Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)

The version of postgresql installed on the remote host is prior to 13.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2024-008 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

Fortinet FortiProxy Out-of-bound Write in sslvpnd (FG-IR-24-015)

The version of FortiProxy installed on the remote host affected by an out-of-bounds write vulnerability in sslvpnd that can allow an attacker to execute unauthorized code or commands via specifically crafted requests. Note that Nessus has not tested for this issue but has instead relied only on t...

FreeBSD : gitea -- Prevent anonymous container access (bd7592a1-cbfd-11ee-a42a-5404a6f3ca32)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bd7592a1-cbfd-11ee-a42a-5404a6f3ca32 advisory. - Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

FreeBSD : readstat -- Heap buffer overflow in readstat_convert (388eefc0-c93f-11ee-92ce-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 388eefc0-c93f-11ee-92ce-4ccc6adda413 advisory. - Google reports: A heap buffer overflow exists in readstatconvert. 388eefc0-c93f-11ee-92ce-4ccc6adda41...

FreeBSD : gitea -- block user account creation from blocked email domains (4061a4b2-4fb1-11ee-acc7-0151f07bc899)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4061a4b2-4fb1-11ee-acc7-0151f07bc899 advisory. - The Gitea team reports: check blocklist for emails when adding them to account 4061a4b2-4fb1-11ee-...

FreeBSD : phpmyfaq -- multiple vulnerabilities (7d6be8d4-f812-11ed-a7ff-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7d6be8d4-f812-11ed-a7ff-589cfc0f81b0 advisory. - phpmyfaq developers report: Multiple XSS vulnerabilities 7d6be8d4-f812-11ed-a7ff-589cfc0f81b0 Note th...

FreeBSD : redis -- multiple vulnerabilities (b17bce48-b7c6-11ed-b304-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b17bce48-b7c6-11ed-b304-080027f5fec9 advisory. - The Redis core team reports: CVE-2022-36021, CVE-2023-25155 Note that Nessus has not tested...

K05403841: BIG-IP and BIG-IQ improvements disclosed by Rapid7

Security Advisory Description BIG-IP and BIG-IQ improvements disclosed by Rapid7 Important : F5 recognizes these issues are security related. However, there is no known way to exploit these issues without first bypassing existing security controls using an unknown or undiscovered mechanism,...

FreeBSD : mediawiki -- multiple vulnerabilities (d379aa14-8729-11ed-b988-080027d3a315)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d379aa14-8729-11ed-b988-080027d3a315 advisory. - Mediawikwi reports: T322637, CVE-2022-PENDING SECURITY: Make sqlite DB files not world readable...

OpenSSL 3.0.7 update assessment

OpenSSL 3.0.7 update assessment Summary The vulnerability in the OpenSSL Security Advisory of Dec 13 2022 do not affect any active Node.js release lines. Analysis Our assessment of the security advisory is: X.509 Policy Constraints Double Locking CVE-2022-3996 Node.js doesn't call OpenSSL as a...

FreeBSD : gitea -- multiple issues (df29c391-1046-11ed-a7ac-0800273f11ea)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the df29c391-1046-11ed-a7ac-0800273f11ea advisory. - The Gitea team reports: Add write check for creating Commit status Check for permission when fetching...

Mageia: Security Advisory (MGASA-2021-0372)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202107-20 : Redis: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202107-20 Redis: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...

GPAC Denial of Service Vulnerability (CNVD-2022-03628)

GPAC is an open source multimedia framework. gfdumpsetup function in GPAC version 1.0.1 has a denial of service vulnerability that stems from certain security-related information being missed and can be exploited by an attacker to cause a denial of service...

FreeBSD : Solr -- Apache Log4J (66cf7c43-5be3-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 66cf7c43-5be3-11ec-a587-001b217b3468 advisory. - Solr reports: Apache Solr affected by Apache Log4J 66cf7c43-5be3-11ec-a587-001b217b3468 Note that...

FreeBSD : Ansible -- Ansible user credentials disclosure in ansible-connection module (9a8514f3-2ab8-11ec-b3a1-8c164582fbac)

Red Hat reports : A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. %NASLMINLEVEL 70300 C Tenabl...

FreeBSD : Python -- multiple vulnerabilities (0e561173-0fa9-11ec-a2fa-080027948c12)

Python reports : bpo-44394: Update the vendored copy of libexpat to 2.4.1 from 2.2.8 to get the fix for the CVE-2013-0340 'Billion Laughs' vulnerability. This copy is most used on Windows and macOS. bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n...

FreeBSD : xtrlock -- xtrlock does not block multitouch events (e80073d7-f8ba-11eb-b141-589cfc007716)

Debian reports : xtrlock did not block multitouch events so an attacker could still input and thus control various programs such as Chromium, etc. via so-called 'multitouch' events including pan scrolling, 'pinch and zoom' or even being able to provide regular mouse clicks by depressing the...

Updated kernel-linus packages fix security and other issues

The kernel-linus update in MGASA-2021-0258 contained some security fixes that caused regressions in at least some container and chroot setups. This update provides upstream 5.10.45 that adds follow-up fixes to resolve the regressions and other various security-related and other bugfixes. For more...

GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202104-08 Chromium, Google Chrome: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. Impact : Please review the...