160 matches found
Fedora 40 : firefox (2024-db72f480e8)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-db72f480e8 advisory. - New upstream version 131.0.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2024-0066)
The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - It was possible to construct specific XSLT markup that woul...
Fedora 39 : xrdp (2024-41c1bf8de6)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-41c1bf8de6 advisory. Release notes for xrdp v0.10.1 2024/07/31 General announcements A clipboard bugfix included in this release is sponsored by Krmer Pferdesport GmbH & Co KG. W...
NVIDIA CUDA Toolkit < 12.6 (July 2024)
The version of NVIDIA CUDA Toolkit installed on the remote host is prior to 12.6. It is, therefore, affected by a denial of service vulnerability as referenced in the July 2024 advisory. An unauthenticated, local attacker, can exploit this, by deceiving a user into reading a malformed ELF file, t...
AlmaLinux 8 : nghttp2 (ALSA-2024:4252)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4252 advisory. nghttp2: CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Ness...
Fedora 39 : python3.6 (2024-18b9c9b9cf)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-18b9c9b9cf advisory. Security fix for CVE-2024-0450 and CVE-2023-6597 Tenable has extracted the preceding description block directly from the Fedora security advisory...
Jira - CVE-2024-22243
h3. Issue Summary We have several Customers waiting for a response about the vulnerability CVE-2024-22243|https://nvd.nist.gov/vuln/detail/CVE-2024-22243, if it affects Atlassian products, in particular, Jira Data Center. h3. Steps to Reproduce Run Generic Security Scan Tool h3. Expected Results...
BIT-GITLAB-2023-5009 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
Microsoft Azure Detected
This is an informational notice that the scanner was able to detect that the target application is using a Microsoft Azure service. No source data...
OpenCMS Unauthenticated XXE Vulnerability (CVE-2023-42344)
OpenCms is a popular open-source Java framework developed by Alkacon Software. OpenCms provides a platform for users to design and develop web applications. The latest version of the framework is 16.0. About CVE-2023-42344 CVE-2023-42344 is a critical vulnerability where users can execute code...
Associated Press, ESPN, CBS among top sites serving fake virus alerts
ScamClub is a threat actor whos been involved in malvertising activities since 2018. Chances are you probably ran into one of their online scams on your mobile device. Confiant, the firm that has tracked ScamClub for years, released a comprehensive report in September while also disrupting their...
Security & Malware scan by CleanTalk < 2.121 - IP Spoofing
Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection. PoC Send 5 invalid login requests and thus block the IP address. POST /wp-login.php HTTP/1.1 Host: localhost...
CVE-2023-3932
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan...
GitLab Releases Urgent Security Patches for Critical Vulnerability
GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 CVSS score: 9.6, impacts all versions of GitLab Enterprise Edition EE starting from 13.12 and prior to 16.2.7 as well as from 16.3 and befor...
CVE-2023-5009
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
Design/Logic Flaw
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
CVE-2023-5009 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
CVE-2023-5009
CVE-2023-5009 affects GitLab EE versions 13.12–before 16.2.7 and 16.3–before 16.3.4. An attacker could run pipeline jobs as an arbitrary user via scheduled security scan policies, bypassing CVE-2023-3932 and adding impact. The issue is described as a bypass of CVE-2023-3932 with additional impact...
CVE-2023-5009 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
CVE-2023-5009 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...