CVE-2024-2743 Incorrect Authorization in GitLab

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...

CVE-2024-2743 Incorrect Authorization in GitLab

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...

GitLab 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-8311)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

PT-2024-21894 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab-EE versions 13.3 through 17.1.7 GitLab-EE versions 17.2 through 17.2.5 GitLab-EE versions 17.3 through 17.3.2 Description: An issue was discovered in GitLab-EE that would allow an attacker to modify an on-demand DAST scan without...

GitLab 13.3 < 17.1.7 / 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-2743)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without...

NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2024-0066)

The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - It was possible to construct specific XSLT markup that woul...

PT-2024-21871 · Samsung · Exynos

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 980, 850, 1280, 1380, and 1330 Description: An issue was discovered in the function slsi get scan extra ies, where there is no input validation check on default ies coming from userspace, which can lea...

The vulnerability of the scanning function for web interface ports in the Roxy-WI server management solutions Haproxy, Nginx, Apache, and Keepalived allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the scanning function of the Roxy-WI web interface for Haproxy, Nginx, Apache, and Keepalived exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges by sendi...

Fedora 40 : thunderbird (2024-a27e8b69a0)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a27e8b69a0 advisory. Update to 128.2.0 https://www.thunderbird.net/en-US/thunderbird/128.2.0esr/releasenotes/ Tenable has extracted the preceding description block...

PT-2024-8676 · Trend Micro · Trend Micro Antivirus

Name of the Vulnerable Software and Affected Versions: Trend Micro Antivirus One versions 3.10.4 and below Description: The issue is related to insufficient input validation, which could allow an attacker to bypass virus scan detection using a specifically crafted virus. This could potentially be...

EtherPAD Duo Login Bruteforce Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EtherPAD Duo Login Bruteforce Utility', 'Description' = % This module scans for EtherPAD Duo login portal, and performs a login bruteforce attack...

TCP SYN Port Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TCP SYN Port Scanner', 'Description' = %q Enumerate open TCP services using a raw SYN scan. , 'Author' = 'kris katterjohn', 'License' = MSFLICENS...

Juniper SSH Backdoor Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' class MetasploitModule 'Juniper SSH Backdoor Scanner', 'Description' = %q This module scans for the Juniper SSH backdoor also valid on Telnet. Any...

PocketPAD Login Bruteforce Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PocketPAD Login Bruteforce Force Utility', 'Description' = % This module scans for PocketPAD login portal, and performs a login bruteforce attack...

Tomcat UTF-8 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tomcat UTF-8 Directory Traversal Vulnerability', 'Description' = %q This module tests whether a directory traversal vulnerability is present in...

GHSA-9CFV-9463-8GQV freewvs vulnerable to denial of service through large files

Impact A user could create a large file that freewvs will try to read, which will terminate a scan process. Patches This has been patched by limiting the data freewvs reads: https://github.com/schokokeksorg/freewvs/commit/18bbf2043e53f69e0119d24f8ae4edb274afb9b2...

freewvs's nested directory structure can interrupt scan

Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...

GHSA-7PMH-VRWW-25XX freewvs's nested directory structure can interrupt scan

Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...

Fedora 40 : webkit2gtk4.0 (2024-1f1c0537d3)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1f1c0537d3 advisory. Update to 2.44.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

August 27, 2024—KB5041587 (OS Builds 22621.4112 and 22631.4112) Preview

August 27, 2024—KB5041587 OS Builds 22621.4112 and 22631.4112 Preview 07/09/24---END OF SERVICE NOTICE ---IMPORTANT Home and Pro editions of Windows 11, version 22H2 will reach end of service on October 8, 2024. Until then, these editions will only receive security updates. They will not receive...