Design/Logic Flaw

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...

NewStart CGSL MAIN 6.02 : gd Multiple Vulnerabilities (NS-SA-2021-0066)

The remote NewStart CGSL host, running version MAIN 6.02, has gd packages installed that are affected by multiple vulnerabilities: - The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected. CVE-2019-6978 ...

NewStart CGSL CORE 5.04 / MAIN 5.04 : spice Vulnerability (NS-SA-2021-0040)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has spice packages installed that are affected by a vulnerability: - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPI...

NewStart CGSL MAIN 4.06 : bind Multiple Vulnerabilities (NS-SA-2021-0003)

The remote NewStart CGSL host, running version MAIN 4.06, has bind packages installed that are affected by multiple vulnerabilities: - Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses th...

NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Vulnerability (NS-SA-2021-0032)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sudo packages installed that are affected by a vulnerability: - Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via sudoedit -s and a command-line argument that ends with a single...

NewStart CGSL MAIN 6.02 : qt5-qtwebsockets Vulnerability (NS-SA-2021-0085)

The remote NewStart CGSL host, running version MAIN 6.02, has qt5-qtwebsockets packages installed that are affected by a vulnerability: - In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier...

NewStart CGSL CORE 5.04 / MAIN 5.04 : unoconv Vulnerability (NS-SA-2021-0043)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unoconv packages installed that are affected by a vulnerability: - The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. CVE-2019-17400 Note that Nessus has not tested for...

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable...

NewStart CGSL MAIN 6.02 : cryptsetup Vulnerability (NS-SA-2021-0087)

"The remote NewStart CGSL host, running version MAIN 6.02, has cryptsetup packages installed that are affected by a vulnerability: - A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/ima...

NewStart CGSL CORE 5.04 / MAIN 5.04 : OpenEXR Multiple Vulnerabilities (NS-SA-2021-0031)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has OpenEXR packages installed that are affected by multiple vulnerabilities: - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp...

NewStart CGSL MAIN 6.02 : dpdk Multiple Vulnerabilities (NS-SA-2021-0073)

The remote NewStart CGSL host, running version MAIN 6.02, has dpdk packages installed that are affected by multiple vulnerabilities: - A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the...

NewStart CGSL MAIN 6.02 : openwsman Vulnerability (NS-SA-2021-0084)

The remote NewStart CGSL host, running version MAIN 6.02, has openwsman packages installed that are affected by a vulnerability: - Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests. A remote,...

NewStart CGSL MAIN 6.02 : frr Vulnerability (NS-SA-2021-0084)

The remote NewStart CGSL host, running version MAIN 6.02, has frr packages installed that are affected by a vulnerability: - DISPUTED An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file wi...

NewStart CGSL MAIN 6.02 : util-linux Vulnerability (NS-SA-2021-0055)

The remote NewStart CGSL host, running version MAIN 6.02, has util-linux packages installed that are affected by a vulnerability: - Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. CVE-2014-9114 Note that Nessus has not tested for this issue but has instead relied...

NewStart CGSL MAIN 6.02 : targetcli Vulnerability (NS-SA-2021-0073)

The remote NewStart CGSL host, running version MAIN 6.02, has targetcli packages installed that are affected by a vulnerability: - Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target and for the backup directory and backup files. CVE-2020-13867 Note that Nessus has not...

NewStart CGSL CORE 5.04 / MAIN 5.04 : dbus Vulnerability (NS-SA-2021-0017)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has dbus packages installed that are affected by a vulnerability: - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, use...

NewStart CGSL CORE 5.04 / MAIN 5.04 : freeradius Multiple Vulnerabilities (NS-SA-2021-0037)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has freeradius packages installed that are affected by multiple vulnerabilities: - In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threads...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0011)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ipa Multiple Vulnerabilities (NS-SA-2021-0045)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ipa packages installed that are affected by multiple vulnerabilities: - A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password = 1,000,000 characters to the server, the password hashing...

NewStart CGSL MAIN 6.02 : cyrus-imapd Multiple Vulnerabilities (NS-SA-2021-0086)

The remote NewStart CGSL host, running version MAIN 6.02, has cyrus-imapd packages installed that are affected by multiple vulnerabilities: - Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context o...