1app Technologies, Inc Security Vulnerabilities

Photon OS 2.0: Libtiff PHSA-2018-2.0-0048

An update of the libtiff package has been...

Photon OS 2.0: Curl PHSA-2018-2.0-0009

An update of the curl package has been...

Debian DLA-1662-1 : libthrift-java security update

It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making...

Debian DLA-1659-1 : drupal7 security update

A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this...

GLSA-202406-02 : Flatpak: Sandbox Escape

The remote host is affected by the vulnerability described in GLSA-202406-02 (Flatpak: Sandbox Escape) A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

JVN#29471697: Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification (CWE-295). ## Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. ## Solution Update the application Update the....

Ubuntu 23.10 / 24.04 LTS : Rack vulnerabilities (USN-6837-1)

The remote Ubuntu 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6837-1 advisory. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to...

Debian DSA-4372-1 : ghostscript - security update

Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being...

Debian DSA-4375-1 : spice - security update

Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary...

CVE-2024-1587

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...

Photon OS 1.0: Glib PHSA-2018-1.0-0194

An update of the glib package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0110

An update of the libtiff package has been...

Photon OS 2.0: Nodejs PHSA-2018-2.0-0093

An update of the nodejs package has been...

Photon OS 2.0: Ruby PHSA-2018-2.0-0013

An update of the ruby package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0060

An update of the libtiff package has been...

Photon OS 2.0: Strongswan PHSA-2018-2.0-0075

An update of the strongswan package has been...

Photon OS 1.0: Libgcrypt PHSA-2018-1.0-0182

An update of the libgcrypt package has been...

Photon OS 1.0: Libevent PHSA-2017-0013

An update of the libevent package has been...

Photon OS 1.0: Glibc PHSA-2017-0041

An update of the glibc package has been...

Photon OS 1.0: Libxml2 PHSA-2017-0001

An update of the libxml2 package has been...

Photon OS 2.0: Unzip PHSA-2019-2.0-0126

An update of the unzip package has been...

Photon OS 1.0: Strongswan PHSA-2018-1.0-0164

An update of the strongswan package has been...

Photon OS 1.0: Librelp PHSA-2018-1.0-0129

An update of the librelp package has been...

Photon OS 1.0: Go PHSA-2018-1.0-0123

An update of the go package has been...

Photon OS 1.0: Glibc PHSA-2018-1.0-0098-(a)

An update of the glibc package has been...

Arecont Vision AV1355DN MegaDome camera Denial of Service (CVE-2013-0139)

The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2022-48702

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

Debian DLA-1649-1 : spice security update

Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. For Debian 8 'Jessie', this problem has been fixed in version...

Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-2972-1)

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687,.....

Photon OS 1.0: Openssl PHSA-2018-1.0-0097-(a)

An update of the openssl package has been...

Photon OS 1.0: Ntp PHSA-2018-1.0-0167

An update of the ntp package has been...

Debian DLA-1661-1 : mumble security update

It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. With the new security update a rate limiter is added with Leaky-Bucket...

GLSA-202406-05 : JHead: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202406-05 (JHead: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...

Debian DLA-1683-1 : rdesktop security update

Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 1.8.4-0+deb8u1. We recommend that you upgrade your rdesktop...

Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-a58a7e2388)

The remote host is missing an update for...

Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-3da8ed5be3)

The remote host is missing an update for...

Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-08bb549a36)

The remote host is missing an update for...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...

Photon OS 1.0: Linux PHSA-2018-1.0-0169

An update of the linux package has been...

Photon OS 1.0: Linux PHSA-2018-1.0-0188

An update of the linux package has been...

Photon OS 1.0: Python3 PHSA-2018-1.0-0178

An update of the python3 package has been...

Photon OS 1.0: Python2 PHSA-2018-1.0-0178

An update of the python2 package has been...

Photon OS 1.0: Nginx PHSA-2018-1.0-0201

An update of the nginx package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0039

An update of the libtiff package has been...

Debian DLA-1650-1 : rssh security update

The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...

Debian DSA-4377-1 : rssh - security update

The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...

Photon OS 1.0: Binutils PHSA-2017-1.0-0095

An update of the binutils package has been...

Dell Client BIOS Improper Input Validation (DSA-2024-125)

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has instead...

Photon OS 1.0: Ruby PHSA-2017-0021

An update of the ruby package has been...