VICIdial 2.14-917a SQL Injection Vulnerability

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial version 2.14-917a to enumerate database records. By default, VICIdial stores plaintext credentials within the database. Title: VICIdial Unauthenticated SQL Injection Publication URL:...

VICIdial 2.14-917a Remote Code Execution Vulnerability

An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Title: VICIdial Authenticated Remo...

VICIdial Authenticated Remote Code Execution

Vulnerability Details Affected Vendor: VICIdial Affected Product: VICIdial Affected Version: 2.14-917a Platform: GNU/Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' CVE ID: CVE-2024-8504 2. Vulnerability Description An...

ALSA-2024:6510 Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 For mor...

Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 For mor...

RHEL 9 : emacs (RHSA-2024:6510)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6510 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the...

The vulnerability of the 389-ds-base package for Debian GNU/Linux and Red Hat Enterprise Linux systems allows a hacker to trigger a service failure.

The vulnerability of the 389-ds-base package for Debian GNU/Linux and Red Hat Enterprise Linux exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures when changing the userPassword parameter using improperly...

Moderate: Red Hat Security Advisory: wget security update

An update for wget is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Security Bulletin: IBM MQ Appliance is vulnerable to exposure of sensitive information (CVE-2023-5981 and CVE-2024-0533)

Summary IBM MQ Appliance has addressed GNU GnuTLS exposure of sensitive information vulnerabilities. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issue during RSA-PSK key exchange. B...

Moderate: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

RHEL 8 : emacs (RHSA-2024:6203)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6203 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the...

Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2024-2279)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2024-2258)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GNU gettext cross-site scripting vulnerability

GNU gettext is an open source package for writing multilingual programs from the GNU community in the United States. A cross-site scripting vulnerability exists in GNU gettext, which stems from the application's lack of effective filtering and escaping of user-supplied data, and for which no...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-2236)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-2212)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server

Summary GNU Binutils is used by IBM Netezza Performance Server. IBM Netezza Performance Server has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-48063 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an excessive memory consumption vulnerability in t...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-2137)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-9089

Name of the Vulnerable Software and Affected Versions GNU Emacs versions through 30.0.92 Description The issue is related to the elisp-completion-at-point function in GNU Emacs, which can trigger unsafe Lisp macro expansion when used on untrusted Emacs Lisp source code. This allows attackers to...