1app Technologies, Inc Security Vulnerabilities

Fedora 28 : moodle (2018-f4910a3260)

CVE-2018-16854 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : glusterfs (2018-d873767641)

4.1.1 GA, security fix for CVE-2018-10841 4.1.0 GA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : 1:libvorbis (2018-def329f680)

libvorbis 1.3.6. Fixes CVE-2018-5146. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 29 : 1:gitolite3 (2018-d0bac4ff3b)

3.6.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : setup (2018-f47268acd5)

don't list nologin in /etc/shells (#1378893) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : libsoup (2018-fb2afee474)

This update backports an upstream fix for CVE-2018-12910. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 29 : rubygem-loofah (2018-d5fcbb9ca6)

Update to Loofah 2.2.3. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 29 : exempi (2018-d8824aeec5)

Fix for CVE-2018-12648. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : nettle (2018-f7d9989c42)

Security fix for CVE-2018-16869 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

GLSA-201903-06 : rdesktop: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-06 (rdesktop: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in rdesktop. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of...

GLSA-201903-02 : Zsh: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201903-02 (Zsh: User-assisted execution of arbitrary code) Two input validation errors have been discovered in how Zsh parses scripts: Parsing a malformed shebang line could cause Zsh to call a program listed in the...

Debian DSA-463-1 : samba - privilege escalation

Samba, a LanManager-like file and printer server for Unix, was found to contain a vulnerability whereby a local user could use the 'smbmnt' utility, which is setuid root, to mount a file share from a remote server which contained setuid programs under the control of the user. These programs could.....

IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.21 Identity Spoofing (7158031)

The version of IBM WebSphere Application Server running on the remote host is affected by an identity spoofing vulnerability as referenced in the 7158031 advisory. IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature...

Fedora 28 : bouncycastle (2018-e6894349c9)

Security fix for CVE-2018-1000613 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : dnsdist (2018-ef486b9e50)

Security fix for CVE-2018-14663 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : wesnoth (2018-dc339c6534)

Fix for CVE-2018-1999023, other bugfixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : slurm (2018-d54c4f6452)

Security fix for CVE-2018-10995 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 29 : python2 (2018-ee97fc9e81)

Security fix for CVE-2018-14647 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : ntp (2018-e585e25b72)

Security fix for CVE-2018-12327 and fixed fix for CVE-2018-7170. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 28 : elfutils (2018-f91531043d)

DWARF5 and split dwarf, including GNU DebugFission, support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 28 : 1:gitolite3 (2018-dc060c6f2a)

3.6.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : rubygem-loofah (2018-d716df9942)

XXS when a crafted SVG element is republished (CVE-2018-16468). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 28 : libidn (2018-f749c70191)

Update to the latest upstream release, which fixes CVE-2017-14062. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 28 : soundtouch (2018-f4f75985b8)

Security fix for CVE-2018-14044, CVE-2018-14045 and CVE-2018-1000223 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 29 : gettext (2018-d6211abfb0)

fix CVE-2018-18751 (rhbz#1647044), move gettextize man to correct subpackage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 29 : liblouis (2018-e470c7f387)

Security fix for CVE-2018-17294 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Debian DLA-1687-1 : sox security update

Mike Salvatore discovered that the fixes for these heap-based buffer overflows had not been properly applied in the Debian package. For Debian 8 'Jessie', this problem has been fixed in version 14.4.1-5+deb8u1. We recommend that you upgrade your sox packages. NOTE: Tenable Network Security has...

Debian DLA-1691-1 : exiv2 security update

Several issues have been found in exiv2, a EXIF/IPTC/XMP metadata manipulation tool. CVE-2018-17581 A stack overflow due to a recursive function call causing excessive stack consumption which leads to denial of service. CVE-2018-19107 A heap based buffer over-read caused by an integer overflow...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow...

Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95975)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95975 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users...

Fedora 29 : mod_perl (2018-f6a5b71464)

This release fixes CVE-2011-2767 vulnerability (an arbitrary Perl code execution in the context of the httpd server) by disabling sections in non-server-level configuration. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Fedora 28 : ruby (2018-dd8162c004)

Rebase to Ruby 2.5.1. Several CVE fixes. Conflict requirement needs to generate dependency. Stop using --with-setjmp-type=setjmp on aarch64. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

IBM DB2 DoS (7145726) (Windows)

According to its self-reported version number, IBM Db2 on Windows is vulnerable to a denial of service by an authenticated user using a specially crafted query. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Ubuntu 16.04 ESM : Gzip vulnerability (USN-5378-4)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5378-4 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for...

Progress MOVEit Transfer 2023.0.x < 2023.0.11 / 2023.1.x < 2023.1.6 / 2024.0.x < 2024.0.2 Authentication Bypass (June 2024)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by an authentication bypass vulnerability as referenced in Progress Community article 000259290. Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead.....

Google Chrome < 126.0.6478.126 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_24 advisory. Use after free in Dawn. (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293) ...

Google Chrome < 126.0.6478.114 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_18 advisory. Type Confusion in V8. (CVE-2024-6100) Inappropriate implementation in...

Atlassian JIRA Service Desk < 4.20.25 / 5.3.x < 5.4.9 / 5.9.x < 5.9.2 / 5.10.x < 5.10.1 (JSDSERVER-14007)

The version of Atlassian JIRA Service Desk Server running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14007 advisory. The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in...

GitLab 16.9 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-2191)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge...

GitLab 1.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-4557)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1...

Fedora 28 : mingw-nettle (2019-01afc2352f)

Resolves CVE-2018-16869 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Ivanti Endpoint Manager < 2022 (CVE-2024-22058)

The version of Ivanti Endpoint Manager installed on the remote host is prior to 2022. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22058 advisory. A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute...

Debian DSA-4367-1 : systemd - security update

The Qualys Research Labs discovered multiple vulnerabilities in systemd-journald. Two memory corruption flaws, via attacker-controlled allocations using the alloca function (CVE-2018-16864, CVE-2018-16865 ) and an out-of-bounds read flaw leading to an information leak (CVE-2018-16866 ), could...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Apport vulnerabilities (USN-5427-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5427-1 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

GitLab 12.0 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-1816)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an...

Wireshark 2.4.x < 2.4.12 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is 2.4.x prior to 2.4.12. It is, therefore, affected by multiple denial of service vulnerabilities in the following protocol dissectors: P_MUL RTSE ISAKMP ENIP An attacker could cause Wireshark to crash by injecting a...

KB5001028: Windows 10 version 1909 OOB Security Update (Feb 2021)

The remote Windows host is missing a security update. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Hanwha Techwin SRN-4000 Improper Access Control (CVE-2017-7912)

A security research organization has discovered and disclosed a critical vulnerability in the firmware of certain Hanwha network video recording (NVR) devices. A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges...

Fedora 28 : krb5 (2019-ac7e19b0c8)

Improve memset hygiene in one location. Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.) Note that Tenable Network Security has extracted the...

Keycloak < 24.0.5 Unauthorized Access (CVE-2024-3656)

In Keycloak prior to 24.0.5, users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators,....