Microsoft Windows Server 2003 SP1, SP2 Windows XP - SP3 Security Vulnerabilities

SUSE: Security Advisory (SUSE-SU-2024:1832-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1750)

The remote host is missing an update for the Huawei...

Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1758)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1742)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1765)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1776)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

Qlik Sense Enterprise Privilage Escalation (CVE-2024-36077)

The version of Qlik Sense Enterprise installed on the remote Windows host is prior to May 2022 prior to Patch 18, August 2022 prior to Patch 17, November 2022 prior to Patch 14, February 2023 prior to Patch 14, May 2023 prior to Patch 16, August 2023 prior to Patch 14, November 2023 prior to patch....

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1743)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

Veritas System Recovery Installed (Windows)

Veritas System Recovery, a backup and disaster recovery application is installed on the remote Windows...

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1738)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...

SUSE: Security Advisory (SUSE-SU-2024:1806-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1831-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1728)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1761)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1776)

The remote host is missing an update for the Huawei...

SUSE: Security Advisory (SUSE-SU-2024:1843-1)

The remote host is missing an update for...

Oracle Linux 8 : gdk-pixbuf2 (ELSA-2024-3341)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3341 advisory. [2.36.12-6] - Backport fixes for CVE-2022-48622 - Apply patches with git to enable binary patching - Resolves: RHEL-30478 Tenable has extracted the preceding...

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1773)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

Oracle Linux 8 : python3 (ELSA-2024-3347)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3347 advisory. [3.6.8-62.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-62] - Security fix for CVE-2024-0450 Resolves: RHEL-33683 ...

RHEL 8 : edk2 (RHSA-2024:3497)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3497 advisory. EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI...

Veritas System Recovery Arbitrary File Creation (VTS24-005)

The version of Veritas System Recovery installed on the remote Windows host is 23.2 or prior. It is, therefore, affected by an arbitrary file creation vulnerability. A local attacker could create a file in any arbitrary location within the filesystem. This includes protected directories, such as...

Oracle Linux 9 : glibc (ELSA-2024-3339)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3339 advisory. [2.34-100.0.1.2] - Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi Tenable has extracted the preceding description block...

SUSE SLED12 / SLES12 Security Update : freerdp (SUSE-SU-2024:1835-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1835-1 advisory. - CVE-2024-32658: Fixed out-of-bounds read in Interleaved RLE Bitmap Codec (bsc#1223353). - CVE-2024-32659:...

SUSE: Security Advisory (SUSE-SU-2024:1842-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1764)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1738)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1773)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1771)

The remote host is missing an update for the Huawei...

CVE-2024-36923

In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix uninitialized values during inode evict If an iget fails due to not being able to retrieve information from the server then the inode structure is only partially initialized. When the inode gets evicted, references to...

SUSE: Security Advisory (SUSE-SU-2024:1807-1)

The remote host is missing an update for...

PostgreSQL vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages postgresql-14 - Object-relational SQL database postgresql-15 - Object-relational SQL database postgresql-16 - Object-relational SQL database Details Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in...

EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1753)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

EulerOS 2.0 SP12 : xorg-x11-server (EulerOS-SA-2024-1781)

According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash...

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1761)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...

EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1765)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1766)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1771)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...

SUSE: Security Advisory (SUSE-SU-2024:1847-1)

The remote host is missing an update for...

Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2024-3343)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3343 advisory. [21.1.3-16] - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083 Tenable has extracted the preceding description block directly from the...

virt:ol and virt-devel:rhel security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23.1.el8] - remote: check for negative array lengths before allocation...

SUSE SLES15 Security Update : xdg-desktop-portal (SUSE-SU-2024:1831-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1831-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : git (SUSE-SU-2024:1807-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1807-1 advisory. - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic.....

SUSE SLES15 Security Update : xdg-desktop-portal (SUSE-SU-2024:1806-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1806-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...

SUSE: Security Advisory (SUSE-SU-2024:1844-1)

The remote host is missing an update for...

Justice AV Solutions JVS Viewer Installed (Windows)

Justice AV Solutions JVS Viewer is installed on the remote Windows...

FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (320a19f7-1ddd-11ef-a2ae-8c164567ca3c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 320a19f7-1ddd-11ef-a2ae-8c164567ca3c advisory. The nginx development team reports: This update fixes the following vulnerabilities: Tenable...

Stable Channel Update for Desktop

The Stable channel has been updated to 125.0.6422.141/.142 for Windows, Mac and 125.0.6422.141 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

Security Bulletin: IBM Aspera Console has addressed multiple cross-site scripting vulnerabilities (CVE-2022-43384, CVE-2022-43575)

Summary This Security Bulletin addresses security vulnerabilities related to cross-site scripting that have been remediated (CVE-2022-43384, CVE-2022-43575) in IBM Aspera Console 3.4.2 PL6. Vulnerability Details ** CVEID: CVE-2022-43384 DESCRIPTION: **IBM Aspera Console is vulnerable to...

Security Bulletin: IBM Aspera Console has addressed a denial of service vulnerability (CVE-2024-27316)

Summary IBM Aspera Console is vulnerable to Apache HTTP Server denial of service vulnerability caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that can be sent within a single stream, a remote attacker could exploit this vulnerability to cause an out of memory (OOM)...