Photo Gallery By 10Web – Mobile-Friendly Image Gallery Security Vulnerabilities

Amazon Linux 2 : golang (ALAS-2024-2554)

The version of golang installed on the remote host is prior to 1.22.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2554 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...

G DATA Total Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...

Atlassian Confluence 8.6.x < 8.9.1 Remote Code Execution

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1 It is, therefore, affected by a remote code execution vulnerability. Note that the scanner has not tested for these...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-069)

The version of kernel installed on the remote host is prior to 5.4.276-189.376. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-069 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack...

Amazon Linux 2 : amazon-ecr-credential-helper (ALASDOCKER-2024-039)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-039 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-067)

The version of kernel installed on the remote host is prior to 5.4.273-186.370. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-067 advisory. In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem...

TeamCity Server < 2024.3.2 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2024.3.2 It is, therefore, affected by multiple vulnerabilities: Users can perform actions that should not be available to them based on their permissions...

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2024-2550)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300039.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2550 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...

Online Payment Hub System 1.0 SQL Injection

...

CVE-2024-36019

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code...

Amazon Linux 2 : kernel (ALAS-2024-2549)

The version of kernel installed on the remote host is prior to 4.14.343-259.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2549 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time...

Fedora 39 : wireshark (2024-ed93e6d44f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ed93e6d44f advisory. New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854, CVE-2024-4855. Tenable has extracted the preceding description block directly...

Amazon Linux 2 : bcc (ALAS-2024-2551)

The version of bcc installed on the remote host is prior to 0.24.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2551 advisory. If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could...

Apple TV < 17.5 Multiple Vulnerabilities (HT214102)

According to its banner, the version of Apple TV on the remote device is prior to 17.5. It is therefore affected by multiple vulnerabilities as described in the...

K000139859: Envoy vulnerability CVE-2024-30255

Security Advisory Description Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an....

Pivotal RabbitMQ 3.8.x < 3.8.16 Code Execution

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. A malicious actor can execute arbitrary code on the running RabbitMQ server by adding arbitrary...

CVE-2024-36025

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() The app_reply-&gt;elem[] array is allocated earlier in this function and it has app_req.num_ports elements. Thus this &gt; comparison needs to be &gt;= to prevent memory...

CVE-2024-36029

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host-&gt;runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when....

CVE-2024-36027

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Btrfs clears the content of an extent buffer marked as EXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is introduced to prevent a write hole of an.....

CVE-2024-36021

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during pf initialization The devlink reload process will access the hardware resources, but the register operation is done before the hardware is initialized. So, processing the...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-058)

The version of kernel installed on the remote host is prior to 5.10.29-27.126. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2024-058 advisory. A remote denial of service vulnerability was found in the Linux kernel's TIPC kernel module. The while loop in...

Amazon Linux 2 : uriparser (ALAS-2024-2546)

The version of uriparser installed on the remote host is prior to 0.7.5-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2546 advisory. An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via...

Fedora 40 : wireshark (2024-cd1f01e5d9)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cd1f01e5d9 advisory. New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854, CVE-2024-4855. Tenable has extracted the preceding description block directly...

Atlassian Confluence < 7.19.22 Remote Code Execution

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1 It is, therefore, affected by a remote code execution vulnerability. Note that the scanner has not tested for these...

JetBrains TeamCity Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2022.04.7, 2022.10.6, 2023.05.6, or 2023.11.5. It is, therefore, affected by multiple vulnerabilities as referenced in the CVE-2024-36363 advisory. In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5...

Oracle Linux 8 : glibc (ELSA-2024-3344)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3344 advisory. [2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi &lt;[email protected]&gt; Oracle history: ...

Ubuntu Pro Subscription Detection

The remote Ubuntu host has an active Ubuntu Pro...

Amazon Linux 2 : php (ALASPHP8.2-2024-004)

The version of php installed on the remote host is prior to 8.2.19-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2024-004 advisory. The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to...

goehring-online.de Cross Site Scripting vulnerability OBB-3931812

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

In the jungle of AWS S3 Enumeration

By Daily Contributors Amazon Web Services (AWS) Simple Storage Service (S3) is a foundational pillar of cloud storage, offering scalable object… This is a post from HackRead.com Read the original post: In the jungle of AWS S3...

experten-branchenbuch.de Cross Site Scripting vulnerability OBB-3931811

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

fo-leipzig.schul-webportal.de Cross Site Scripting vulnerability OBB-3931810

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-35434

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

firephoenix.de Cross Site Scripting vulnerability OBB-3931809

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

One Phish, Two Phish, Red Phish, Blue Phish

By Daily Contributors One of the interesting things about working for a cybersecurity company is that you get to talk to… This is a post from HackRead.com Read the original post: One Phish, Two Phish, Red Phish, Blue...

TYPO3 Cross-Site Scripting vulnerability in typolinks

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme...

TYPO3 Cross-Site Scripting vulnerability in typolinks

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme...

CVE-2024-1298

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of...

CVE-2024-1298

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of...

TYPO3 Brute Force Protection Bypass in backend login

The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...

TYPO3 Brute Force Protection Bypass in backend login

The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...

TYPO3 Information Disclosure Vulnerability Exploitable by Editors

It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account...

TYPO3 Information Disclosure Vulnerability Exploitable by Editors

It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account...

TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors

It has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability. As second and.....

TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors

It has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability. As second and.....

TYPO3 frontend login vulnerable to Session Fixation

It has been discovered that TYPO3 is susceptible to session fixation. If a user authenticates while anonymous session data is present, the session id is not changed. This makes it possible for attackers to generate a valid session id, trick users into using this session id (e.g. by leveraging a...

TYPO3 frontend login vulnerable to Session Fixation

It has been discovered that TYPO3 is susceptible to session fixation. If a user authenticates while anonymous session data is present, the session id is not changed. This makes it possible for attackers to generate a valid session id, trick users into using this session id (e.g. by leveraging a...

CVE-2024-1298 Integer Overflow caused by divide by zero during S3 suspension

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to...

TYPO3 possible cache poisoning on the homepage when anchors are used

A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can.....