MiracleLinux 3 : kernel-2.6.18-53.22AXS3 (AXSA:2009-42:04)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-42:04 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Fixed bugs: CVE-2008-3528 The error-reporting functionality in 1...

EUVD-2005-0181

Malware in sbrugna...

EUVD-2005-0208

Malware in sbrugna...

Wireshark SEoL (2.6.x)

According to its version, Wireshark is 2.6.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable,...

BIT-RUBY-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...

CVE-2023-20902

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information...

PT-2023-17692 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions 2.6.x and earlier Harbor versions 2.7.2 and earlier Harbor versions 2.8.2 and earlier Harbor versions 1.10.17 and earlier Description: A timing condition in Harbor allows an attacker with network access to create jobs, stop jo...

Ubuntu 20.04 LTS : HAProxy vulnerability (USN-6294-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6294-2 advisory. USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Tenable has extracted the preceding description...

Rancher Webhook is misconfigured during upgrade process

Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...

SUSE CVE-2006-6053

The ext3fsdirhash function in Linux kernel 2.6.x allows local users to cause a denial of service crash via an ext3 stream with malformed data structures...

SUSE CVE-2010-5321

Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service memory consumption by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability...

SUSE CVE-2018-14367

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition...

Cobbler Path Traversal vulnerability

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...

GHSA-8C56-V25W-F89C Puppet arbitrary file overwrite

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file...

Puppet Arbitrary Command Execution

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full...

GHSA-77HG-G8CC-5R37 Puppet Privilege Escallation

The changeuser method in the SUIDManager lib/puppet/util/suidmanager.rb in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors...

Moodle does not check for the moodle/course:viewhiddencourses capability

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL...

Moodle allows attackers to modify the visibility of a badge

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors...

GHSA-9FMW-M4QX-6CQ8 Moodle cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the externalformattext function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a...

GHSA-6R7X-6Q98-QCQP Moodle does not set the RISK_XSS bit for graders

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted gradebook feedback during manual quiz grading...