DEBIAN-CVE-2024-50226

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report 1, cxltest was updated to register mock memory-devices after the mock root-port/bus device had been...

CBL Mariner 2.0 Security Update: mysql (CVE-2024-2410)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2410 advisory. - The JsonToBinaryStream function is part of the protocol buffers C++ implementation and is used to parse JSON...

CVE-2024-50175

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove usecount guard in stopstreaming The usecount check was introduced so that multiple concurrent Raw Data Interfaces RDIs could be driven by different virtual channels VCs on the CSIPHY input driving the...

FreeBSD : electron32 -- multiple vulnerabilities (96266fc9-1200-43b5-8393-4c51f54bb7bc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 96266fc9-1200-43b5-8393-4c51f54bb7bc advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...

EulerOS 2.0 SP9 : gtk3 (EulerOS-SA-2024-2831)

According to the versions of the gtk3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current...

CVE-2024-50146

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5enetdevchangeprofile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not calling profile-cleanup...

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul URWB Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 CVS score: 10.0, the vulnerability...

Online Shopping Portal dymanic_table.php File Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the scripts parameter of file...

Online Shopping Portal html_table.php File Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of file...

The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome browsers allows a hacker to execute arbitrary code.

The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome is related to insufficient testing of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTML page from a remote location...

Fedora 40 : thunderbird (2024-d1ba38d9a6)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d1ba38d9a6 advisory. Update to 128.4.0 https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/...

Qualys Web Application Scanning (WAS) Recognized as a Leader in 2024 GigaOm Radar Report for Application Security Testing (AST)

In the ever-evolving cybersecurity landscape, securing web applications and APIs is no longer an option—it’s a necessity. As organizations face increasingly complex threats, ensuring the integrity of these digital assets has become paramount. However, it’s easy to feel overwhelmed by the sheer...

CVE-2024-50110

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 skbdatagramiter+0x168/0x1060...

UBUNTU-CVE-2024-50110

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 skbdatagramiter+0x168/0x1060...

Malicious code in @isfe-common/testing-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b0513243009fb3882d731746421fa3effe8a4a86c8cef4d5d6053c63059a4b0e The OpenSSF Package Analysis project identified '@isfe-common/testing-utils' @ 9.5.9 npm as malicious. It is considered malicious because: - The...

MAL-2024-10380 Malicious code in @isfe-common/testing-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4203c75b7ee03f443c2944645689ffff3aefae76e13ac2f7be00545b63c27664 The OpenSSF Package Analysis project identified '@isfe-common/testing-constants' @ 9.2.9 npm as malicious. It is considered malicious because: -...

What goes into testing a ship?

TL;DR Testing a ship involves identifying and mitigating cybersecurity risks using the "Identify, Prevent, Detect, Respond, Recover" framework. Guidelines include MSC.42898, BIMCO, IACS UR E26/E27, and ISO standards. New builds and existing vessels require proper documentation and network securit...

FreeBSD : chromium -- multiple security fixes (e17384ef-c5e8-4b5d-bb62-c13405e7f1f7)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e17384ef-c5e8-4b5d-bb62-c13405e7f1f7 advisory. Chrome Releases reports: This update includes 2 security fixes: Tenable has extracted the...

CVE-2024-9191

The CVE concerns Okta Verify on Windows where the Device Access feature exposes the OktaDeviceAccessPipe, enabling a compromised device user to retrieve passwords for Desktop MFA passwordless logins. Affected component: Okta Verify agent for Windows with Okta Device Access passwordless feature en...

CVE-2024-9191

The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine...