CVE-2024-38508

Lenovo XClarity Controller (XCC) web interface or SSH captive command shell interface contains a privilege-escalation vulnerability (CVE-2024-38508). An authenticated XCC user with elevated privileges can perform arbitrary code execution by sending a specially crafted request. IBM’s advisory for ...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-2067)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-31970

AdTran SRG 834-5 HDC17600021F1 devices with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1 have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with...

CVE-2024-39345

AdTran 834-5 HDC17600021F1 SmartOS 11.1.1.1 devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final...

CVE-2024-39345

AdTran 834-5 HDC17600021F1 SmartOS 11.1.1.1 devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final...

CVE-2024-39345

AdTran 834-5 HDC17600021F1 SmartOS 11.1.1.1 devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final...

CVE-2024-31970

The CVE-2024-31970 entry concerns AdTran SRG 834-5 HDC17600021F1 devices running SmartOS prior to 12.1.3.1. The root cause is hardcoded SSH credentials (admin/admin) used during a setup window, granting root-level privileges and enabling an attacker to modify the admin account or create a new one...

CVE-2024-31970

AdTran SRG 834-5 HDC17600021F1 devices with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1 have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with...

CVE-2024-39345

The CVE-2024-39345 issue affects AdTran 834-5 HDC17600021F1 devices running SmartOS 11.1.1.1, with a hidden, undocumented hard-coded support account whose password derives from the device MAC. Because all internet-facing interfaces share similar MACs differing only in the final octet, an attacker...

CVE-2024-39345

AdTran 834-5 HDC17600021F1 SmartOS 11.1.1.1 devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final...

CVE-2024-31970

AdTran SRG 834-5 HDC17600021F1 devices with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1 have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with...

Photon OS 5.0: Gnutls PHSA-2024-5.0-0182

An update of the gnutls package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0182. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, t...

Photon OS 2.0: Openssh PHSA-2019-2.0-0159

An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0159. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EulerOS 2.0 SP8 : tigervnc (EulerOS-SA-2024-2062)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some...

Photon OS 3.0: Linux PHSA-2020-3.0-0152

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0152. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

OESA-2024-1870 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...

Oracle MySQL Cluster (Jul 2024 CPU)

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.37 and prior and 8.4.0...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.15.3 Images security update

Red Hat OpenShift Virtualization release 4.15.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...

CVE-2024-40628

CVE-2024-40628—JumpServer arbitrary file read : The vulnerability arises from exploiting an ansible playbook to read files inside the celery container, which runs as root and has database access. This can lead to sensitive data disclosure, theft of host secrets, creation of admin JumpServer accou...