CentOS 9 : dbus-broker-28-7.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the dbus- broker-28-7.el9 build changelog. - An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...

VMware Workstation 17.0.x < 17.5.1 Vulnerability (VMSA-2024-0005)

The version of VMware Workstation installed on the remote host is 17.0.x prior to 17.5.1. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable,...

Deserialization of untrusted data

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function getimgurl/imgreplace in the library lib/imagesgetdown.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely...

CVE-2024-1750

CVE-2024-1750 affects TemmokuMVC up to version 2.3. The vulnerability resides in the Image Download Handler’s library file lib/images_get_down.php, specifically the get_img_url/img_replace function, where input manipulation enables deserialization. Reported impact is remote code execution with hi...

RHEL 8 : gimp:2.8 (RHSA-2024:0863)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0863 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

Oracle Linux 9 : nss (ELSA-2024-0790)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0790 advisory. 3.90.0-6 - Fix ecc DER wrapping. 3.90.0-5 - Pick up validated constant time implementations of p256, p384, and p521 from upsream - More Fips indicator changes...

QNAP QTS / QuTS hero Multiple Vulnerabilities in QTS, QuTS hero and QuTScloud (QSA-23-53)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-53 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

Path traversal

A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginI...

CVE-2024-1433 KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal

A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginI...

AlmaLinux 9 : gimp (ALSA-2024:0675)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0675 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

GHSA-4HJV-8MMR-JXWV vulnerabilities

Vulnerabilities for packages: expat...

CVE-2023-46045

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root...

Cisco Unity Connection Arbitrary File Upload (cisco-sa-cuc-unauth-afu-FROYsCsD)

According to its self-reported version, Cisco Unity Connection running on the report host is affected by an Arbitrary File Upload Vulnerability. Due to lack of authentication in a specific API and improper validation of user-supplied data, an unauthenticated, remote attacker can store malicious...

CVE-2023-46045

CVE-2023-46045 affects Graphviz 2.36.0 through 9.x, before 10.0.1, with an out-of-bounds read triggered by a crafted config6a file. Public details consistently note exploitability may be low since the file is often root-owned. The vulnerability is rated HIGH (CVSS v3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:...

CVE-2024-0959

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgdfuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is...

Deserialization of untrusted data

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgdfuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is...

CVE-2024-0959 StanfordVL GibsonEnv pposgd_fuse.py cloudpickle.load deserialization

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgdfuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is...

CVE-2024-0959 StanfordVL GibsonEnv pposgd_fuse.py cloudpickle.load deserialization

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgdfuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is...

openSUSE 15 Security Update : seamonkey (openSUSE-SU-2024:0026-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0026-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...