CVE-2024-56800

Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...

CVE-2024-55946

Summary (CVE-2024-55946): Playloom Engine (Engine Beta v0.0.1) has a data-storage privacy vulnerability in collaboration features, risking exposure of personal information entered by users when collaborating with others. The issue is being addressed by temporarily disabling the collaboration feat...

CVE-2024-55946 Playloom Engine Data Storage Vulnerability

Playloom Engine is an open-source, high-performance game development engine. Engine Beta v0.0.1 has a security vulnerability related to data storage, specifically when using the collaboration features. When collaborating with another user, they may have access to personal information you have...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-47699)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47699 advisory. - In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential null-ptr-deref in...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-49949)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49949 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in...

CVE-2024-36621 affecting package moby-engine for versions less than 25.0.3-8

CVE-2024-36621 affecting package moby-engine for versions less than 25.0.3-8. A patched version of the package is available...

Defense-in-Depth Security Updates for Microsoft Project (December 2024)

The Microsoft Project products are missing defense-in-depth security updates to help improve security-related features. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

Security Updates for Microsoft Excel Products (December 2024)

The Microsoft Excel Products are missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-49069 Note that Nessus has no...

OESA-2024-2490 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic

Name: ASA-2024-010: Mismatched bit-length in sdk.Int and sdk.Dec can lead to panic Component: Cosmos SDK / Math Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmossdk.io/math package versions !NOTE When on a lower version than cosmossdk.io/math...

Oracle Linux 8 : python3.12 (ELSA-2024-8836)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-8836 advisory. 3.12.6-1 - Update to 3.12.6 Resolves: RHEL-57405 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note th...

Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001361 fixes several issues. The following security issues were fixed: CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808...

UBUNTU-CVE-2024-49761

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...

Multiple SQL injection vulnerabilities in Trend Micro Deep Discovery Inspector

Overview Trend Micro Incorporated has released a security update for Trend Micro Deep Discovery Inspector. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Information disclosure due to multiple SQL injection vulnerabilities...

AZL-50646 CVE-2024-47756 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix if-statement expression in kspciequirk This code accidentally uses && where || was intended. It potentially results in a NULL dereference. Thus, fix the if-statement expression to use the correct condition...

PT-2024-39595 · WordPress · Bulk Images Optimizer

Name of the Vulnerable Software and Affected Versions: The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to a missing capability check on the save configuration function, allowing...

GHSA-68J8-FP38-P48Q Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack

Impact The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a Server Side...

PT-2024-28346 · Unknown · Smart Tyre Car & Bike

Name of the Vulnerable Software and Affected Versions: SMART TYRE CAR & BIKE version 4.2.0 Description: The issue allows attackers to perform a man-in-the-middle attack via Bluetooth communications. Recommendations: For SMART TYRE CAR & BIKE version 4.2.0, consider disabling Bluetooth...

Release Information for Veeam Backup for Microsoft Azure 7 Cumulative Patches

Requirements Please confirm that you are running version Veeam Backup for Microsoft Azure v7 build 7.0.0.467 or later before upgrading. You can find the currently installed build number Product version in the About section under Configuration | Support Information | Updates. After installing Veea...

Vulnerability fixed in Sonicwall SonicOS

Sonicwall has fixed a vulnerability in SonicOS for Gen5, Gen6 and Gen7 firewalls. The vulnerability is located in the management interface and SSLVPN and allows a malicious party to cause a Denial-of-Service and potentially access and modify system data. The NCSC is receiving signals from trusted...