Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-2540)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

firefox: thunderbird: Potential memory corruption may occur when cloning certain objects

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...

Sentry SDK Prototype Pollution gadget in JavaScript SDKs

Impact In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue. !NOTE This...

firefox: thunderbird: Potential memory corruption may occur when cloning certain objects

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...

firefox: thunderbird: Potential memory corruption may occur when cloning certain objects

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...

SUSE CVE-2024-9396

It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

CVE-2024-9396

It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

CVE-2024-9396

It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

GLSA-202409-25 : Xpdf: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202409-25 Xpdf: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from th...

Photon OS 3.0: Linux PHSA-2024-3.0-0795

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0795. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2024-8869 TOTOLINK A720R exportOvpn os command injection

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult...

CVE-2024-8869 TOTOLINK A720R exportOvpn os command injection

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult...

Fedora 40 : mingw-expat (2024-c7b547bec5)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c7b547bec5 advisory. Update to expat-2.6.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

GHSA-G6Q4-W3J3-JFC4 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

CBL Mariner 2.0 Security Update: python-pip / python-urllib3 / python3 (CVE-2023-45803)

The version of python-pip / python-urllib3 / python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45803 advisory. - urllib3 is a user-friendly HTTP client library for Python. urllib3 previously...

New Windows IPv6 Zero-Click Vulnerability

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also share...

Oracle Linux 8 : grafana (ELSA-2024-5291)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5291 advisory. 9.2.10-17 - Allow for mssql datasource in selinux policy - Resolves RHEL-43435 Tenable has extracted the preceding description block directly from the...

CVE-2024-7659

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...

Dell iDRAC Service Module < 5.3.1.0 Multiple Vulnerabilities

Dell iDRAC Service Module version 5.3.0.0 and prior, contains multiple Out-of-bound Write Vulnerabilities. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. Note that Nessus has not tested for this issue but has instead relied only on the...

Fedora 39 : frr (2024-0c063be1cc)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-0c063be1cc advisory. New version 8.5.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...