CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadgetgiveback has one byte appended at the end of a prop...

F5 BIG-IP Next Central Manager 20.0.1 < 20.2.0 OData Injection (K000138732)

The version of the Big-IP Next Central Manager installed on the remote Windows host is between 20.0.1 and 20.1.0. It is, therefore, affected by an OData Injection vulnerability as referenced in the K000138732 advisory. An unauthenticated attacker can exploit this vulnerability to execute maliciou...

RHEL 8 : thunderbird (RHSA-2024:0565)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0565 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.7.0. Security Fixes: Mozilla:...

CVE-2023-36650

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages...

Rocky Linux 8 : qt5 (RLSA-2022:7482)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7482 advisory. - In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not...

Internet Bug Bounty: Privilege Esacalation at Apache Airflow 2.5.1

A vulnerability was found in Apache Airflow before version 2.6.0 that allowed local Linux users to access sensitive files, such as SSH private keys, owned by the account that operates Airflow. The issue was caused by Airflow setting log files to vulnerable privileges, allowing any Linux user on t...

SUSE CVE-2009-2715

Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service Linux host OS reboot via a sysenter instruction...

SUSE CVE-2019-3016

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2022:10152-1 Rating: important References: 1201720 1203086 1203306 1203370 1203735 1204019 Cross-References: CVE-2022-21554 CVE-2022-21571 CVSS scores: CVE-2022-21554 NVD : 4.4...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2022:10129-1 Rating: important References: 1201720 1203086 1203306 1203370 Cross-References: CVE-2022-21554 CVE-2022-21571 CVSS scores: CVE-2022-21554 NVD : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2022:10067-1 Rating: important References: 1198676 1198677 1198678 1198679 1198680 1198703 1199803 1201720 Cross-References: CVE-2022-21465 CVE-2022-21471 CVE-2022-21487 CVE-2022-21488 CVE-2022-21491...

Node.js: Node 18 reads openssl.cnf from /home/iojs/build/... upon startup.

A vulnerability was discovered in Node.js 18.4.0 where it attempted to read an openssl.cnf file from a specific location upon startup. This could potentially allow an attacker with a self-chosen username to affect the OpenSSF configuration of other users on a shared Linux host...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2021:1403-1 Rating: important References: 1191104 1191526 1191869 Cross-References: CVE-2021-2475 CVE-2021-35538 CVE-2021-35540 CVE-2021-35542 CVE-2021-35545 CVSS scores: CVE-2021-2475 NVD : 4.4...

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2021:1092-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2021:0165-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 8 : container-tools:2.0 (CESA-2021:0706)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:0706 advisory. - podman: container users permissions are not respected in privileged containers CVE-2021-20188 Note that Nessus has not tested for this issue but has instead...

openSUSE Security Update : virtualbox (openSUSE-2021-165)

This update for virtualbox fixes the following issues : Version update to 6.1.18 released January 19 2021 This is a maintenance release. The following items were fixed and/or added : - Nested VM: Fixed hangs when executing SMP nested-guests under certain conditions on Intel hosts bug 19315, 19561...

RHEL 8 : freerdp (RHSA-2020:2335)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2335 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

CVE-2019-0069

On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device...

Design/Logic Flaw

On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device...