CVE-2024-8097 Sensitive information exposure when the org.glassfish.admingui LOGGER is set to FINEST level

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server Logging modules allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 befo...

CVE-2024-8097

CVE-2024-8097 affects Payara Server (Logging modules): credentials posted in plain text may be exposed in server logs. Affected versions include 4.1.2.191.0–4.1.2.191.50, 5.20.0–5.67.0, 5.2020.2–5.2022.5, 6.0.0–6.18.0, and 6.2022.1–6.2024.9. Upgrade to fixed releases (e.g., 4.1.2.191.50+, 5.67.0+...

MAL-2024-8836 Malicious code in @warnermediacode/wme-gep-modules-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a4a72f149d9eb6781982bac5c0c9283126ceab07ead60b9298ffb1c9f889ca8a The OpenSSF Package Analysis project identified '@warnermediacode/wme-gep-modules-bundle' @ 99.50.55 npm as malicious. It is considered maliciou...

DEBIAN-CVE-2023-39333

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...

UBUNTU-CVE-2023-39333

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...

CVE-2024-2166

CVE-2024-2166 affects Forcepoint Email Security (Real Time Monitor modules). Root cause: improper neutralization of input during web page generation, leading to a reflected cross-site scripting (XSS) vulnerability. Affected product version: Email Security prior to 8.5.5 HF003. CVSS details from N...

ZZCMS 跨站脚本漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS v.2023 and prior versions, which stems from a phpinfo function that discloses detailed information about the PHP environment, including server configuration, loaded modules, a...

CVE-2024-6119

Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of...

CVE-2024-6119 Possible denial of service in X.509 name checks

Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of...

CVE-2024-6119

Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of...

CVE-2024-6119

Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of...

CVE-2024-6119

OpenSSL CVE-2024-6119 causes a denial of service when applications perform certificate name checks (e.g., TLS server name validation). The issue stems from reading an invalid memory address during name comparison (e.g., otherName in X.509) and may terminate the process. Multiple connected advisor...

Vulnerability in OpenSSL - Possible denial of service in X.509 name checks

Issue summary : Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary : Abnormal termination of an application can a cause a denial o...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-2334)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.0 : openssl (EulerOS-SA-2024-2334)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impac...

EulerOS Virtualization 2.12.1 : openssl (EulerOS-SA-2024-2314)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impac...

SAP /sap/bc/soap/rfc SOAP Service TH_SAPREL Function Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

GO-2024-3085 GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io

GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

SUSE-SU-2024:3048-1 Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059158 fixes several issues. The following security issues were fixed: - CVE-2021-47402: Fixed use-after-free in flwalk bsc1225301 - CVE-2021-47378: Fixed use-after-free by destroying cm id before destroying qp bsc1225202. - CVE-2024-27398: Fixed...

Rockwell Automation 5015 - AENFTXT

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : 5015 - AENFTXT Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service...