723 matches found
RHEL 7 : java-11-openjdk (RHSA-2024:0232)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0232 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...
RHEL 8 : java-11-openjdk (RHSA-2024:0234)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0234 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...
libuv: Buffer Overread
Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uvidnatoascii function before reading and manipulating the memory at that address. Impact The overread can resu...
[SECURITY] Fedora 38 Update: python3.12-3.12.1-2.fc38
Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...
libssh: Multiple Vulnerabilities
Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
CVE-2023-48488 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, glibc-minimal-langpack, glibc-common, ncurses-libs and Kubernetes
Summary Multiple issues were identified in Red Hat UBI packages, Kubernetes and go-toolset are fixed and shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2023-4813 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a...
Important: python27
Issue Overview: An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2022-48565 Affected Packages: python27 Issue Correction: Run yum update python27 or yum update...
GLSA-202310-14 : libinput: format string vulnerability when using xf86-input-libinput
The remote host is affected by the vulnerability described in GLSA-202310-14 libinput: format string vulnerability when using xf86-input-libinput - A format string vulnerability was found in libinput CVE-2022-1215 Note that Nessus has not tested for this issue but has instead relied only on the...
Amazon Corretto Java 11.x < 11.0.21.9.1 Vulnerability
The version of Amazon Corretto installed on the remote host is prior to 11 11.0.21.9.1. It is, therefore, affected by a vulnerability as referenced in the corretto-11-2023-Oct-17 advisory. - security-libs/javax.net.ssl CVE-2023-22081 Note that Nessus has not tested for this issue but has instead...
libvpx: Multiple Vulnerabilities
Background libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Description Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
libsndfile: Multiple Vulnerabilities
Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
[SECURITY] Fedora 38 Update: python3.10-3.10.13-1.fc38
Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator
Summary Multiple issues were identified in Red Hat UBI packages systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. IBM has addressed the vulnerabilities. Vulnerability Details...
Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-306)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-306 advisory. Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence. Impact summary: Applications tha...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl-libs, libssh, libarchive, sqlite and go-toolset
Summary Multiple issues were identified in Red Hat UBI packages openssl-libs, libssh, libarchive, sqlite and go-toolset that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images CVE-2020-24736, CVE-2020-29652, CVE-2022-32189, CVE-2023-2283, CVE-2022-36227, CVE-2023-2453...
Malicious code in awell-libs (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f22989168c34b37227bb7bcfe0b03c27cd141f8ec26d34a78a0c0ba06553f881 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
CVE-2023-37276
A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTPS request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting...
WordPress Ninja Libs Amazon SES Plugin <= 0.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Ninja Libs Amazon SES Type Plugin Vulnerable versions = 0.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9135775f08e1 Credits Rafie Muhammad Patchstack...
Amazon Corretto Java 17.x < 17.0.8.7.1 Multiple Vulnerabilities
The version of Amazon Corretto installed on the remote host is prior to 17 17.0.8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2023-Jul-18 advisory. - core-libs/java.net CVE-2023-22006 - core-libs/java.util CVE-2023-22036 - hotspot/compiler...