Tussendoor Internet & Marketing Security Vulnerabilities

Cisco IOS XE Software Internet Key Exchange Memory Leak Vulnerability (cisco-sa-20130925-ike)

A vulnerability in the Internet Key Exchange (IKE) protocol of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload. The vulnerability is due to incorrect handling of malformed IKE packets by the affected software. An...

iBill ibillpm.pl Password Generation Weakness

The remote host is running iBill, an internet billing application. Some versions of the 'ibillpm.pl' CGI use a weak password management system that can be brute-forced. ** No flaw was tested. Your script might be a safe...

Cisco IOS XE Software Internet Group Management Protocol Memory Leak (cisco-sa-20180328-igmp)

According to its self-reported version, Cisco IOS XE Software is affected by a denial of service (DoS) vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality. An unauthenticated, adjacent attacker can exploit this, by sending a large number of IGMP...

CVE-2024-20926

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition:...

CVE-2024-20932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4....

CVE-2023-22036

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle...

KB4483235: Windows 10 Version 1809 and Windows Server 2019 December 2018 OOB Security Update

The remote Windows host is missing security update 4483235. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...

KB4483234: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 OOB Security Update

The remote Windows host is missing security update 4483234. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...

KB4088879: Windows 8.1 and Windows Server 2012 R2 March 2018 Security Update (Meltdown)(Spectre)

The remote Windows host is missing security update 4088879 or cumulative update 4088876. It is, therefore, affected by multiple vulnerabilities : An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker...

KB4483230: Windows 10 Version 1703 December 2018 OOB Security Update

The remote Windows host is missing security update 4483230. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...

Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates

The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An...

KB4471322: Windows 8.1 and Windows Server 2012 R2 December 2018 Security Update

The remote Windows host is missing security update 4471322 or cumulative update 4471320. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under...

KB4471328: Windows 7 and Windows Server 2008 R2 December 2018 Security Update

The remote Windows host is missing security update 4471328 or cumulative update 4471318. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully...

KB4471326: Windows Server 2012 December 2018 Security Update

The remote Windows host is missing security update 4471326 or cumulative update 4471330. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully...

Microsoft Warns of Serious Flaw in Internet Explorer

Microsoft has issued a warning about a significant flaw in the Internet Explorer browser that could allow hackers to control unprotected computers. The vulnerability permits hackers to inject malware into any system by tricking users into visiting malicious websites. This affects anyone using...

Researchers Expose Security Flaw in Internet-Ready HDTVs

Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to.....

Low: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...

RHEL 9 : samba (RHSA-2024:4101)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4101 advisory. Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol,...

[SECURITY] Fedora 40 Update: clamav-1.0.6-1.fc40

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...

Windows 7 and Windows Server 2008 R2 December 2017 Security Updates

The remote Windows host is missing security update 4054521 or cumulative update 4054518. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An...

Microsoft SQL Server Resolution Service Amplification Reflected DRDoS

The remote MS SQL Server allows distributed reflection and amplification (DRDoS)...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.0.5)

The version of AOS installed on the remote host is prior to 6.8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.0.5 advisory. An information disclosure vulnerability exists in...

[SECURITY] Fedora 38 Update: clamav-1.0.6-1.fc38

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

[SECURITY] Fedora 39 Update: clamav-1.0.6-1.fc39

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...

CVE-2023-22041

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2;...

Security Updates for Exchange (September 2017)

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An...

Trac Cross-site Scripting (XSS) vulnerability

Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2021-35559

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

Oracle Linux 7 : bind (ELSA-2019-0194)

From Red Hat Security Advisory 2019:0194 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is....

tigervnc security update

An update is available for tigervnc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing (VNC) is a remote display system which allows...

CVE-2021-35560

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require.....

CVE-2021-35550

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

CVE-2021-35559

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

CVE-2021-35560

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require.....

CVE-2021-35560

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require.....

RHEL 7 : spice (RHSA-2019:0231)

An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...

Directus Lacks Session Tokens Invalidation

Summary Currently session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The directus_session gets destroyed and the cookie gets deleted but if you captured the cookie value it will still work for the entire expiry time which is set to 1 day by.....

Synchrologic Email Accelerator User Account Information Disclosure

Synchrologic Email Accelerator is prone to an information disclosure...

Windows 7 and Windows Server 2008 R2 October 2017 Security Updates (KRACK)

The remote Windows host is missing security update 4041678 or cumulative update 4041681. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt...

KB4471319: Windows Server 2008 December 2018 Security Update

The remote Windows host is missing security update 4471319 or cumulative update 4471325. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under...

CVE-2021-35586

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated....

CVE-2021-35559

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

CVE-2021-35556

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

internet-boekwinkel.nl Cross Site Scripting vulnerability OBB-3841528

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2021-35550

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

SUSE SLES11 Security Update : libxml2 (SUSE-SU-2019:13985-1)

This update for libxml2 fixes the following issues : Security issue fixed : CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046)...