ESET, Spol. S R.o. Security Vulnerabilities

(RHSA-2024:3269) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

CVE-2021-47221

In the Linux kernel, the following vulnerability has been resolved: mm/slub: actually fix freelist pointer vs redzoning It turns out that SLUB redzoning ("slub_debug=Z") checks from s->object_size rather than from s->inuse (which is normally bumped to make room for the freelist pointer), so a...

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. Notes Author| Note ---|--- sbeattie | QUIC support was added in nginx...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)

Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. Vulnerability Details ** CVEID: CVE-2023-45178 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) CLI is vulnerable to a denial of service when a specially...

CVE-2022-31172

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

CVE-2024-34953

An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm...

(RHSA-2024:3323) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to XML External Entity Injection (XEE) (CVE-2023-45192)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2023-45192 (potential XML External Entity Injection (XEE) attacks). Vulnerability Details ** CVEID: CVE-2023-45192 DESCRIPTION: **IBM Engineering Requirements Management DOORS Next is vulnerable to an XML External...

BIT-moodle-2024-25978

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip...

BIT-moodle-2024-25982

The link to update all installed language packs did not include the necessary token to prevent a CSRF...

Exploit for PHP External Variable Modification in Juniper Junos

Automation for Juniper CVE:2023-36845 by Asbawy -> Modified...

Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

Security Bulletin: Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool.

Summary IBM License Metric Tool is affected by Bouncy Castle Cryptography vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-30172 DESCRIPTION: **The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verification code. By...

(RHSA-2024:3351) Moderate: OpenShift Container Platform 4.12.58 security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.58. See the following advisory for the container...

Exploit for CVE-2024-29059

Leaking and Exploiting ObjRefs via HTTP .NET Remoting...

Exploit for Improper Input Validation in Microsoft

CVE-2024-21413 Microsoft Outlook Remote Code Execution...

CVE-2024-29824

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary...

CVE-2024-29824

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary...

Nginx 1.25.0 - 1.26.0 Multiple HTTP/3 Vulnerabilities

Nginx is prone to multiple HTTP/3...

Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

CVE-2024-27447

pretix before 2024.1.1 mishandles file...

(RHSA-2024:2937) Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: CONTINUATION frames DoS (CVE-2024-27983) For more details about the...

(RHSA-2024:2935) Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) For more details about the security issue(s), including the impact, a...

(RHSA-2024:3267) Moderate: idm:DL1 and idm:client security update

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681) python-jwcrypto:...

[SECURITY] Fedora 40 Update: rust-uu_csplit-0.0.23-3.fc40

Csplit ~ (uutils) Output pieces of FILE separated by PATTERN(s) to files 'xx00', 'xx01', ..., and output byte counts of each piece to standard...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to node-tar (CVE-2024-28863)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to node-tar. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-28863 DESCRIPTION: **isaacs node-tar is vulnerable to a denial of service, caused by the lack...

Security Bulletin: WebSphere Application Server Liberty is vulnerable to denial of service (CVE-2023-38737)

Summary IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to...

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

Citrix Bleed - Leaking Session Tokens

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA...

MobileIron Core - Remote Unauthenticated API Access

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 One day for the polkit privilege escalation...

(RHSA-2024:2936) Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) For more details about the security issue(s), including the impact, a...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in net-ssh-4.2.0.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of net-ssh-4.2.0.gem Vulnerability Details ** CVEID: CVE-2023-48795 DESCRIPTION: **OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH...

Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish...

Security Bulletin: IBM Maximo Asset Management - There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application (CVE-2024-29203)

Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. Vulnerability Details ** CVEID: CVE-2024-29203 DESCRIPTION: **TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the iframe elements. A...

CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all...

CVE-2024-34952

taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm...

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

(RHSA-2024:3127) Moderate: zziplib security update

The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c (CVE-2020-18770) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

(RHSA-2024:3265) Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For...

s-fld.jp Improper Access Control vulnerability OBB-3845529

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-30943

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the...

CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable...

CVE-2022-45150

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in...

F5 BIG-IP - Unauthenticated RCE via AJP Smuggling

CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass...

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual.....

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to XSS attacks due to [CVE-2024-1135]

Summary Gunicorn is used by IBM App Connect Enterprise Certified Container by the mapping assistance component. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to XSS attacks. This bulletin provides patch information to address...

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

Spring Cloud Gateway Actuator API...

(RHSA-2024:2907) Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...