Fortinet FortiProxy Out-of-bound Write in sslvpnd (FG-IR-24-015)

The version of FortiProxy installed on the remote host affected by an out-of-bounds write vulnerability in sslvpnd that can allow an attacker to execute unauthorized code or commands via specifically crafted requests. Note that Nessus has not tested for this issue but has instead relied only on t...

FreeBSD : readstat -- Heap buffer overflow in readstat_convert (388eefc0-c93f-11ee-92ce-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 388eefc0-c93f-11ee-92ce-4ccc6adda413 advisory. - Google reports: A heap buffer overflow exists in readstatconvert. 388eefc0-c93f-11ee-92ce-4ccc6adda41...

This Week in Spring - 28 November, 2023

Hi, Spring fans! I hope everyone who celebrated Thanksgiving had a wonderful time. Did you indulge in too much turkey? Anyway, let's jump into this week's edition of This Week in Spring—a particularly special one for a couple of reasons. First, it's our first issue after the launch of Spring Boot...

FreeBSD : Ansible -- Ansible user credentials disclosure in ansible-connection module (9a8514f3-2ab8-11ec-b3a1-8c164582fbac)

Red Hat reports : A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. %NASLMINLEVEL 70300 C Tenabl...

December 1, 2020, update for Office 2016 (KB4486746)

December 1, 2020, update for Office 2016 KB4486746 This article describes update 4486746 for Microsoft Office 2016 that was released on December 1, 2020.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

FreeBSD : php72 -- use of freed hash key (ee261034-b95e-4479-b947-08b0877e029f)

grigoritchy at gmail dot com reports : The pharparsezipfile function had use-after-free vulnerability because of mishandling of the actualalias variable. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...

FreeBSD : samba -- multiple vulnerabilities (3c7911c9-8a29-11ea-8d8c-005056a311d1)

The Samba Team reports : CVE-2020-10700 A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server. CVE-2020-10704 A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV. C...

FreeBSD : ansible - win_unzip path normalization (0899c0d3-80f2-11ea-bafd-815569f3852d)

Borja Tarraso reports : A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by...

FreeBSD : OpenSSL -- Multiple vulnerabilities (9e0c6f7a-d46d-11e9-a1c7-b499baebfeaf)

The OpenSSL project reports : ECDSA remote timing attack CVE-2019-1547 Low Fork Protection CVE-2019-1549 Low OpenSSL 1.1.1 only C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2019 Jacques...

FreeBSD : RDoc -- multiple jQuery vulnerabilities (ed8d5535-ca78-11e9-980b-999ff59c22ea)

Ruby news : There are multiple vulnerabilities about Cross-Site Scripting XSS in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc. The following vulnerabilities have been reported...

FreeBSD : drupal -- Drupal core - Moderately critical - XSS (94d63fd7-508b-11e9-9ba0-4c72b94353b5)

Drupal Security Team reports : Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

FreeBSD : pcre -- stack buffer overflow (7033b42d-ef09-11e5-b766-14dae9d210b8)

Philip Hazel reports : PCRE does not validate that handling the ACCEPT verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

FreeBSD : php5 -- multiple vulnerabilities (cdff0af2-1492-11e5-a1cf-002590263bf5)

The PHP project reports : DOM and GD : - Fixed bug 69719 Incorrect handling of paths with NULs. FTP : - Improved fix for bug 69545 Integer overflow in ftpgenlist resulting in heap overflow. CVE-2015-4643 Postgres : - Fixed bug 69667 segfault in phppgsqlmetadata. CVE-2015-4644 %NASLMINLEVEL 70300 ...

FreeBSD : chromium -- multiple vulnerabilities (210f80b9-ede4-11e4-81c4-00262d5ed8ee)

Google Chrome Releases reports : 5 security fixes in this release, including : - 453279 High CVE-2015-1243: Use-after-free in DOM. Credit to Saif El-Sherei. - 481777 CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives. %NASLMINLEVEL 70300 C Tenable Network Security,...

FreeBSD : Adobe Flash Player -- critical vulnerability (37a87ade-a59f-11e4-958e-0011d823eebd)

Adobe reports : Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and...

FreeBSD : node -- private information disclosure (a1d0911f-987a-11e1-a2ef-001fd0af1a4c)

Private information disclosure An attacker can cause private information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors...

FreeBSD : mozilla -- multiple vulnerabilities (e3ff776b-2ba6-11e1-93c6-0011856a6e37)

The Mozilla Project reports : MFSA 2011-53 Miscellaneous memory safety hazards rv:9.0 MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library MFSA 2011-55 nsSVGValue out-of-bounds access MFSA 2011-56 Key detection without JavaScript via SVG animation MFSA 2011-58 Crash...

FreeBSD : linux-flashplugin -- multiple vulnerabilities (0e8e1212-0ce5-11e1-849b-003067b2972c)

Adobe Product Security Incident Response Team reports : Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. In addition a patch was releas...

FreeBSD : isc-dhcp-server -- server halt upon processing certain packets (510b630e-c43b-11e0-916c-00e0815b8da8)

ISC reports : A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

FreeBSD : isc-dhcp-client -- dhclient does not strip or escape shell meta-characters (7e69f00d-632a-11e0-9f3a-001d092480a4)

ISC reports : ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client. %NASLMINLEVEL 70300 C...