KubeVirt vulnerable to arbitrary file read on host

As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the...

ImageMagick < 7.0.10-57 Integer Overflow

The remote Windows host has a version of ImageMagick installed that is prior 7.0.10-57. It is, therefore, affected by an integer overflow error in the GetPixelIndex function. An attacker can craft a malicious PDF file that, when processed by ImageMagick, results in undefined behavior or a crash...

SUSE SLES12 Security Update : mokutil (SUSE-SU-2022:2716-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2716-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

Debian DSA-5203-1 : gnutls28 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5203 advisory. Jaak Ristioja discovered a double-free vulnerability in GnuTLS, a library implementing the TLS and SSL protocols, during verification of pkcs7 signatures. A remote attacke...

CentOS 7 : 389-ds-base (RHSA-2022:5239)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5239 advisory. - A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a...

CentOS 8 : httpd:2.4 (CESA-2022:5163)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:5163 advisory. - httpd: modproxy NULL pointer dereference CVE-2020-13950 Note that Nessus has not tested for this issue but has instead relied only on the application's...

Fedora 36 : thunderbird (2022-a5d22b5dd8)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-a5d22b5dd8 advisory. Update to 91.10.0 See https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/ Tenable has extracted the preceding description block directly from the...

RHEL 8 : thunderbird (RHSA-2022:4770)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4770 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1. Security Fixes: Mozilla:...

RHEL 8 : thunderbird (RHSA-2022:4769)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4769 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1. Security Fixes: Mozilla:...

Stored XSS vulnerability in Jenkins Deployer Framework Plugin

Deployer Framework Plugin is a framework plugin allowing other plugins to provide a way to deploy artifacts. Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page. This results in a stored cross-site scripting XSS vulnerability exploitable by users abl...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

Remote code execution

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

AlmaLinux 8 : .NET 5.0 (ALSA-2022:0495)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0495 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network...

Rocky Linux 8 : kernel-rt (RLSA-2021:3440)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3440 advisory. - net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service xdrsetpagebase slab-out-of-bounds access by performing...

Schneider Electric Web Server on Modicon M340 Out-of-Bounds Read (CVE-2020-7562)

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file ...

ABB Relion 650 and 670 Series Improper Input Validation (CVE-2019-18247)

An attacker may use a specially crafted message to force Relion 650 series versions 1.3.0.5 and prior or Relion 670 series versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior to reboot, which could cause a denial of service. This plugin only works with Tenable.ot. Please visit...