Security Updates for Azure CLI (November 2023)

The Azure CLI is missing security updates. It is, therefore, affected by an Information Disclosure vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'...

Metasploit Weekly Wrap-Up

Apache MQ and Three Cisco Modules in a Trenchcoat This week’s release has a lot of new content and features modules targeting two major recent vulnerabilities that got a great deal of attention: CVE-2023-46604 targeting Apache MQ resulting in ransomware deployment and CVE-2023-20198 targeting Cis...

Cisco IOX XE unauthenticated Command Line Interface Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated Command Line Interface CLI execution', 'Description' = %q This module leverages CVE-2023-20198 against vulnerable...

esp-flasher (>=1.1.1 <=1.1.2), esphome (>=1.12.0 <=2023.12.9) +15 more potentially affected by CVE-2023-46894 via esptool (>=2.6.0 <=4.6.2)

esptool PYPI version =2.6.0, =1.1.1, =1.12.0, =1.1.0, =0.1.0, =0.1.0, =1.0.106, =1.19.0, =1.20.3, =0.2.0, =0.1.1.dev1, =0.6.0, =0.1.0, =0.24.0, =1.0.3, =1.0.1, =1.0.180 and more Source cves: CVE-2023-46894 Source advisory: OSV:GHSA-3F38-96QM-R3FW...

SUSE-SU-2023:4387-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to prevent testsuite fails - Improve salt.utils.json.findjson to avoid fails bsc1213293 - Use salt-call from sal...

[SECURITY] Fedora 39 Update: podman-4.7.2-1.fc39

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

NewStart CGSL MAIN 6.06 : containerd.io Multiple Vulnerabilities (NS-SA-2023-0139)

The remote NewStart CGSL host, running version MAIN 6.06, has containerd.io packages installed that are affected by multiple vulnerabilities: - runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes...

Cisco IOX XE unauthenticated Command Line Interface (CLI) execution

This module leverages CVE-2023-20198 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute arbitrary CLI commands with privilege level 15. You must specify the IOS command mode to execute a CLI command in. Valid modes are user, privileged, and...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.11.53 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.42 security and extras update

Red Hat OpenShift Container Platform release 4.12.42 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: openshift-pipelines-client security update

An update for openshift-pipelines-client is now available for OpenShift-Pipelines-1.11-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : runc (RHSA-2023:6380)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6380 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...

Rocky Linux 8 : nodejs:10 (RLSA-2021:0548)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0548 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...

[SECURITY] Fedora 38 Update: podman-4.7.2-1.fc38

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Rocky Linux 8 : nodejs:10 (RLSA-2020:0579)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:0579 advisory. - Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate CVE-2019-15604 - HTTP...

Rocky Linux 8 : nodejs:12 (RLSA-2020:4272)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4272 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2023-405)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-405 advisory. RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file CVE-2023-5371 Tenable has extracted the preceding...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.30.2 security update

Red Hat OpenShift Serverless 1.30.2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

CVE-2022-4900

A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...