Scalance X307-2 Eec (24v, Coated) Security Vulnerabilities

Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery

...

Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection

...

Amazon Linux AMI : tomcat8 (ALAS-2024-1941)

The version of tomcat8 installed on the remote host is prior to 8.5.99-1.97. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1941 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to...

Amazon Linux 2 : unbound (ALASUNBOUND-2024-002)

The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-002 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group...

Amazon Linux 2 : iperf3 (ALAS-2024-2579)

The version of iperf3 installed on the remote host is prior to 3.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2579 advisory. It is possible for a malicious or malfunctioning client to send lessthan the expected amount of data to the server. If this...

RHEL 9 : pki-core (RHSA-2024:4051)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4051 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-060)

The version of kernel installed on the remote host is prior to 5.10.217-205.860. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-060 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN)...

Moderate Photon OS Security Update - PHSA-2024-4.0-0638

Updates of ['nginx', 'libssh2'] packages of Photon OS have been...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-061)

The version of kernel installed on the remote host is prior to 5.10.201-191.748. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2024-061 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related...

Edu-Sharing Arbitrary File Upload

...

RHEL 9 : libreswan (RHSA-2024:4050)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4050 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-062)

The version of kernel installed on the remote host is prior to 5.10.218-206.860. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-062 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect...

RHEL 9 : dnsmasq (RHSA-2024:4052)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4052 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. ...

Amazon Linux 2 : edk2 (ALAS-2024-2578)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2578 advisory. EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to...

Amazon Linux 2 : dnsmasq (ALAS-2024-2580)

The version of dnsmasq installed on the remote host is prior to 2.76-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2580 advisory. dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. (CVE-2023-49441) Tenable has extracted the preceding description...

Amazon Linux 2 : ruby (ALASRUBY3.0-2024-008)

The version of ruby installed on the remote host is prior to 3.0.6-156. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY3.0-2024-008 advisory. ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) Tenable has extracted the preceding description block...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before...

CVE-2024-6268

A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The...

CVE-2024-6268

A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The...

CVE-2024-6268 lahirudanushka School Management System Login Page login.php sql injection

A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The...

CVE-2024-6268 lahirudanushka School Management System Login Page login.php sql injection

A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The...

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before...

Fedora 40 : tomcat (2024-c404b99f19)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c404b99f19 advisory. This update includes a rebase from 9.0.83 to 9.0.89. * #2269611 CVE-2024-24549 tomcat:...

XMGoat - Composed of XM Cyber terraform templates that help you learn about common Azure security issues

XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template is a vulnerable environment, with some significant misconfigurations. Your job is to attack and compromise the environments. Here's what to do for each environment: Run...

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...

[SECURITY] Fedora 39 Update: webkitgtk-2.44.2-2.fc39

WebKitGTK is the port of the WebKit web rendering engine to the GTK...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...

SUSE SLES15 Security Update : kernel (Live Patch 47 for SLE 15 SP2) (SUSE-SU-2024:2121-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2121-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_188 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...

SUSE SLES12 Security Update : kernel (Live Patch 56 for SLE 12 SP5) (SUSE-SU-2024:2147-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2147-1 advisory. This update for the Linux Kernel 4.12.14-122_216 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed an...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 41 for SLE 15 SP2) (SUSE-SU-2024:2123-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2123-1 advisory. This update for the Linux Kernel 4.12.14-122_179 fixes several issues. The following security issues were fixed: - CVE-2021-46955:...

SUSE SLES15 Security Update : kernel (Live Patch 43 for SLE 15 SP2) (SUSE-SU-2024:2115-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2115-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_172 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...

FreeBSD : traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability (82830965-3073-11ef-a17d-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 82830965-3073-11ef-a17d-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Azure Identity Libraries...

SUSE SLES15 Security Update : kernel (Live Patch 44 for SLE 15 SP3) (SUSE-SU-2024:2149-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2149-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_191 fixes one issue. The following security issue was fixed: - CVE-2023-1829: Fixed a use-after-free...

SUSE SLES15 Security Update : vte (SUSE-SU-2024:2152-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2152-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory consumption) via a window resize escape....

SUSE SLES15 Security Update : kernel (Live Patch 46 for SLE 15 SP2) (SUSE-SU-2024:2120-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2120-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_183 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...

SUSE SLES15 Security Update : kernel (Live Patch 38 for SLE 15 SP2) (SUSE-SU-2024:2109-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2109-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_157 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...