CVE-2024-53273

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in RegisterLoginReset.vue contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious...

PT-2024-16335 · WordPress · Paid Membership Plugin

Name of the Vulnerable Software and Affected Versions: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin versions prior to 4.15.15 Description: The issue concerns the Paid Membership Plugin, Ecommerce, User Registration Form,...

CVE-2024-56651 affecting package kernel for versions less than 5.15.173.1-1

CVE-2024-56651 affecting package kernel for versions less than 5.15.173.1-1. A patched version of the package is available...

About the security content of Safari18.2

About the security content of Safari18.2 This document describes the security content of Safari 18.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

PT-2024-36966

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description A vulnerability in the Linux kernel has been resolved, related to the ALSA control, where the use of WARN for showing symlink creation errors was downgraded to dev err to avoid confusing fuzzer...

CVE-2024-55601

Hugo, a static site generator, is affected in versions 0.123.0 through 0.139.3 (prior to 0.139.4). The issue: certain HTML attributes in Markdown in internal templates are not escaped in render hooks, specifically in templates _default/_markup/render-link.html (v0.123.0), _default/_markup/render-...

SUSE-SU-2024:4256-1 Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059153 fixes several issues. The following security issues were fixed: - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. - CVE-2021-47598: schcake: do not call...

CVE-2024-50403 QTS, QuTS hero

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

Oracle Linux 8 : perl-App-cpanminus:1.7044 (ELSA-2024-10219)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10219 advisory. - Patch the code to use https instead of http CVE-2024-45321 perl-CPAN-DistnameInfo perl-CPAN-Meta-Check perl-File-pushd perl-Module-CPANfile perl-Parse-PMFile...

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Veeam has released security updates to address a critical flaw impacting Service Provider Console VSPC that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted...

PT-2024-35143 · Tenda · Tenda Ac6V2

Name of the Vulnerable Software and Affected Versions: Tenda AC6V2 versions through 15.03.06.50 Description: The issue is a stack-based buffer overflow vulnerability in the setDoublePppoeConfig-guest ip check modules of Tenda AC6V2, where the mask argument can cause buffer overflows...

Fedora 41 : mingw-python3 (2024-e6b1e638d1)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e6b1e638d1 advisory. Backport fix for CVE-2024-9287 ---- Update to python-3.11.0. Tenable has extracted the preceding description block directly from the Fedora security advisory...

CVE-2024-53844

CVE-2024-53844 affects labsai/eddi (EDDI), a middleware for LLM API bots. The vulnerability is a path traversal in the backup export functionality, exploitable via the botFilename parameter in RestExportService.java. Input is not properly sanitized, allowing attackers to access arbitrary files in...

Oracle Linux 9 : python3.12-urllib3 (ELSA-2024-9457)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-9457 advisory. 1.26.18-2.1 - Security fix for CVE-2024-37891 Resolves: RHEL-59997 Tenable has extracted the preceding description block directly from the Oracle Linux security...

PT-2024-36433 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The issue concerns a Remote Code Execution vulnerability in the /bin/boa via formWsc. This allows for unauthorized code execution. Recommendations: For TOTOLINK A3002R version...

RHSA-2024:1868

creationtimestamp| type| source ---|---|--- 2024-11-17 10:25:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113497810108556154 2025-03-06 15:10:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6677 2025-03-26 19:26:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8934...

Fedora 41 : aardvark-dns (2024-30ed35ba86)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-30ed35ba86 advisory. Security fix for CVE-2024-8418 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 37 : xorg-x11-server (2022-3d88188071)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-3d88188071 advisory. Fix buggy patch to CVE-2022-46340 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

PT-2024-7874 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 November Security Update or 2022 SU6 November Security Update Description: The issue is related to a SQL injection vulnerability in Ivanti Endpoint Manager. This vulnerability allows a remote...

CVE-2024-50220 fork: do not invoke uffd on fork if error occurs

In the Linux kernel, the following vulnerability has been resolved: fork: do not invoke uffd on fork if error occurs Patch series "fork: do not expose incomplete mm on fork". During fork we may place the virtual memory address space into an inconsistent state before the fork operation is complete...