Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Big-iq Centralized Management, Big-iq Cloud And Orchestration, Iworkflow, Enterprise Manager Security Vulnerabilities

RHEL 8 : libreswan (RHSA-2024:4200)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4200 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

Debian dla-3852 : ovmf - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3852 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3852-1 [email protected] ...

OpenSSH < 9.8 RCE

The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory. This release contains fixes for two security problems, one critical and one minor. 1) Race condition in sshd(8) A critical...

GLSA-202407-04 : Pixman: Heap Buffer Overflow

The remote host is affected by the vulnerability described in GLSA-202407-04 (Pixman: Heap Buffer Overflow) A vulnerability has been discovered in Pixman. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...

GLSA-202407-05 : SSSD: Command Injection

The remote host is affected by the vulnerability described in GLSA-202407-05 (SSSD: Command Injection) A vulnerability has been discovered in SSSD. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

OpenSSH: Remote Code Execution

Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description A vulnerability has been discovered in OpenSSH. Please review the CVE identifier referenced...

Xhibiter NFT Marketplace 1.10.2 SQL Injection

...

Azon Dominator Affiliate Marketing Script - SQL Injection

...

Ubuntu: Security Advisory (USN-6851-2)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1853)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-3843-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1855)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-3825-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5701-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5713-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3835-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3847-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5720-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5716-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DSA-5707-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5703-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3839-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3852-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5705-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5704-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3832-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3844-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3829-1)

The remote host is missing an update for the...

Liferea: Remote Code Execution

Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...

GNU Emacs, Org Mode: Multiple Vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no.....

Debian: Security Advisory (DSA-5706-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5723-1)

The remote host is missing an update for the...

CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...

CVE-2024-1493

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...

CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host...

CVE-2021-4440

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is.....

CVE-2024-4557

Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai...

CVE-2024-4011

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. Notes Author| Note ---|--- | Priority reason: Low...

CVE-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project. Notes Author| Note ---|--- alexmurray | Only affectes GitLab...

CVE-2024-6307

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

CVE-2024-4901

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...

OpenSSH vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages openssh - secure shell (SSH) for secure access to remote machines Details It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access...

Customer Support System 1.0 - Stored XSS

...

Microweber 2.0.15 - Stored XSS

...

Debian dla-3851 : gunicorn - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3851 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3851-1 [email protected] ...

Debian dla-3853 : tryton-server - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3853 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3853-1 [email protected] ...

Fedora 40 : libreswan (2024-05a6ab143e)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-05a6ab143e advisory. Update to 4.15 for CVE-2024-3652 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...