151 matches found
Google Chrome < 96.0.4664.93 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 96.0.4664.93. It is, therefore, affected by multiple vulnerabilities as referenced in the 202112stable-channel-update-for-desktop advisory. - Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to a denial of service vulnerability in Angular.js
Summary A denial of service vulnerability in Angular.js used by IBM InfoSphere Information Analyzer was addressed. Vulnerability Details CVEID: CVE-2016-4055 DESCRIPTION: The Node.js moment module is vulnerable to a denial of service, caused by an error in the regular expression implementation. A...
RHEL 6 : qemu-kvm (RHSA-2020:4055)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4055 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...
RHEL 7 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:4055)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4055 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
CVE-2019-4055
Summary: CVE-2019-4055 affects IBM MQ versions 8.0.0.0–8.0.0.10, 9.0.0.0–9.0.0.5, and 9.1.0.0–9.1.1, enabling a denial-of-service through the TLS key renegotiation function. The root cause is a weakness in TLS renegotiation handling. Impact (as described): DoS affecting MQ services. Remediation/F...
Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack within the TLS key renegotiation functions (CVE-2019-4055)
Summary A vulnerability was discovered within the TLS key renegotiation functions which could be exploited to execute a denial of service attack against an IBM MQ queue manager. Vulnerability Details CVEID: CVE-2019-4055 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack within the T...
Tenable Nessus < 8.3.0 Multiple Vulnerabilities (TNS-2019-02)
Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...
Tenable Nessus < 8.3.0 Multiple Vulnerabilities (TNS-2019-02)
According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 8.3.0. It is, therefore, affected by: - An information disclosure vulnerability exists in OpenSSL. A remote attacker may be able to obtain sensitive information, caused by the failure to...
CVE-2018-4055
A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successful...
CVE-2018-4055
Pixar Renderman for macOS contains a local privilege escalation in the install helper. The Mac version 22.2.0’s install helper Dispatch function does not verify the caller, allowing a local attacker to read any root file from the filesystem. Exploitation requires local access; impact is root-leve...
Oracle Primavera Unifier Multiple Vulnerabilities (July 2018 CPU)
According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.0, 17.x prior to 17.12.7.0, or 18.x prior to 18.7.0.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for the...
CVE-2017-18214
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...
2ch (>=0.1.0 <=0.1.3), 3loc (>=0.2.0 <=0.4.0) +1296 more potentially affected by CVE-2016-4055 via moment (>=1.0.0 <=2.11.1)
moment NPM version =1.0.0, =0.1.0, =0.2.0, =0.0.13, =1.0.0, =0.2.11, =1.0.1, =1.0.33, =0.0.15, =1.2.6, =2.1.7 and more Source cves: CVE-2016-4055 Source advisory: OSV:GHSA-87VV-R9J6-G5QV...
CVE-2017-4055
CVE-2017-4055 affects McAfee Advanced Threat Defense (ATD) Web Interface, with versions 3.10, 3.8, 3.6, and 3.4. The issue is a vulnerability in authentication/authorization enforcement that lets remote unauthenticated users bypass ATD detection via loose authentication checks, enabling bypass of...
CVE-2016-4055
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service CPU consumption via a long string, aka a "regular expression Denial of Service ReDoS."...
CVE-2016-4055
Moment.js (Node.js) is affected by CVE-2016-4055 due to a vulnerability in its regular expression handling that can enable a DoS (high CPU usage) via crafted input. Public details show the issue as a ReDoS against the moment package prior to 2.11.2, with remediation requiring upgrading to a patch...
Microsoft Internet Explorer Multiple Vulnerabilities (2976627)
This host is missing a critical security update according to Microsoft Bulletin MS14-051. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2014-4055
Microsoft Internet Explorer 10/11 memory corruption vulnerability (CVE-2014-4055) can enable remote code execution or DoS when visiting a crafted site. Affected: IE 10–11. Root cause: memory corruption in IE’s handling of web content. Public exploits exist (SecurityVulns doc), and related advisor...
IBM Domino Web Administrator Multiple Vulnerabilities
The remote IBM Domino web server includes IBM Domino Web Administrator webadmin.nsf and is affected by multiple vulnerabilities : - An authenticated user can exploit an unspecified cross- site request forgery CSRF vulnerability by enticing a user to follow a specially crafted URL. CVE-2013-4050 -...
CVE-2013-4055
CVE-2013-4055 is an XSS vulnerability in IBM Domino Domino Web Administrator (webadmin.nsf) affecting Domino 8.5 and 9.0. The issue permits remote authenticated users to inject arbitrary scripts/HTML via unspecified vectors; the exact exploitation path is not detailed in the provided documents. T...