Fedora 40 : libcoap (2024-75863445ff)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-75863445ff advisory. Patch to fix CVE-2024-31031 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

CVE-2024-2617

CVE-2024-2617 affects Hitachi Energy RTU500 series (RTU500 web server component). The vulnerability lets authenticated users bypass secure update and install unsigned firmware on RTU500. Reported impact is high (CVSS3.1: 7.2) with network attack vector, low complexity, high privileges required, a...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

Improper Certificate Validation

osxcollector is vulnerable to Improper Certificate Validation. The vulnerability is due to incomplete inspection of Universal/fat binaries, which allows malicious code to appear as if it is signed by Apple, leading to the execution of unsigned code...

PT-2024-21304

Name of the Vulnerable Software and Affected Versions RTU500 affected versions not specified Description A vulnerability exists in the RTU500 that allows authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to...

ALSA-2024:2456 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...

PYSEC-2024-246

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

RHEL 7 : rh-php72-php (RHSA-2019:3299)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3299 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

SUSE CVE-2024-26828

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

SUSE CVE-2024-26849

In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nlavalidaterangeunsigned lib/nlattr.c:222 inline BUG: KMSAN: uninit-value in nlavalidateintrange lib/nlattr.c:336 inline BUG: KMSAN: uninit-value in...

CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

DEBIAN-CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

UBUNTU-CVE-2024-31031

An issue in coappdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow...

DEBIAN-CVE-2024-26883

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on rounduppowoftwo to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arche...

CVE-2024-26885 bpf: Fix DEVMAP_HASH overflow check on 32-bit arches

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix DEVMAPHASH overflow check on 32-bit arches The devmap code allocates a number hash buckets equal to the next power of two of the maxentries value provided when creating the map. When rounding up to the next power of two,...