ESET, Spol. S R.o. Security Vulnerabilities

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-25026

Summary IBM Maximo Application Suite Predict Component IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable toCVE-2024-25026 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-25026 ....

Low: c-ares security update

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

Exploit for CVE-2024-27956

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection...

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775

Summary Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-51775 ....

K12201527: Overview of Quarterly Security Notifications

Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications. Quarterly Security Notification dates are published in advance so customers can schedule necessary updates in advance of the public disclosure date. When.....

Security Bulletin: IBM i Service Tools Server (SST) is vulnerable to SST user profile enumeration [CVE-2024-31878].

Summary IBM i Service Tools Server is vulnerable to SST user profile enumeration by a remote actor as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details **...

Exploit for CVE-2024-27956

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection...

tomcat security and bug fix update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer...

Security Bulletin: Multiple security vulnerabilities Affect IBM WebSphere Application Server Liberty shipped with IBM OpenPages

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable...

s-capetravel.eu Cross Site Scripting vulnerability OBB-3846946

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section....

CVE-2023-5551

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other...

CVE-2023-5548

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning...

CVE-2023-5541

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe...

CVE-2023-5547

The course upload preview contained an XSS risk for users uploading unsafe...

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...

Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): dnspython: denial of service in stub resolver (CVE-2023-29483) For more details...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For...

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code...

CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR...

s-kiilto.fi Cross Site Scripting vulnerability OBB-3846950

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) For more details...

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...

Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is...

CVE-2023-5549

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to...

CVE-2023-5540

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and...

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...

Exploit for OS Command Injection in Zyxel Atp100 Firmware

CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's...

CVE-2023-5543

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original...

CVE-2023-5546

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS...

CVE-2023-5545

H5P metadata automatically populated the author with the user's username, which could be sensitive...

CVE-2023-5539

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and...

CVE-2023-3487

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage...

Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849).

Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials (CVE-2024-28849). This bulletin identifies the steps to take to address the...

Moderate: idm:DL1 and idm:client security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): JWCrypto: denail of service Via specifically crafted JWE...

Moderate: libXpm security update

X.Org X11 libXpm runtime library. Security Fix(es): libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789) For more details about the security issue(s), including the impact, a CVSS score,...

CVE-2023-23922

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw.....

CVE-2023-23921

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable...

CVE-2023-23923

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted...

Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft...

Important: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) xorg-x11-server:...

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

Failure to strip relative path components in net/url

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the...

(RHSA-2024:3553) Important: nodejs : security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs/16: CONTINUATION frames DoS (CVE-2024-27983) For more details about the security issue(s), including the impact, a CVSS score,...

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the logout option lacking the necessary token, risking users being inadvertently logged out via CSRF...