wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL that stems from compiler optimizations and time-side channels introduced by CPU architectural limitations...

CVE-2025-54987

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture...

USN-7665-2: Linux kernel (AWS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PA-RISC architecture; - PowerPC architecture; - S390 architecture; - x86 architecture; -...

Linux Distros Unpatched Vulnerability : CVE-2024-2193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. ...

x86/sgx: Fix deadlock in SGX NUMA node search

...

TerraMaster TOS 4.2.29 Code Injection / Local File Inclusion

============================================================================================================================================= | Title : TerraMaster TOS 4.2.29 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-7005-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7005-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6999-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6999-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

CBL Mariner 2.0 Security Update: grpc / python-gevent (CVE-2020-22217)

The version of grpc / python-gevent installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-22217 advisory. - Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply i...

Medium: kernel

Issue Overview: A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions ...

GhostRace – New Data Leak Vulnerability Affects Modern CPUs

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace CVE-2024-2193, it is a variation of the transient execution CPU vulnerability known as Spectre v1 CVE-2017-5753. The approach combines speculative...

Fedora 37 : traceroute (2023-734aa51998)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-734aa51998 advisory. Update to 2.1.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 38 : dr_libs (2023-494ae331b6)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-494ae331b6 advisory. Update to 4b3d078 drwav 0.13.8: fix a possible null-pointer dereference and a crash when loading files with badly-formed metadata. Tenable has extracted the...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rpmlint-mini (SUSE-SU-2023:0032-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0032-1 advisory. Update polkit-default-privs to version 13.2+20221216.a0c29e6: - backport usbguard actions bsc1206414...

AlmaLinux 9 : firefox (ALSA-2022:5767)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:5767 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

SUSE SLED15 / SLES15 Security Update : fetchmail (SUSE-SU-2021:3493-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3493-1 advisory. - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

ISC BIND GSS-TSIG SPNEGO Buffer Overflow (CVE-2021-25216)

According to its self-reported version, the ISC Bind present on the remote host is affected by a buffer overflow vulnerability: - GSS-TSIG is an extension to the TSIG protocol which is intended to support the secure exchange of keys for use in verifying the authenticity of communications between...

Cpufetch - Simplistic Yet Fancy CPU Architecture Fetching Tool

Simplistic yet fancy CPU architecture fetching tool 1. Support cpufetch currently supports x8664 CPUs both Intel and AMD and ARM. Platform | x8664 | ARM | Notes ---|---|---|--- Linux | ✔️ | ✔️ | Prefered platform. Experimental ARM support Windows | ✔️ | ❌ | Some information may be missing. Colors...

Newest Intel Side-Channel Attack Sniffs Out Sensitive Data

Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords. Unlike previous side-channel attacks, this attack does not rely on sharing memory, cache sets and other former tactics...

hw: Fast forward store predictor

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...