CBL Mariner 2.0 Security Update: reaper (CVE-2024-4068)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4068 advisory. - The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which...

[SECURITY] Fedora 39 Update: mingw-gstreamer1-plugins-bad-free-1.22.9-1.fc39

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

CVE-2024-38565 wifi: ar5523: enable proper endpoint verification

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports 1 hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

Rocky Linux 9 : git-lfs (RLSA-2024:2724)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2724 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining...

CentOS 9 : swtpm-0.8.0-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the swtpm-0.8.0-1.el9 build changelog. - swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are...

CentOS 9 : toolbox-0.0.99.3-9.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the toolbox-0.0.99.3-9.el9 build changelog. - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP heade...

Amazon Linux 2 : ipa (ALAS-2024-2457)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2457 advisory. A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform...

[SECURITY] Fedora 38 Update: mingw-gstreamer1-plugins-bad-free-1.22.7-1.fc38

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

Fedora 39 : rdiff-backup (2023-3909a0ab0e)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3909a0ab0e advisory. Rebuild for pyinstall CVE-2023-49797 BZ2253844 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

[SECURITY] Fedora 39 Update: gstreamer1-plugins-bad-free-1.22.7-1.fc39

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

Ubuntu 20.04 ESM / 22.04 LTS / 23.04 : FRR vulnerabilities (USN-6436-1)

The remote Ubuntu 20.04 ESM / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6436-1 advisory. It was discovered that the FRR did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue t...

Juniper Junos OS Vulnerability (JSA73172)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73172 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows a unauthenticate...

Fedora 37 : mingw-python-certifi (2023-ed525aa807)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ed525aa807 advisory. Update to 2022.12.7, fixes CVE-2022-23491. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Google Chrome < 109.0.5414.74 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 109.0.5414.74. It is, therefore, affected by multiple vulnerabilities as referenced in the 202301stable-channel-update-for-desktop advisory. - Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414....

Important: Red Hat Security Advisory: convert2rhel security update

A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

RHEL 8 : freerdp (RHSA-2021:4620)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4620 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

The Iowa Caucus Tech Meltdown Is a Warning

The Iowa results will come in eventually, thanks to a paper trail. But it underscores just how much can go wrong when you lean on unnecessary, untested tech...

RHEL 7 : nss, nss-softokn, nss-util, and nspr (RHSA-2019:2237)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2237 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

[SECURITY] Fedora 25 Update: gstreamer-plugins-bad-free-0.10.23-35.fc25

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

D-Link DCS-931L Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 /alphapd/ def initializeinfo = superupdateinfoinfo, 'Name' = 'D-Link DCS-931L File Upload', 'Description' = %q This module exploits a...