UBUNTU-CVE-2024-51755

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...

Improper Authorization

Overview symfony/security-bundle is a security bundle for Symfony. Affected versions of this package are vulnerable to Improper Authorization in the createFirewall function in SecurityExtension.php, which does not apply userchecker during programmatic login. Remediation Upgrade...

RHEL 7 : Red Hat Enterprise Linux OpenStack Platform Installer update (Important) (RHSA-2015:0791)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0791 advisory. Red Hat Enterprise OpenStack Platform Installer is a deployment management tool. It provides a web user interface for managing the installation and...

RHEL 6 : openstack-packstack and openstack-puppet-modules update (Important) (RHSA-2015:0832)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0832 advisory. PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either...

RHEL 6 : openstack-swift (RHSA-2013:1197)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1197 advisory. OpenStack Swift http://swift.openstack.org is a highly available, distributed, eventually consistent object/blob store. A denial of service flaw in...

RHEL 6 : openstack-swift (RHSA-2014:0367)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0367 advisory. OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The...

RHEL 7 : python-django (RHSA-2016:0129)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0129 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...

RHEL 7 : qemu-kvm-rhev (RHSA-2015:0643)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0643 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the...

RHEL 6 : mariadb-galera (RHSA-2014:1937)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1937 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master clust...

SUSE CVE-2024-38365

btcd is an alternative full node bitcoin implementation written in Go golang. The btcd Bitcoin client versions 0.10 to 0.24 did not correctly re-implement Bitcoin Core's "FindAndDelete" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can...

PT-2024-30336 · Unknown · Amp For Wp

Name of the Vulnerable Software and Affected Versions: AMP for WP versions 1.0.96.1 and earlier Description: The issue affects AMP for WP due to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions...

PT-2024-30818 · Unknown · Memberpress

Name of the Vulnerable Software and Affected Versions: Memberpress versions 1.11.34 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 1.11.34 and earlier,...

PT-2024-34630 · Ethereum · Ethereum

Name of the Vulnerable Software and Affected Versions: PepeGxng smart contract affected versions not specified Ethereum version 1.12.2 Description: An issue in the PepeGxng smart contract, which can be run on the Ethereum blockchain, allows remote attackers to have an unspecified impact via the...

PT-2024-24326 · Engenius · Engenius Esr580

Name of the Vulnerable Software and Affected Versions: EnGenius ESR580 A8J-EMR5000 devices affected versions not specified Description: The issue allows a remote attacker to conduct stored XSS attacks, potentially leading to arbitrary JavaScript code execution under the context of the user's...

PT-2024-34279 · Unknown · Cozy Blocks

Name of the Vulnerable Software and Affected Versions: Cozy Blocks versions 2.0.18 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For version...

OESA-2024-2299 jetty security update

%global desc \ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content...

OESA-2024-2298 jetty security update

%global desc \ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content...

PT-2024-33431 · Unknown · Cooked Pro

Name of the Vulnerable Software and Affected Versions: Cooked Pro versions prior to 1.8.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. This problem involves CSRF attacks. Recommendations: For versions prior to 1.8.0, update to...

Malicious code in down-lo-ad-now-zip-mp3-7514-tapestry-fqgk2-jvvwtn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e313ea5904ea6421f91d9c6bd2eec5d8a7571283640ee280aa882e8eb90fa44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-G77X-44XX-532M Denial of Service condition in Next.js image optimization

Impact The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Not affected: - The next.config.js file is configured with images.unoptimized set to true or images.loader set to...