1app Technologies, Inc Security Vulnerabilities

Photon OS 1.0: Linux PHSA-2018-1.0-0188

An update of the linux package has been...

Photon OS 1.0: Linux PHSA-2018-1.0-0169

An update of the linux package has been...

Debian DLA-1683-1 : rdesktop security update

Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 1.8.4-0+deb8u1. We recommend that you upgrade your rdesktop...

VMware Fusion 12.0.x < 12.2.0 Vulnerability (VMSA-2022-0001.2)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 12.0.x prior to 12.2.0. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

Debian DSA-4384-1 : libgd2 - security update

Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is...

Ubuntu 18.10 : linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3878-1)

It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)...

Debian DLA-1668-1 : libarchive security update

Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) CVE-2019-1000020 Vulnerability in...

Docker Desktop < 4.5.0 Incorrect Access Control

The version of Docker Desktop for Mac is prior to 4.5.0. Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0013

An update of the libtiff package has been...

Fortra FileCatalyst Workflow SQLi (CVE-2024-5276) (Version Check)

The version of Fortra FileCatalyst Workflow running on the remote host is prior to 5.1.6 Build 139. It is, therefore, is affected by a SQL injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Photon OS 2.0: Redis PHSA-2018-2.0-0070

An update of the redis package has been...

Photon OS 2.0: Nginx PHSA-2019-2.0-0117

An update of the nginx package has been...

Photon OS 2.0: Openssh PHSA-2019-2.0-0126

An update of the openssh package has been...

Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)

The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...

Debian DSA-4373-1 : coturn - security update

Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not...

VMware vCenter Server 7.0 < 7.0U3q / 8.0 < 8.0U3 DoS (CVE-2024-37087)

The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3q, or 8.0 prior to 8.0U3. It is, therefore, affected by an denial-of-service vulnerability as referenced in the VMSA-2024-0013 advisory. Note that Nessus has not tested for these issues but has instead relied...

Debian DLA-1681-1 : gsoap security update

It was discovered that there was a denial of service vulnerability in gsoap a C/C++ language binding used for SOAP-based web services. For Debian 8 'Jessie', this issue has been fixed in gsoap version 2.8.17-1+deb8u2. We recommend that you upgrade your gsoap packages. Thanks to Mattias Ellert...

Debian DSA-4402-1 : mumble - security update

It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of...

Ubuntu 14.04 LTS : GNU C Library vulnerability (USN-2900-1)

It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has....

Slackware 14.2 : openssl (slackware 14.2) (SSA:2019-057-01)

New openssl packages are available for Slackware 14.2 to fix a security...

WordPress 6.0 < 6.5.5

WordPress versions 6.0 &lt; 6.5.5 are affected by one or more...

Photon OS 1.0: Libxml2 PHSA-2017-0024

An update of the libxml2 package has been...

Microsoft Paint 3D Multiple Vulnerabilities (June 2021)

The Windows 'Paint 3D' app installed on the remote host is affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary...

Dell Client BIOS Improper Input Validation (DSA-2024-167)

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. Note that Nessus has not tested for this issue but has...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...

Debian DSA-4400-1 : openssl1.0 - security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in...

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6549-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6549-4 advisory. An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in...

Debian DSA-4396-1 : ansible - security update

Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working...

Photon OS 1.0: Binutils PHSA-2019-1.0-0203

An update of the binutils package has been...

Photon OS 2.0: Curl PHSA-2018-2.0-0016

An update of the curl package has been...

libreoffice security fix update

[6.4.7.2-16.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-16] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...

Debian DLA-1703-1 : jackson-databind security update

Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For...

VMware Workstation 16.0.x < 16.2.1 Multiple Vulnerabilities (VMSA-2022-0004)

The version of VMware Workstation installed on the remote host is 16.0.x prior to 16.2.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

Photon OS 1.0: Elfutils PHSA-2018-1.0-0194

An update of the elfutils package has been...

Photon OS 2.0: Elfutils PHSA-2018-2.0-0108

An update of the elfutils package has been...

Photon OS 2.0: Glibc PHSA-2018-2.0-0009

An update of the glibc package has been...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6840-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6840-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : MariaDB vulnerability (USN-6839-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6839-1 advisory. A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...

Photon OS 2.0: Libsolv PHSA-2019-2.0-0136

An update of the libsolv package has been...

Photon OS 1.0: Curl PHSA-2019-1.0-0205

An update of the curl package has been...

Photon OS 1.0: Keepalived PHSA-2019-1.0-0212

An update of the keepalived package has been...

Photon OS 2.0: Libtiff PHSA-2019-2.0-0131

An update of the libtiff package has been...

GLSA-201903-11 : XRootD: Remote code execution

The remote host is affected by the vulnerability described in GLSA-201903-11 (XRootD: Remote code execution) A shell command injection was discovered in XRootD. Impact : A remote attacker could execute arbitrary code. Workaround : There is no known workaround at this...

Debian DSA-4406-1 : waagent - security update

Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...

Debian DLA-1651-1 : libgd2 security update

Several issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImage*Ptr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2019-6978 Simon Scannell found a heap-based buffer overflow, exploitable with crafted image....

Mattermost Desktop CVE-2024-36287 (macOS) (MMSA-2024-00326)

According to MMSA-2024-00326, Mattermost Desktop App versions &lt;= 5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Debian DLA-1675-1 : python-gnupg security update

Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase.....

Debian DLA-1653-1 : postgis security update

It was found that the function ST_AsX3D in PostGIS, a module that adds spatial objects to the PostgreSQL object-relational database, did not handle empty values properly, allowing malicious users to cause denial of service or possibly other unspecified behaviour. For Debian 8 'Jessie', this...

Ivanti Endpoint Manager < 2022 SU3 Privilege Escalation (SA-2023-06-06)

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version...