IBM Concert 加密问题漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an encryption issue vulnerability that stems from a failure to properly enable HTTP Strict Transport Security, which could be...

AlmaLinux 9 : pam (ALSA-2024:11250)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:11250 advisory. pam: libpam: Libpam vulnerable to read hashed password CVE-2024-10041 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Hush Line 安全漏洞

Hush Line is a free open source anonymous tip line service from Science & Design Open Source. A security vulnerability exists in Hush Line version 0.1.0 through versions prior to 0.3.5, which stems from a production server misconfiguration that does not provide any content security policy or...

Fedora 41 : mingw-qt5-qt3d / mingw-qt5-qtactiveqt / mingw-qt5-qtbase / etc (2024-02ccd4daed)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-02ccd4daed advisory. Update to qt-5.15.12. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Unauthorized User Registration Bypass

github.com/zitadel/zitadel is vulnerable to unauthorized user registration bypass. This vulnerability is due to a missing security check when the "User Registration allowed" option is disabled, which hides the registration button but does not block direct access to the registration URL...

ZITADEL 授权问题漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. ZITADEL suffers from an authorization issue vulnerability that stems from a missing security check that allows...

CVE-2024-30122

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers...

Oracle Linux 9 : python3.11 (ELSA-2024-8374)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-8374 advisory. 3.11.7-1.6 - Security fix for CVE-2024-6232 Resolves: RHEL-57411 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 9 : fence-agents (ELSA-2024-6726)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-6726 advisory. 4.10.0-62.5 - bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-49657 Tenable has extracted the preceding description block directly from the Oracle Linux...

Fedora 40 : python3.11 (2024-985017d277)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-985017d277 advisory. Security fix for CVE-2024-8088 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

Fedora 39 : python-setuptools (2024-9ed182a5d3)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9ed182a5d3 advisory. Security fix for CVE-2024-6345. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

SyroTech SY-GPON-1110-WDONT Information Disclosure Vulnerability (CNVD-2024-34377)

The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. The SyroTech SY-GPON-1110-WDONT suffers from an information disclosure vulnerability that stems from a missing security flag in a session cookie associated with the router's web management interface. An attacker could exploit thi...

CGA-PQH2-C7R9-W3C6

Bulletin has no description...

Oracle Linux 9 : buildah (ELSA-2024-4371)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4371 advisory. - rebuild for CVE-2024-1394 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

WordPress Plugin Logo Manager For Enamad Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2024-30119

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

CVE-2024-30119 HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

Rocky Linux 9 : fence-agents (RLSA-2024:3820)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3820 advisory. jinja2: accepts keys containing non-attribute characters CVE-2024-34064 Tenable has extracted the preceding description block directly from the Rocky Linux...

Oracle Linux 9 : less (ELSA-2024-3513)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3513 advisory. - Fix CVE-2024-32487 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

PYSEC-2024-296

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web...