Oracle Linux 7 : realmd (ELSA-2015-2184)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-2184 advisory. 0.16.1-5 - Revert 0.16.1-4 - Use samba by default - Resolves: rhbz1271618 0.16.1-4 - Fix regressions in 0.16.x releases - Resolves: rhbz1258745 - Resolves:...

RHEL 7 : kpatch-patch (RHSA-2023:4834)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4834 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fixe...

Amazon Linux 2 : avahi (ALAS-2023-2175)

The version of avahi installed on the remote host is prior to 0.6.31-20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2175 advisory. A reachable assertion was found in avahidnspacketappendrecord. CVE-2023-38469 A reachable assertion was found in...

Amazon Linux AMI : openssh (ALAS-2023-1794)

The version of openssh installed on the remote host is prior to 7.4p1-22.78. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1794 advisory. An issue was discovered in OpenSSH 7.4 on Amazon Linux 2 and Amazon Linux 1. The fix for CVE-2019-6111 only covered cases where ...

Oracle Linux 8 : kernel (ELSA-2023-3847)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3847 advisory. - net: tls: fix possible race condition between dotlsgetsockoptconf and dotlssetsockoptconf Hangyu Hua CVE-2023-28466 Tenable has extracted the preceding...

The vulnerability of the Base plugin (gst-plugins-base) in the Gstreamer multimedia framework allows a perpetrator to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the Base plugin gst-plugins-base in the Gstreamer multimedia framework is related to insufficient protection of service data due to the lack of security updates on the remote host. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

Synology Router Manager (SRM) 1.2.x Multiple Vulnerabilities (Synology-SA-20:14)

Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE SLES12 Security Update : open-vm-tools (SUSE-SU-2023:2530-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2530-1 advisory. - A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and...

RHEL 8 : thunderbird (RHSA-2023:3596)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3596 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0. Security Fixes: Mozilla...

IBM CICS TX Standard and Advanced 安全漏洞

IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A security vulnerability exists in IBM TXSeries for Multiplatforms, IBM CICS TX...

CVE-2021-4368

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...

CVE-2021-4341

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

PT-2023-12444 · WordPress · Ulisting

Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to, and including, 1.6.6 Description: The issue allows for authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm update emai...

WordPress Plugin Brilliance 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2023-23480 · Skyscreamer · Nevado Jms

Name of the Vulnerable Software and Affected Versions: Skyscreamer Open Source Nevado JMS version 1.3.2 Description: The issue allows attackers to execute arbitrary commands by supplying crafted data due to the lack of security checks when receiving messages. Recommendations: For Skyscreamer Open...

AlmaLinux 8 : autotrace (ALSA-2023:3067)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:3067 advisory. - AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. CVE-2022-32323 Note that Nessus has not tested for thi...

AlmaLinux 8 : mingw-expat (ALSA-2023:3068)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3068 advisory. - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 Note that Nessus has not tested for this issue but has instead...

OpenShift: Missing HTTP Strict Transport Security

Openshift 4.9 does not use HTTP Strict Transport Security HSTS which may allow man-in-the-middle MITM attacks...

PT-2023-15476 · Nanoleaf · Nanoleaf

Name of the Vulnerable Software and Affected Versions: Nanoleaf firmware versions prior to 7.1.1 Description: The issue is related to missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. This affects IoT smart lights, enabling unauthenticated remote...

Fedora 37 : kernel (2023-4f2cf7e5d2)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4f2cf7e5d2 advisory. The 6.2.12 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly from the...