IID, Inc. Security Vulnerabilities

Photon OS 2.0: Go PHSA-2018-2.0-0034

An update of the go package has been...

Photon OS 1.0: Ruby PHSA-2018-1.0-0100

An update of the ruby package has been...

Photon OS 1.0: Go PHSA-2018-1.0-0117

An update of the go package has been...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : snapd vulnerability (USN-4728-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4728-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

Photon OS 2.0: Binutils PHSA-2018-2.0-0021

An update of the binutils package has been...

Photon OS 1.0: Curl PHSA-2018-1.0-0186

An update of the curl package has been...

Photon OS 1.0: Perl PHSA-2018-1.0-0175

An update of the perl package has been...

Photon OS 1.0: Freetype2 PHSA-2018-1.0-0148

An update of the freetype2 package has been...

Photon OS 1.0: Pycrypto PHSA-2018-1.0-0126

An update of the pycrypto package has been...

Photon OS 1.0: Net PHSA-2018-1.0-0126

An update of the net package has been...

Photon OS 2.0: Libgcrypt PHSA-2018-2.0-0091

An update of the libgcrypt package has been...

Photon OS 2.0: Strongswan PHSA-2018-2.0-0086

An update of the strongswan package has been...

CVE-2023-52739

In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca...

Photon OS 1.0: Systemd PHSA-2017-0041

An update of the systemd package has been...

Photon OS 1.0: Tcpdump PHSA-2017-0033

An update of the tcpdump package has been...

Debian DSA-4382-1 : rssh - security update

Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of...

Photon OS 2.0: Shadow PHSA-2018-2.0-0080

An update of the shadow package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0048

An update of the libtiff package has been...

Photon OS 2.0: Curl PHSA-2018-2.0-0009

An update of the curl package has been...

Dell Client BIOS Incorrect Authorization (DSA-2024-122)

Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS. Note that Nessus has not tested for this issue but has instead relied.....

Photon OS 2.0: Rsync PHSA-2018-2.0-0009

An update of the rsync package has been...

Photon OS 1.0: Redis PHSA-2018-1.0-0156

An update of the redis package has been...

Photon OS 1.0: Rsync PHSA-2018-1.0-0096

An update of the rsync package has been...

Ubuntu 20.04 LTS : Git vulnerability (USN-6793-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6793-2 advisory. USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further investigation. This update fixes the problem. Original advisory details: It...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...

Debian DLA-1662-1 : libthrift-java security update

It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making...

Debian DLA-1659-1 : drupal7 security update

A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this...

Debian DLA-1656-1 : agg security update

A stack overflow vulnerability was discovered in AGG, the AntiGrain Geometry graphical toolkit, that may lead to code execution if a malformed file is processed. Since AGG only provides a static library, the desmume and exactimage packages were rebuilt against the latest security update. For...

Debian DSA-4379-1 : golang-1.7 - security update

A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in 'go get', which could result in the execution of arbitrary shell...

Ubuntu 23.10 / 24.04 LTS : Rack vulnerabilities (USN-6837-1)

The remote Ubuntu 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6837-1 advisory. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to...

Photon OS 1.0: Openssl PHSA-2018-1.0-0097-(a)

An update of the openssl package has been...

Photon OS 1.0: Ntp PHSA-2018-1.0-0167

An update of the ntp package has been...

GLSA-202406-02 : Flatpak: Sandbox Escape

The remote host is affected by the vulnerability described in GLSA-202406-02 (Flatpak: Sandbox Escape) A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4shell-finder - Fastest file system scanner for log4j...

Photon OS 1.0: Ruby PHSA-2017-0037

An update of the ruby package has been...

Photon OS 1.0: Pycrypto PHSA-2017-0026

An update of the pycrypto package has been...

Photon OS 1.0: Openssh PHSA-2016-0014

An update of the openssh package has been...

Photon OS 1.0: Glib PHSA-2018-1.0-0194

An update of the glib package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0110

An update of the libtiff package has been...

Photon OS 2.0: Nodejs PHSA-2018-2.0-0093

An update of the nodejs package has been...

Debian DLA-1649-1 : spice security update

Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. For Debian 8 'Jessie', this problem has been fixed in version...

Debian DLA-1661-1 : mumble security update

It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. With the new security update a rate limiter is added with Leaky-Bucket...

Debian DSA-4406-1 : waagent - security update

Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...

CVE-2024-2334

The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author....

Photon OS 2.0: Strongswan PHSA-2018-2.0-0075

An update of the strongswan package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0060

An update of the libtiff package has been...

Photon OS 2.0: Ruby PHSA-2018-2.0-0013

An update of the ruby package has been...

Photon OS 1.0: Libgcrypt PHSA-2018-1.0-0182

An update of the libgcrypt package has been...

Ubuntu 16.04 LTS / 18.04 LTS : H2 vulnerabilities (USN-6834-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6834-1 advisory. It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute...