CVE-2023-33967 EaseProbe vulnerable to SQL injection when using MySQL/PostgreSQL data checking

EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0...

CVE-2023-33967 EaseProbe vulnerable to SQL injection when using MySQL/PostgreSQL data checking

EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0...

Debian DSA-5417-1 : openssl - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5417 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy...

H3C Magic R300 缓冲区错误漏洞

The H3C Magic R300 is a wireless router from China's Xinhua San H3C. The H3C Magic R300 suffers from a stack overflow vulnerability that is caused by incorrect boundary checking of the DelSTList interface on /goform/aspForm. An attacker can exploit this vulnerability to cause a buffer overflow an...

The vulnerability of the Modbus TCP protocol implementation in Schneider Electric Modicon programmable logic controllers allows a intruder to trigger a service failure.

The vulnerability of the Modbus TCP protocol implementation in Schneider Electric Modicon programmable logic controllers is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to cause malfunctions in the service operation...

M-Files 安全漏洞

M-Files is an innovative metadata-driven document management platform from M-Files, Inc. A security vulnerability exists in M-Files Client prior to version 23.5.12598.0, which stems from a lack of access rights checking that allows elevation of privileges via UI application extensions...

Oracle Linux 8 : libarchive (ELSA-2023-3018)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3018 advisory. 3.3.3-5 - Fix for CVE-2022-36227 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...

Oracle Linux 8 : thunderbird (ELSA-2023-3221)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-3221 advisory. 102.11.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.11.0-1 - Update to 102.11.0 build1 Tenable h...

CVE-2023-23301

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...

The vulnerability of the Command Line Interface (CLI) of the Cisco Identity Services Engine (ISE) management platform allows a hacker to escape from the isolated software environment and elevate their privileges to the root level.

The vulnerability of the Command Line Interface CLI of the Cisco Identity Services Engine ISE management platform relates to deficiencies in the name checking of paths to restricted directories. Exploiting this vulnerability could allow an attacker to exit from a isolated software environment and...

AlmaLinux 8 : libarchive (ALSA-2023:3018)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3018 advisory. - In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, whi...

Oracle Linux 9 : firefox (ELSA-2023-3143)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3143 advisory. 102.11.0-2.0.1 - Updated homepages to use https Orabug: 34648274 102.11.0-2 - Update to 102.11.0 build2 102.11.0-1 - Update to 102.11.0 build1 Tenable...

AlmaLinux 8 : thunderbird (ALSA-2023:3221)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:3221 advisory. - In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofin...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

D-Link DIR-605L Stack Buffer Overflow Vulnerability

The D-Link DIR-605L is a wireless router from China's AUO D-Link. The D-Link DIR-605L version 1.17B01 BETA suffers from a stack buffer overflow vulnerability due to incorrect boundary checking in /goform/formTcpipSetup. An attacker could exploit this vulnerability to cause a buffer overflow and...

Google Android Sensor.cpp file buffer overflow vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a buffer overflow vulnerability that stems from a lack of bounds checking in the unflattenString8 of the Sensor.cpp file, which can be exploited by an attacker to cause the disclosure of local...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-1982)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Android Information Disclosure Vulnerability (CNVD-2023-46126)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to a lack of permission checking in the applySyncTransaction of WindowOrganizer.java. An attacker can exploit this vulnerability to obtain sensitive...

Google Android Information Disclosure Vulnerability (CNVD-2023-41883)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a lack of permission checking in AnalyzeMfcResp of NxpMfcReader.cc. An attacker can exploit the vulnerability to obtain sensitive information...