NewStart CGSL MAIN 6.06 : openssh Vulnerability (NS-SA-2024-1004)

The remote NewStart CGSL host, running version MAIN 6.06, has openssh packages installed that are affected by a vulnerability: - openssh: A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe...

SUSE SLES15: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2024:3160-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3160-1 advisory. - Upgrade to 14.13 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc122901...

SUSE SLES15: postgresql12 / postgresql12-contrib / postgresql12-devel / etc (SUSE-SU-2024:3153-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3153-1 advisory. - Upgrade to 12.20 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc122901...

SUSE SLES15: postgresql15 / postgresql15-contrib / postgresql15-devel / etc (SUSE-SU-2024:3158-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3158-1 advisory. - Upgrade to 15.8 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2024:3163-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3163-1 advisory. - CVE-2023-35946: Fixed a dependency issue leading the cache to write files into an unintended location...

FreeBSD : forgejo -- multiple vulnerabilities (a5e13973-6c75-11ef-858b-23eeba13701a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a5e13973-6c75-11ef-858b-23eeba13701a advisory. - Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, y...

SUSE SLED15: libecpg6 / libecpg6-32bit / libpq5 / libpq5-32bit / postgresql16 / etc (SUSE-SU-2024:3159-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3159-1 advisory. - Upgrade to 16.4 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump...

Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip

😈 SPIP BigUp Unauthenticated RCE Exploit 😈 📜 Description...

Flowise < 2.0.6 Authentication Bypass

Flowise versions prior to 2.0.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST API. No source data...

Nginx 1.27.0 Buffer Over-read

According to its Server response header, the installed version of nginx is 1.5.13 to 1.26.2 or 1.27.0. It is, therefore, affected by a security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file...

Nginx 1.5.13 < 1.26.2 Buffer Over-read

According to its Server response header, the installed version of nginx is 1.5.13 to 1.26.2 or 1.27.0. It is, therefore, affected by a security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file...

F5 Networks BIG-IP : libarchive vulnerability (K000140963)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140963 advisory. An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access contro...

Jupyterlab Python Library < 3.6.8 / 4.0 < 4.2.5 (CVE-2024-43805)

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...

Cisco Identity Services Engine Command Injection (cisco-sa-ise-injection-6kn9tSxm)

According to its self-reported version, Cisco Identity Services Engine Command Injection is affected by a vulnerability. - A vulnerability in specific CLI commands in Cisco Identity Services Engine ISE could allow an authenticated, local attacker to perform command injection attacks on the...

Jupyter Notebook Python Library 7.0.0 < 7.2.2 (CVE-2024-43805)

Jupyter Notebook is an extensible environment for interactive and reproducible computing. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked...

ABB Freelance AC 900F and AC 700F Numeric Range Comparison Without Minimum Check (CVE-2023-0425)

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

IBM MQ 9.1 < 9.1.0.23 LTS / 9.2 < 9.2.0.27 LTS / 9.3 < 9.3.0.21 LTS / 9.3 < 9.4 CD / 9.4 < 9.4.0.5 LTS (7167208)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7167208 advisory. - IBM MQ could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. CVE-2024-40681 No...

Mozilla Thunderbird < 128.2

The version of Thunderbird installed on the remote Windows host is prior to 128.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-43 advisory. - Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers c...

Kingsoft WPS Office Installed (Windows)

Binary data kingsoftwpsofficewininstalled.nbin...