Fedora 40 : dav1d (2024-12fcc689ac)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-12fcc689ac advisory. Update to version 1.4.0. This version addresses CVE-2024-1580 see RHBZ2264939. Tenable has extracted the preceding description block directly from the Fedora...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.21 (RHSA-2018:2742)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2742 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

Fedora 39 : squid (2024-bd8c6c6926)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bd8c6c6926 advisory. - New squid 6.9 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 38 : squid (2024-a414a81d47)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a414a81d47 advisory. - New squid 6.9 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack PoC Make a logged in admin open an HTML file containing the following:...

Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing the following: alert999'...

Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing the following:...

Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing the following:...

Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

USN-6728-3: Squid vulnerability

USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update. We apologize for the inconvenience...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference Vulnerability

Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected...

The vulnerability of the MessagePack NodeJS/JavaScript msgpackr implementation allows a hacker to cause a service failure.

The vulnerability of the MessagePack NodeJS/JavaScript msgpackr implementation lies in the ability for users to execute suspended threads, creating messages that lock the decoder. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

CVE-2023-4235 Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver_report() function

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliverreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...

CVE-2023-4234 Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_submit_report() function

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodesubmitreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...

CVE-2023-4233 Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the sms_decode_address_field() function

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the smsdecodeaddressfield function during the SMS PDU decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS...

CVE-2023-4233 Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the sms_decode_address_field() function

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the smsdecodeaddressfield function during the SMS PDU decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config

Summary ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and distribution market, where quality and reliability are most important. The Elber IRD Integrated Receiver Decoder ESE-01 offers a professional audio quality and composite video at an excellent...

ImageSharp Denial of Service Vulnerability

ImageSharp is a new, full-featured, fully managed, cross-platform 2D graphics API from ImageSharp. ImageSharp suffers from a denial of service vulnerability that stems from the fact that processing specially crafted files may cause the image decoder to use too much memory, which can be exploited ...

Out-of-bounds Read

asterix-decoder is vulnerable to Out-of-bounds Read. The vulnerability is due to a flaw in memory management, leading to unintended access to heap memory beyond its allocated boundaries...

The vulnerability of the jbig2_error function in the jbig2.c file of the JBIG2 image compression decompression decoder Jbig2dec, which allows a attacker to cause a service failure.

The vulnerability of the jbig2error function in the jbig2.c file of the JBIG2 image compression decompression decoder allows for incorrect initialization of resources. Exploiting this vulnerability can enable a remote attacker to cause service interruptions...