EulerOS Virtualization 2.11.1 : openssl (EulerOS-SA-2024-2160)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Use After Free with SSLfreebuffersCVE-2024-4741 Issue summary: Some non-default TLS server configurations can cause unbounded memo...

EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2024-2185)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Use After Free with SSLfreebuffersCVE-2024-4741 Issue summary: Some non-default TLS server configurations can cause unbounded memo...

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2024-2223)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An...

Amazon Linux 2 : openssl (ALAS-2024-2604)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2604 advisory. Issue summary: Calling the OpenSSL API function SSLselectnextproto with anempty supported client protocols buffer may cause a cra...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-21803)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21803 advisory. - Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local...

SAP Document Builder 安全漏洞

SAP Document Builder is a content-driven cross-application solution from SAP. An authorization issue vulnerability exists in SAP Document Builder that stems from not performing required authorization checks for certain modules. An attacker could exploit the vulnerability to cause unauthorized...

CVE-2024-39473

...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )

Summary Nginx is used by IBM Cloud Pak for Data as part of the web interface. CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods o...

kernel: inet: inet_defrag: prevent sk release while still in use

In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass skb-sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be...

CVE-2024-42241 mm/shmem: disable PMD-sized page cache if needed

In the Linux kernel, the following vulnerability has been resolved: mm/shmem: disable PMD-sized page cache if needed For shmem files, it's possible that PMD-sized page cache can't be supported by xarray. For example, 512MB page cache on ARM64 when the base page size is 64KB can't be supported by...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-2076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GO-2024-3007 snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd

snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

SUSE CVE-1999-0342

Linux PAM modules allow local users to gain root access using temporary files...

EulerOS 2.0 SP5 : openssl (EulerOS-SA-2024-2072)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

Microweber Cross Site Scripting (XSS) vulnerability

Microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

GHSA-HF66-XFGJ-42G8 Microweber Cross Site Scripting (XSS) vulnerability

Microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\tags\addtaggingtagged.php...

CVE-2024-41380

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\tags\addtaggingtagged.php...

CVE-2024-41381

CVE-2024-41381 affects microweber 2.0.16. The vulnerability is a Cross-Site Scripting (XSS) in the file userfiles/modules/settings/admin.php, arising from insufficient input filtering/escaping. Evidence across multiple sources (NVD/Red Hat/CNVD/Veracode/GHSA/OSV) describes an XSS risk targeting a...

CVE-2024-41381

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

CVE-2024-41380

Microweber 2.0.16 contains a Cross Site Scripting (XSS) vulnerability in the file path userfiles/modules/tags/add_tagging_tagged.php, caused by insufficient input validation/escaping of user-supplied data. Affected component: add_tagging_tagged.php within the tags module. Impact is described as X...