1app Technologies, Inc Security Vulnerabilities

Slackware 14.2 : openssl (slackware 14.2) (SSA:2019-057-01)

New openssl packages are available for Slackware 14.2 to fix a security...

Photon OS 1.0: Binutils PHSA-2019-1.0-0203

An update of the binutils package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0013

An update of the libtiff package has been...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libheif vulnerabilities (USN-6847-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6847-1 advisory. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to...

Debian DSA-4400-1 : openssl1.0 - security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in...

Docker Desktop < 4.5.0 Incorrect Access Control

The version of Docker Desktop for Mac is prior to 4.5.0. Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

OpenTelemetry Collector < 0.102.1 DoS

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue.....

Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (July 2016 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the July 2016 CPU...

CVE-2024-23486

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured...

Debian DSA-4406-1 : waagent - security update

Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...

Enhancing Security with AI: Revolutionizing Protection in the Digital Era

In the ever-evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) and Machine Learning (ML) has emerged as a transformative force. AI, with its ability to mimic human cognition and problem-solving capabilities, combined with ML's capacity to iteratively learn from...

Microsoft Paint 3D Multiple Vulnerabilities (June 2021)

The Windows 'Paint 3D' app installed on the remote host is affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary...

Debian DSA-4413-1 : ntfs-3g - security update

A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege...

Slackware 14.2 / current : mozilla-firefox (SSA:2019-081-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security...

Debian DSA-4373-1 : coturn - security update

Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not...

KB5012589: Windows Azure Stack HCI Security Update (April 2022)

The remote Windows host is missing security update 5012589. It is, therefore, affected by multiple vulnerabilities resulting in miscellaneous security improvements to internal OS...

Fortra FileCatalyst Workflow SQLi (CVE-2024-5276) (Version Check)

The version of Fortra FileCatalyst Workflow running on the remote host is prior to 5.1.6 Build 139. It is, therefore, is affected by a SQL injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan regression (USN-6851-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-2 advisory. USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl...

rpc.ypupdated RCE Vulnerability

ypupdated with...

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

Ivanti Endpoint Manager < 2022 SU3 Privilege Escalation (SA-2023-06-06)

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version...

Ubuntu 22.04 LTS / 23.04 / 23.10 : Ghostscript vulnerability (USN-6551-1)

The remote Ubuntu 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6551-1 advisory. An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to...

GLSA-201903-10 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-10 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker to obtain sensitive...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Plasma Workspace vulnerability (USN-6843-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6843-1 advisory. Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this...

Photon OS 1.0: Elfutils PHSA-2018-1.0-0194

An update of the elfutils package has been...

Photon OS 2.0: Elfutils PHSA-2018-2.0-0108

An update of the elfutils package has been...

Photon OS 2.0: Glibc PHSA-2018-2.0-0009

An update of the glibc package has been...

OVAL Windows Compliance Checks

Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...

OVAL Linux Compliance Checks

Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...

WordPress 6.0 < 6.5.5

WordPress versions 6.0 &lt; 6.5.5 are affected by one or more...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4shell-finder - Fastest file system scanner for log4j...

GitLab 16.11.0 < 16.11.5 / 17.0.0 < 17.0.3 / 17.1.0 < 17.1.1 (CVE-2024-6323)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private...

IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158059)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158059 advisory. IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...

libndp >= 1.0 Buffer Overflow

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. Note that Nessus...

Photon OS 2.0: Curl PHSA-2018-2.0-0016

An update of the curl package has been...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libndp vulnerability (USN-6830-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6830-1 advisory. It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could...

VMware vCenter Server 7.0 < 7.0U3q / 8.0 < 8.0U3 DoS (CVE-2024-37087)

The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3q, or 8.0 prior to 8.0U3. It is, therefore, affected by an denial-of-service vulnerability as referenced in the VMSA-2024-0013 advisory. Note that Nessus has not tested for these issues but has instead relied...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : gdb vulnerabilities (USN-6842-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6842-1 advisory. It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker...

Dell Client BIOS Improper Input Validation (DSA-2024-167)

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. Note that Nessus has not tested for this issue but has...

Debian DLA-1675-1 : python-gnupg security update

Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase.....

Photon OS 1.0: Libsolv PHSA-2019-1.0-0212

An update of the libsolv package has been...

Photon OS 2.0: Kibana PHSA-2019-2.0-0132

An update of the kibana package has been...

Photon OS 2.0: Keepalived PHSA-2019-2.0-0134

An update of the keepalived package has been...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6536-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6536-1 advisory. A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode...

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is...

Debian DLA-1682-1 : uriparser security update

Joergen Ibsen reported an issue with uriparser, a URI parsing library compliant with RFC 3986. An Out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. '//[::44.1', were possible. For Debian 8 'Jessie', this problem has been fixed in version 0.8.0.1-2+deb8u2......

Ubuntu 16.04 ESM : Gzip vulnerability (USN-5378-4)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5378-4 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for...

KB5011490: Windows 10 version 17784 / Azure Stack HCI Security Update (March 2022)

The remote Windows host is missing security update 5011490. It is, therefore, missing multiple undisclosed security improvements to internal...

Debian DLA-1699-1 : ldb security update

Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 'Jessie', this problem has been fixed in version 2:1.1.20-0+deb8u2. We recommend that you upgrade your ldb packages. NOTE: Tenable...