Path traversal

A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is...

F5 Networks BIG-IP : BIG-IP iControl REST Privilege Escalation (K26910459)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K26910459 advisory. The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Not...

CVE-2023-5461

A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The...

Design/Logic Flaw

A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The...

CVE-2023-5461 Delta Electronics WPLSoft Modbus cleartext transmission

A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The...

Design/Logic Flaw

A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. Th...

CVE-2023-5297 Xinhu RockOA start backup

A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. Th...

CVE-2023-5297 Xinhu RockOA start backup

A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. Th...

Fedora 37 : traceroute (2023-734aa51998)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-734aa51998 advisory. Update to 2.1.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CBL Mariner 2.0 Security Update: vim (CVE-2023-4781)

The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4781 advisory. - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. CVE-2023-4781 Note that Nessus has no...

CVE-2023-40044

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. Recent assessments: sfewer-r7 at October 02, 2023 8:11am UT...

Ubuntu 23.04 : libppd vulnerability (USN-6392-1)

The remote Ubuntu 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6392-1 advisory. It was discovered that libppd incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a...

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible Recent assessments: sfewer-r7 at September 27, 2023 1:47pm UTC reported: Based on the accompanying Rapid7 Analysis, the attacker value for CVE-2023-42793 is very high given the target produ...

Rocky Linux 8 : firefox (RLSA-2023:5184)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5184 advisory. - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML pag...

RHEL 8 : open-vm-tools (RHSA-2023:5213)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5213 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization...

RHEL 8 : thunderbird (RHSA-2023:5201)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5201 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Security Fixes: libwebp...

Oracle Linux 7 : cups (ELSA-2020-1050)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1050 advisory. - 1651575 - CVE-2018-4700 cups - 1608764 - CVE-2018-4180 cups Tenable has extracted the preceding description block directly from the Oracle Linux...

CVE-2023-4743 Dreamer CMS file access

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of ...

CVE-2023-40166

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in FileManager::detectLanguageFromTextBegining . The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. ...

Buffer overflow

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in nsCodingStateMachine::NextStater. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time...