable has extracted the...

Ubuntu: Security Advisory (USN-5615-3)

The remote host is missing an update for...

Fedora 40 : emacs (2024-a3fecfab32)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a3fecfab32 advisory. Update to Emacs 29.4, fixing CVE-2024-39331. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

A Bootiful Podcast: Spring Security community legend Laur Spilca

Hi, Spring fans! In this installment I talk to Spring Security community legend Laur Spilca, live from the Spring I/O show in beautiful...

Ubuntu: Security Advisory (USN-6857-1)

The remote host is missing an update for...

K000140188: PostgreSQL vulnerability CVE-2024-0985

Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...

Autodesk Multiple Vulnerabilities (AutoCAD) (adsk-sa-2024-0010)

The version of Autodesk AutoCAD installed on the remote Windows host is a version prior to 2024.1.5. It is, therefore, affected by multiple vulnerabilities: A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious...

EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1862)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications...

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1866)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-1863)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a...

EulerOS 2.0 SP12 : iSulad (EulerOS-SA-2024-1858)

According to the versions of the iSulad package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use...

EulerOS 2.0 SP12 : expat (EulerOS-SA-2024-1868)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426) Tenable has extracted the...

Fedora 40 : kernel (2024-aca908f73b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-aca908f73b advisory. The 6.9.6 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly from the...

K000140189: Linux kernel vulnerability CVE-2021-47572

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path.....

Ubuntu: Security Advisory (USN-6852-2)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0241)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0243)

The remote host is missing an update for...

EulerOS 2.0 SP12 : less (EulerOS-SA-2024-1874)

According to the versions of the less package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.(CVE-2022-48624) Tenable has extracted the preceding description.....

EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-1864)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service...

EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1876)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications...

EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-1877)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a...

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2024-1855)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

EulerOS 2.0 SP12 : dnsmasq (EulerOS-SA-2024-1851)

According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial...

EulerOS 2.0 SP12 : dnsmasq (EulerOS-SA-2024-1865)

According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial...

dcmtk - security update

Bulletin has no...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1873)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the...

Debian dla-3847 : dcmtk - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3847 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3847-1 [email protected] ...

evansjones.co.uk Cross Site Scripting vulnerability OBB-3939330

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bluegrovehomes.co.uk Cross Site Scripting vulnerability OBB-3939329

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

3d.walktheweb.com Cross Site Scripting vulnerability OBB-3939328

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

cotswoldwindows.co.uk Cross Site Scripting vulnerability OBB-3939327

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

tececo.com Cross Site Scripting vulnerability OBB-3939326

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2016-20022

In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...

sirsepaca.org Cross Site Scripting vulnerability OBB-3939325

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

boosterblog.com Cross Site Scripting vulnerability OBB-3939324

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM WebSphere Application Server Liberty used by IBM Cognos Analytics. IBM Cognos Analytics has addressed these vulnerabilities by upgrading IBM® Java™ and IBM WebSphere Application Server Liberty. There are vulnerabilities in...

Security Bulletin: IBM Cognos Analytics has addressed security vulnerabilities in JupyterHub, R Programming Language and Apache MINA (CVE-2024-28233, CVE-2024-27322, CVE-2019-0231, CVE-2021-41973)

Summary IBM Cognos Analytics is vulnerable to a cross-site scripting vulnerability (XSS) in JupyterHub and remote code execution (RCE) vulnerability in R Programming Language which is used by Jupyter Notebook. IBM Cognos Analytics has addressed a Denial of Service (DOS) vulnerability and an...

CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host...

CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and...

Exploit for CVE-2024-34102

CVE-2024-34102 POC for CVE-2024-34102. A pre-authentication...

h2o vulnerable to unexpected POST request shutting down server

In h2oai/h2o-3 version 3.46.0, the run_tool command in the rapids component allows the main function of any class under the water.tools namespace to be called. One such class, MojoConvertTool, crashes the server when invoked with an invalid argument, causing a denial of...

h2o vulnerable to unexpected POST request shutting down server

In h2oai/h2o-3 version 3.46.0, the run_tool command in the rapids component allows the main function of any class under the water.tools namespace to be called. One such class, MojoConvertTool, crashes the server when invoked with an invalid argument, causing a denial of...

ener04.com Cross Site Scripting vulnerability OBB-3939323

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-34122

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to...

CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to...