OESA-2024-1590 sane-backends security update

SANE Scanner Access Now Easy is a sane and simple interface to both local and networked scanners and other image acquisition devices like digital still and video cameras. Security Fixes: An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the...

EulerOS Virtualization 3.0.6.0 : python-configobj (EulerOS-SA-2024-1699)

According to the versions of the python-configobj packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...

EulerOS Virtualization 3.0.6.6 : python-configobj (EulerOS-SA-2024-1664)

According to the versions of the python-configobj package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...

CVE-2023-48643

Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...

CVE-2023-48643

Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...

PT-2024-13615 · Shrubbery · Tac Plus

Name of the Vulnerable Software and Affected Versions: Shrubbery tac plus versions 2.x through 4.x and versions up to F4.0.4.28 Description: The issue allows unauthenticated Remote Command Execution. It is caused by the product's ability to configure authorization checks as shell commands through...

PT-2024-10931 · Unknown · Nats Server

Name of the Vulnerable Software and Affected Versions: nats-server versions prior to 2.2.3 Description: The issue concerns cryptographic problems in the nats-server, where the use of CLI flags to set TLS parameters overrides the default restricted ciphersuite settings, potentially allowing client...

CVE-2023-32173

Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the...

PT-2024-4479 · Westermo · Westermo Edw-100

Name of the Vulnerable Software and Affected Versions: Westermo EDW-100 devices through 2024-05-03 Description: The issue is related to the storage of a password in cleartext in a configuration file. An unauthenticated user can download this configuration file, potentially revealing the username...

GHSA-94PR-W968-H923 Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file jenkinsci.plugins.telegrambot.TelegramBotGlobalConfiguration.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

CVE-2024-34147

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2024-34147

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2024-28893

Certain HP software packages SoftPaqs are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages SoftPaqs...

CVE-2024-28893

CVE-2024-28893 affects HP SoftPaqs. The issue enables potential arbitrary code execution when a SoftPaq configuration file is modified after extraction, as described by HP’s advisory. The underlying impact is high with local attack vector, requiring user interaction and elevated privileges, and c...

CVE-2024-23336

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery SSRF vulnerability. The Configuration File's Disallowed Remote Addresses list $config'disallowedremoteaddresses'...

CVE-2024-23336 Incomplete disallowed remote addresses list in MyBB

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery SSRF vulnerability. The Configuration File's Disallowed Remote Addresses list $config'disallowedremoteaddresses'...

CVE-2024-3623 Mirror-registry: default database secret key stored in plain-text on initial configuration file

A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. Th...

HP Software Packages (SoftPaqs) – Potential Escalation of Privilege

Certain HP software packages SoftPaqs are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages SoftPaqs. HP has provided updated software packages SoftPaqs available from our website...

CBL Mariner 2.0 Security Update: cups (CVE-2023-32324)

The version of cups installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32324 advisory. - OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow...

Moderate: Red Hat Security Advisory: rhc-worker-script security and enhancement update

An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...