CVE-2024-34001

CVE-2024-34001 corresponds to a Moodle CSRF risk in the admin preset tool management of presets, arising from a missing token in actions performed by admins. The issue is documented across multiple sources (NVD/GHSA/OSV) and is described as a CSRF vulnerability without details about affected Mood...

New! Insight Agent Support for ARM-based Windows in InsightVM

We are pleased to introduce Insight Agent support of ARM-based Windows 11 devices for both vulnerability and policy assessment within InsightVM. Customers with Windows 11 devices powered by ARM processors can now take advantage of the great performance and lower power requirements of these chips...

[SECURITY] Fedora 40 Update: zeal-0.7.0-10.fc40

Zeal is a simple offline documentation browser inspired by Dash...

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

openSUSE 15 Security Update : cJSON (openSUSE-SU-2024:0139-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0139-1 advisory. - Update to 1.7.18: CVE-2024-31755: NULL pointer dereference via cJSONSetValuestring boo1223420 Remove non-functional list handling of compiler...

CVE-2023-52743

In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQMEMRECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning in checkflushdependency is being triggered. This is due to ice driver workqueue being allocated with the WQMEMRECLAIM flag a...

CVE-2021-47413

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle which is the recommended way according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt the...

SUSE-SU-2024:1703-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: PostgreSQL upgrade to version 14.12 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 1...

OPENSUSE-SU-2024:0130-1 Security update for git-cliff

This update for git-cliff fixes the following issues: - update to 2.2.2: changelog Allow adding custom context changelog Ignore empty lines when using splitcommits parser Allow matching empty commit body Documentation updates - update to 2.2.1: Make rendering errors more verbose Support detecting...

GHSA-CG84-55JX-4237 eZ Platform Password reset vulnerability

This Security Update fixes a severe vulnerability in the eZ Platform Admin UI, and we recommend that you install it as soon as possible. It affects eZ Platform 2.x. The functionality for resetting a forgotten password is vulnerable to brute force attack. Depending on configuration and other...

How to Enable Logging for Citrix Director

This article contains information about logging for Citrix Director. To learn about Citrix Director, please visit Citrix Documentation -Director...

AZL-40523 CVE-2024-27281 affecting package ruby for versions less than 3.3.3-1

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

UBUNTU-CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

An issue was discovered in RDoc 6.3.3 through 6.6.2 as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users a fixed version is rdoc 6.5.1.1.

...

CVE-2024-4761

creationtimestamp| type| source ---|---|--- 2024-05-14 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1288 2024-05-14 11:47:02+00:00| exploited| https://t.me/itsecnews/4426 2024-05-14 12:13:04+00:00| seen| https://t.me/truesecator/5729 2024-05-14 14:15:15+00:00| exploited...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

RHEL 7 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - tomcat: HTTP request smuggli...

K000139577: Node.js vulnerability CVE-2024-21890

Security Advisory Description The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading...

CVE-2024-34346

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...