F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe Security Vulnerabilities

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by.....

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by.....

BIT-git-2024-32002

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory......

BIT-git-2024-32021

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target...

UK PSTI? You’ll need a Vulnerability Disclosure Program!

If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program (VDP) In the supporting materials for the Act,....

CVE-2024-4409

The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a.....

CVE-2024-4409 WP-ViperGB <= 1.6.1 - Cross-Site Request Forgery

The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a.....

F5 Networks BIG-IP : Apache HTTPD vulnerability (K000139764)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139764 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split...

Jcow Social Network Cross Site Scripting

...

virt:ol and virt-devel:rhel security and enhancement update

hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] -...

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker...

Cisco Secure Email and Web Manager Multiple Vulnerabilities (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)

According to its self-reported version, Cisco Secure Email and Web Manager is affected by multiple vulnerabilities. A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email could allow an authenticated, remote attacker to conduct an XSS attack...

container-tools:ol8 security update

...

Ubuntu: Security Advisory (USN-6777-4)

The remote host is missing an update for...

python39:3.9 and python39-devel:3.9 security update

mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload &gt;= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...

Debezium UI 2.5 Credential Disclosure

...

Jenkins plugins Multiple Vulnerabilities (2024-05-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files,...

K000139764: Apache HTTPD vulnerability CVE-2023-38709

Security Advisory Description Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709) Impact This vulnerability allows malicious or exploitable...

F5 Networks BIG-IP : Libexpat vulnerability (K000139525)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139525 advisory. In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in ...

perl:5.32 security update

perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...

SBOM support in Spring Boot 3.3

Spring Boot 3.3.0 has been released, and it contains support for SBOMs. SBOM stands for "Software Bill of Materials" and describes the components used to build a software artifact. In the context of this blog post, that's your Spring Boot application. These SBOMs are useful because they describe...

python27:2.7 security update

babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

CVE-2024-5298

D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the...

CVE-2024-5299

D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-5293

D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The...

CVE-2024-5295

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2024-5297

D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication...

CVE-2024-5294

D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability.....

CVE-2024-5296

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-5292

D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on...

CVE-2024-5291

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The...

CVE-2024-5242

TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However,...

CVE-2024-5228

TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this.....

CVE-2024-5243

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are...

CVE-2024-5244

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices...

CVE-2024-5227

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability....

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

CVE-2024-5244 TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices...

CVE-2024-5243 TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are...

CVE-2024-5242 TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability

TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However,...

CVE-2024-5228 TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability

TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this.....

CVE-2024-5227 TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability....

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

CVE-2024-5299 D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability

D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-5298 D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability

D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the...

CVE-2024-5297 D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability

D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication...

CVE-2024-5296 D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...