1app Technologies, Inc Security Vulnerabilities

Fedora 29 : tmux (2018-e5e93f4c7b)

fixes rhbz #1652128 and #1652127 - CVE-2018-19387 tmux: NULL pointer Dereference in format_cb_pane_tabs in format.c Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean...

Ivanti Endpoint Manager < 2022 SU4 Privilege Escalation (SA-2023-06-20)

A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a...

Ollama < 0.1.34 Improper Input Validation

The version of Ollama installed on the remote host is prior to 0.1.34. It is, therefore, affected by an improper input validation vulnerability. Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the...

GLSA-201903-09 : GNU C Library: Arbitrary descriptor allocation

The remote host is affected by the vulnerability described in GLSA-201903-09 (GNU C Library: Arbitrary descriptor allocation) A vulnerability was discovered in the GNU C Library functions xdr_bytes and xdr_string. Impact : A remote attacker, by sending a crafted UDP packet, could cause a...

Photon OS 1.0: Perl PHSA-2019-1.0-0212

An update of the perl package has been...

Photon OS 2.0: Binutils PHSA-2019-2.0-0134

An update of the binutils package has been...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6536-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6536-1 advisory. A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode...

Fedora 28 : xen (2018-d3cb6f113c)

Speculative register leakage from lazy FPU context switching [XSA-267, CVE-2018-3665] fix for change in iasl output Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

Fedora 29 : icu (2018-db05d9982f)

Security fix for CVE-2018-18928 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 29 : udisks2 (2018-f0ce9a3a35)

Security fix for CVE-2018-17336 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : libcgroup (2018-f6adf1cb62)

Fix for CVE-2018-14348. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : vcftools (2018-ea05fcd378)

Update to latest upstream release 0.1.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 29 : adplug (2018-de3a0ba76e)

Fix double-free in CEmuopl::~CEmuopl() (#1635881, CVE-2018-17825) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 28 : glusterfs (2018-e048a4ef13)

Security fix for CVE-2018-1088 (Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

Fedora 29 : mosquitto (2018-f80b495582)

Update to new upstream version 1.5.5 (rhbz#1660413, rhbz#1660414) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Wireshark 2.4.x < 2.4.12 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is 2.4.x prior to 2.4.12. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: P_MUL RTSE ISAKMP ENIP An attacker could cause Wireshark to crash by injecting a...

KB5011490: Windows 10 version 17784 / Azure Stack HCI Security Update (March 2022)

The remote Windows host is missing security update 5011490. It is, therefore, missing multiple undisclosed security improvements to internal...

Debian DLA-1690-1 : liblivemedia security update

Multiple vulnerabilities have been discovered in liblivemedia, the LIVE555 RTSP server library : CVE-2019-6256 liblivemedia servers with RTSP-over-HTTP tunneling enabled are vulnerable to an invalid function pointer dereference. This issue might happen during error handling when processing two GET....

VMware Fusion 12.0.x < 12.2.1 Multiple Vulnerabilities (VMSA-2022-0004)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 12.0.x prior to 12.2.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

Debian DLA-1671-1 : coturn security update

Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not possible to easily...

Debian dla-3846 : libmojolicious-perl - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] ...

Debian dsa-5718 : elpa-org - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5718 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5718-1 [email protected] ...

Debian DLA-1644-1 : policykit-1 security update

Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges : CVE-2018-19788 It was discovered that incorrect processing of very high UIDs in Policykit could result in authentication bypass. CVE-2019-6133 Jann Horn of Google found that Policykit...

Debian DLA-1670-1 : ghostscript security update

Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). For Debian 8 'Jessie', this problem has...

CVE-2024-1587

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...

Debian DSA-4407-1 : xmltooling - security update

Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using...

GitLab 16.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-3115)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker...

Fedora 29 : gnupg2 (2019-75a8da28f0)

Minor update to upstream version 2.2.12 fixing moderate security issue and other bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

Wireshark 2.6.x < 2.6.6 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is 2.6.x prior to 2.6.6. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: 6LoWPAN P_MUL RTSE ISAKMP An attacker could cause Wireshark to crash by injecting...

ManageEngine OpManager XSS (CVE-2024-36038)

A cross-side scripting vulnerability exists in the configured proxy server for ManageEngine OpManager 12.8.234. A attacker can use this vulnerability to alter the intended functionality of the proxy server, potentially leading to credentials disclosure within a trusted session. Note that Nessus...

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

Debian DSA-4401-1 : wordpress - security update

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by...

Golang < 1.21.11, 1.22.x < 1.22.4 Multiple Vulnerabilities

The version of Golang running on the remote host is prior to 1.21.11 or 1.22.x prior to 1.22.4. It is, therefore, is affected by multiple vulnerabilities: archive/zip: mishandling of corrupt central directory record allows for the insertion of code and contents depending on the...

Debian DLA-1699-1 : ldb security update

Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 'Jessie', this problem has been fixed in version 2:1.1.20-0+deb8u2. We recommend that you upgrade your ldb packages. NOTE: Tenable...

Debian DLA-1693-1 : gpac security update

Several issues have been found by different authors in gpac, an Open Source multimedia framework for research and academic purposes. The issues are basically all buffer overflows in different functions all over the package. For Debian 8 'Jessie', these problems have been fixed in version...

Debian DSA-3531-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1646 Wen Xu discovered an out-of-bounds read issue in the v8 library. CVE-2016-1647 A use-after-free issue was discovered. CVE-2016-1648 A use-after-free issue was discovered in the handling...

Kibana 8.6.3 < 8.14 (ESA-2024-15)

The version of Kibana installed on the remote host is between 8.6.3 and 8.13.4. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-15 advisory. A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run...

Fedora 28 : gnutls (2019-1a0d4443f8)

Added explicit Requires for nettle &gt;= 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Debian DSA-4389-1 : libu2f-host - security update

Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM.....

Photon OS 2.0: Linux PHSA-2018-2.0-0073

An update of the linux package has been...

Photon OS 1.0: Binutils PHSA-2018-1.0-0154

An update of the binutils package has been...

Photon OS 1.0: Linux PHSA-2017-0028

An update of the linux package has been...

Debian DLA-1633-1 : sqlite3 security update

Several flaws were corrected in SQLite, a SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. CVE-2017-2519 Insufficient size of the reference count on Table objects could lead to a denial of.....

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies,...

Debian DSA-4397-1 : ldb - security update

Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of...

Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5560-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5560-2 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local...

Photon OS 1.0: Linux PHSA-2017-0019

An update of the linux package has been...

Debian DSA-4415-1 : passenger - security update

An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed...

Debian DLA-1717-1 : rdflib security update

The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because 'python -m' appends the current directory in the python path. For Debian 8 'Jessie', this problem has been fixed in version 4.1.2-3+deb8u1. We recommend that you upgrade your rdflib...

openSUSE Security Update : pdns-recursor (openSUSE-2019-100)

This update for pdns-recursor fixes the following issues : CVE-2019-3807: Fixed insufficient validation of DNSSEC signatures...