Universitat Politècnica De València (UPV) Security Vulnerabilities

Rocky Linux 9 : glibc (RLSA-2024:3339)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3339 advisory. * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961) * glibc: stack-based buffer overflow in netgroup cache...

CVE-2024-27012

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore refcounters to the original state. Currently, it uses the set->ops->walk() to iterate over these set...

libreoffice security fix update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

Unbreakable Enterprise kernel security update

[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...

CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0469-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0469-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer...

test-de-ovulacion.es Improper Access Control vulnerability OBB-3826043

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-31372

Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through...

openSUSE: Security Advisory for libreoffice (SUSE-SU-2023:4496-1)

The remote host is missing an update for...

gestion-de-camping.fr Improper Access Control vulnerability OBB-3824559

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Apache 2.4.x < 2.4.58 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory. Apache HTTP Server: DoS in HTTP/2 with initial windows size 0: An attacker, opening a HTTP/2 connection with an initial...

CVE-2024-31372 WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through...

(RHSA-2024:1512) Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

openSUSE Security Update : texlive (openSUSE-2019-800)

This update for texlive fixes the following issue : CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673). This update...

CVE-2023-45802

A flaw was found in mod_http2. When a HTTP/2 stream is reset (RST frame) by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0516-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0516-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0514-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0514-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced...

(RHSA-2024:1480) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

AlmaLinux 9 : glibc (ALSA-2024:3339)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3339 advisory. * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961) * glibc: stack-based buffer overflow in netgroup cache...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2024:0515-1)

The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0515-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer...

Denial Of Service (DoS)

katex is vulnerable to a Denial of Service (DoS) attack. The vulnerability is due to the inadequate handling of untrusted mathematical expressions containing \def or \newcommand, which leads to a near-infinite loop despite efforts to mitigate it with mechanisms like...

Debian: Security Advisory (DSA-5690-1)

The remote host is missing an update for the...

CVE-2021-47292

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) hex.....

Debian DSA-4483-1 : libreoffice - security update

Two security issues have been discovered in LibreOffice : CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet...

pizza-taxi-24.de Cross Site Scripting vulnerability OBB-3825598

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Debian DLA-1869-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery. For Debian 8 'Jessie', these problems have been...

Oracle Linux 8 : glibc (ELSA-2024-3344)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3344 advisory. [2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi &lt;[email protected]&gt; Oracle history: ...

Oracle Linux 8 : glibc (ELSA-2024-3269)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3269 advisory. [2.28-251.0.2.1] - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi &lt;[email protected]&gt; Tenable has extracted the...

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

Oracle Linux 8 : glibc (ELSA-2024-12440)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12440 advisory. - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34264) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache (RHEL-34267)....

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-003)

The version of kernel installed on the remote host is prior to 5.4.117-58.216. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-003 advisory. 2024-05-23: CVE-2021-46974 was added to this advisory. 2024-05-23: CVE-2021-46909 was added to this...

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

Fedora 40 : kernel (2024-010fe8772a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-010fe8772a advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6828-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6828-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

Debian DSA-4479-1 : firefox-esr - security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request...

institut-jeanne-de-france.fr Improper Access Control vulnerability OBB-3824694

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

la-grange-de-pyraine.fr Improper Access Control vulnerability OBB-3824775

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Debian DLA-1905-1 : gosa security update

GOsa² used unserialize to restore filter settings from a cookie. Since this cookie was supplied by the client, authenticated users could have passed arbitrary content to unserialized, which opened GOsa² up to a potential PHP object injection. For Debian 8 'Jessie', this problem has been fixed in...

Oracle Linux 9 : glibc (ELSA-2024-3339)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3339 advisory. [2.34-100.0.1.2] - Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi Tenable has extracted the preceding description block...

chatterie-sacre-de-birmanie.fr Improper Access Control vulnerability OBB-3824366

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding, Compression And Data Analysis

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...

Debian: Security Advisory (DSA-5691-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3815-1)

The remote host is missing an update for the...

Fedora 39 : kernel (2024-bc0db39a14)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc0db39a14 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

CentOS 8 : glibc (CESA-2024:3344)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3344 advisory. nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests...

Mageia: Security Advisory (MGASA-2024-0151)

The remote host is missing an update for...

koka36.de Cross Site Scripting vulnerability OBB-3823150

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libreoffice (SUSE-SU-2023:4932-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4932-1 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation...

Ubuntu: Security Advisory (USN-6774-1)

The remote host is missing an update for...

RHEL 8 : glibc (RHSA-2020:1828)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1828 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name...