Scalance X307-2 Eec (2x 24v, Coated) Security Vulnerabilities

Security Bulletin: Vulnerability in Node.js affects IBM Process Mining CVE-2024-28849

Summary There is a vulnerability in Node.js that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects IBM Process Mining CVE-2024-22262

Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow a remote attacker to conduct phishing attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:....

Security Bulletin: Vulnerability in Gunicorn affects IBM Process Mining CVE-2024-1135

Summary There is a vulnerability in Gunicorn that could allow an attacker to conduct XSS attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION:...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-29857

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause excessive CPU consumption on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details.....

Security Bulletin: Vulnerability in sqlparse affects IBM Process Mining CVE-2024-4340

Summary There is a vulnerability in sqlparse that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-4340 .....

Security Bulletin: Vulnerability in Pallets Werkzeug affects IBM Process Mining CVE-2024-34069

Summary There is a vulnerability in Pallets Werkzeug that could allow an attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-34069 ...

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...

Exploit for CVE-2024-34102

🇮🇱 **#BringThemHome...

CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version...

Glastonbury ticket hijack vulnerability fixed

The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue? An attacker could scrape collaborative ticket buying websites (e.g. Reddit) to gather people’s details, use a flaw in the registration process and session.....

Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven't revised their security...

CVE-2024-37282

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated...

CVE-2024-37282

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated...

CVE-2024-37282

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated...

Security Bulletin: Denial of service and password enumeration might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2023-45288, CVE-2024-25031, CVE-2024-38322, CVE-2024-33883. Vulnerability Details ** CVEID: CVE-2023-45288 ...

Name confusion in x509 Subject Alternative Name fields

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host...

Name confusion in x509 Subject Alternative Name fields

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host...

AlmaLinux 9 : pki-core (ALSA-2024:4165)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4165 advisory. * dogtag ca: token authentication bypass vulnerability (CVE-2023-4727) Tenable has extracted the preceding description block directly from the AlmaLinux security...

EulerOS 2.0 SP12 : iSulad (EulerOS-SA-2024-1872)

According to the versions of the iSulad package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use...

EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2024-1867)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless...

EulerOS 2.0 SP12 : less (EulerOS-SA-2024-1860)

According to the versions of the less package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.(CVE-2022-48624) Tenable has extracted the preceding description.....

EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-1850)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1859)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2024-1861)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and...

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2024-1869)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2024-1853)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2024-1875)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and...

Oracle Linux 9 : pki-core (ELSA-2024-4165)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4165 advisory. [11.5.0-2.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.5.0-2] - RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass.....

Intel Chipset Device Software May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

EulerOS 2.0 SP12 : grub2 (EulerOS-SA-2024-1871)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a temporary file...

Ivanti Endpoint Manager Mobile < 11.11.0.0 Authentication Bypass

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, versions before 11.11.0.0 suffer from an authentication bypass vulnerability, allowing unauthorized users to access restricted functionality or resources of the application without proper...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : CUPS regression (USN-6844-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-2 advisory. USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan regression (USN-6851-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-2 advisory. USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2024-1856)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of...

EulerOS 2.0 SP12 : expat (EulerOS-SA-2024-1854)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426) Tenable has extracted the...

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1852)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

EulerOS 2.0 SP12 : grub2 (EulerOS-SA-2024-1857)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a temporary file...

VMware ESXi 7.0 / 8.0 Authenticaton Bypass (CVE-2024-37085)

The version of VMware ESXi installed on the remote host is prior to 8.0 Update 3. It is, therefore, affected by an authentication bypass vulnerability as referenced in the VMSA-2024-0013 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's...

EulerOS 2.0 SP12 : iSulad (EulerOS-SA-2024-1858)

According to the versions of the iSulad package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use...

EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-1863)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a...

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1866)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

EulerOS 2.0 SP12 : expat (EulerOS-SA-2024-1868)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426) Tenable has extracted the...

EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1862)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications...

Ubuntu: Security Advisory (USN-6852-2)

The remote host is missing an update for...

EulerOS 2.0 SP12 : less (EulerOS-SA-2024-1874)

According to the versions of the less package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.(CVE-2022-48624) Tenable has extracted the preceding description.....

EulerOS 2.0 SP12 : dnsmasq (EulerOS-SA-2024-1865)

According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial...

EulerOS 2.0 SP12 : dnsmasq (EulerOS-SA-2024-1851)

According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial...

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2024-1855)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-1877)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a...

EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-1864)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service...