RHEL 9 : firefox (RHSA-2024:1483)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1483 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CentOS 7 : firefox (RHSA-2024:1486)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1486 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

RHEL 8 : thunderbird (RHSA-2024:1499)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1499 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss:...

Debian dla-3769 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3769 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3769-1 [email protected]...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:0971-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0971-1 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attack...

CVE-2024-2773

A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2024-27933

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

CVE-2024-1811

A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited...

curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS

The Curl library had a security vulnerability where the certificate name check was bypassed when connecting to a host via its IP address. This could have potentially introduced spoofing attacks or unauthorized access due to unverified server certificate. The issue affected Curl with MbedTLS from...

EulerOS 2.0 SP10 : mozjs60 (EulerOS-SA-2024-1341)

According to the versions of the mozjs60 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable cras...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1296)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Debian dla-3757 : libnss3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3757 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3757-1 [email protected]...

SWFTools Denial of Service Vulnerability (CNVD-2024-37468)

SWFTools is a set of utilities for working with Adobe Flash files SWF files. A denial of service vulnerability exists in SWFTools version v0.9.2, which stems from an overlapping strcpy parameter in component /home/swftools/src/swfc+0x448318a. An attacker can exploit this vulnerability to cause a...

K000138851: OpenJDK vulnerabilities CVE-2024-20921, CVE-2024-20926, and CVE-2024-20932

Security Advisory Description CVE-2024-20921 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle...

Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

GHSA-5J5R-6MV9-M255 Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure Build Monitor Views...

*const c_void / ExternalPointer unsoundness leading to use-after-free

Summary Use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Details const cvoid and ExternalPointer defined via external! macros types are used to represent v8::External wrapping arbitrary void...

GHSA-3J27-563V-28WF *const c_void / ExternalPointer unsoundness leading to use-after-free

Summary Use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Details const cvoid and ExternalPointer defined via external! macros types are used to represent v8::External wrapping arbitrary void...