Easergy T200 ((modbus) Sc2-04mod-07000100 And Earlier), Easergy T200 ((iec104) Sc2-04iec-07000100 And Earlier), And Easergy T200 ((dnp3) Sc2-04dnp-07000102 And Earlier) Security Vulnerabilities

CVE-2024-39293

In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instances redirect to the same...

CVE-2024-1816

An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI...

CVE-2024-39465

In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc...

CVE-2024-39371

In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to...

CVE-2024-3959

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any...

OpenSSH: Remote Code Execution

Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description A vulnerability has been discovered in OpenSSH. Please review the CVE identifier referenced...

Welotec Industrial Routers Improper Access Control (CVE-2023-1083)

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

NumPy Detection

A NumPy Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version...

GLSA-202407-08 : GNU Emacs, Org Mode: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202407-08 (GNU Emacs, Org Mode: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding...

RHEL 8 : libreswan (RHSA-2024:4200)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4200 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

Debian dla-3852 : ovmf - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3852 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3852-1 [email protected] ...

OpenSSH < 9.8 RCE

The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory. This release contains fixes for two security problems, one critical and one minor. 1) Race condition in sshd(8) A critical...

GLSA-202407-04 : Pixman: Heap Buffer Overflow

The remote host is affected by the vulnerability described in GLSA-202407-04 (Pixman: Heap Buffer Overflow) A vulnerability has been discovered in Pixman. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...

GLSA-202407-05 : SSSD: Command Injection

The remote host is affected by the vulnerability described in GLSA-202407-05 (SSSD: Command Injection) A vulnerability has been discovered in SSSD. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0706)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0706 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and...

Oracle Linux 9 : openssh (ELSA-2024-12468)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12468 advisory. [8.7p1-38.0.2] - Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468] Resolves CVE-2024-6387 Tenable has...

Xhibiter NFT Marketplace 1.10.2 SQL Injection

...

Azon Dominator Affiliate Marketing Script - SQL Injection

...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1853)

The remote host is missing an update for the Huawei...

Ubuntu: Security Advisory (USN-6851-2)

The remote host is missing an update for...

Debian: Security Advisory (DSA-5723-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5707-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5703-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3839-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3852-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5704-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3832-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3844-1)

The remote host is missing an update for the...

Liferea: Remote Code Execution

Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...

Debian: Security Advisory (DSA-5705-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5706-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3843-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1855)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-3825-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5701-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5716-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5713-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3835-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3847-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DSA-5720-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3829-1)

The remote host is missing an update for the...

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...

CVE-2024-4901

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...

CVE-2024-4557

Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai...

CVE-2024-4011

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. Notes Author| Note ---|--- | Priority reason: Low...

CVE-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project. Notes Author| Note ---|--- alexmurray | Only affectes GitLab...

CVE-2024-6307

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...

CVE-2024-1493

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...