Ubuntu: Security Advisory (USN-6648-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6584-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sql injection

SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in exportskos.php...

USN-6584-2: Libspf2 vulnerabilities

USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS. We apologize for the inconvenience. Original advisory details: Philipp Jeitner and Haya Shulman discovered...

CVE-2024-25249

An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

Cross site scripting

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

CVE-2024-25274

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-22824

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component...

KLA64089 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, gain privileges, obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of...

Security Bulletin: IBM Maximo Application Suite uses traverse-7.20.13.tgz which is vulnerable to CVE-2023-45133

Summary IBM Maximo Application Suite uses traverse-7.20.13.tgz which is vulnerable to CVE-2023-45133. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute arbitrary cod...

SAP ABA Code Injection Vulnerability

SAP ABA Application Basis is an application transaction management system developed by SAP. A code injection vulnerability exists in the SAP ABA Application Basis interface, which can be exploited by a remote attacker to submit a special request that can be used to execute arbitrary code in the...

CVE-2024-25298

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php...

USN-6639-1: Linux kernel (OEM) vulnerabilities

It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to execute arbitrary code on the system [CVE-2023-46604]

Summary Apache ActiveMQ is used by the IBM Datapower Operations Dashboard in its messaging infrastructure. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could all...

Open redirect

Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code...

CVE-2024-24202

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file...

USN-6592-2: libssh vulnerabilities

USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this...

SUSE SLES12: libpmi0 / libslurm31 / perl-slurm / slurm / slurm-auth-none / etc (SUSE-SU-2024:0315-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0315-1 advisory. - CVE-2023-49933: Fixed a message extension attack that could bypass the message hash bsc1218046. - CVE-2023-49936: Fixed a NULL...

SUSE SLES15: libnss_slurm2 / libpmi0 / libslurm35 / perl-slurm / slurm / etc (SUSE-SU-2024:0287-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0287-1 advisory. Security fixes: - CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. bsc1218046 - CVE-2023-49936: Prevent NU...