Oracle Linux 6 : libcap (ELSA-2011-1694)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-1694 advisory. 2.16-5.5 - remove some obsolete parameters from capsh manpage 2.16-5.4 - add capsh manpage 730957 2.16-5.3 - make sure to chdir '/' after calling chroot...

Oracle Linux 7 : sssd (ELSA-2019-2177)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2177 advisory. - Resolves: rhbz1660874 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions rhel-7 Tenable has extracted the...

USN-6277-2: Dompdf vulnerabilities

USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibl...

USN-6277-2 php-dompdf vulnerabilities

USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibl...

USN-6277-1 php-dompdf vulnerabilities

It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2014-5011,...

USN-6277-1: Dompdf vulnerabilities

It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2014-5011,...

Security Bulletin: Multiple operator framework security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary symlink is used by IBM Robotic Process Automation for Cloud Pak as part of the operator framework CVE-2015-3627. Distribution is used by IBM Robotic Process Automation as part of the operator framework CVE-2023-2253. Vulnerability Details CVEID:CVE-2015-3627 DESCRIPTION: A symlink...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-2302)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-44720

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

CVE-2022-44720

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

CVE-2022-44720

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

Command injection

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

CVE-2022-44720

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

CVE-2022-44720

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

CVE-2022-44720

CVE-2022-44720 affects Weblib Ucopia prior to 6.0.13. The vulnerability is an OS command injection related to chroot in the Weblib Ucopia product. CVSS v3.1 base score is 9.8 (CRITICAL) with network access, no auth, no user interaction required, and impacts to confidentiality, integrity, and avai...

bind security and bug fix update

32:9.16.23-11 - Correct backport issue in statistics rendering fix 2126912 32:9.16.23-10 - Handle subtle difference between upstream and rhel CVE-2022-3094 32:9.16.23-9 - Prevent flooding with UPDATE requests CVE-2022-3094 - Handle RRSIG queries when server-stale is active CVE-2022-3736 - Fix cra...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2023-161)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-161 advisory. By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS...

Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2023-135)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-135 advisory. Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487 Tenable has...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2023-010)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-010 advisory. A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This...

Fedora 36 : sudo (2023-cb5df36beb)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cb5df36beb advisory. Security fix for CVE-2023-27320 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...