IID, Inc. Security Vulnerabilities

Photon OS 2.0: Curl PHSA-2018-2.0-0096

An update of the curl package has been...

Photon OS 1.0: Libevent PHSA-2017-0013

An update of the libevent package has been...

Ubuntu 20.04 LTS / 22.04 LTS : matio vulnerability (USN-6829-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6829-1 advisory. It was discovered that matio incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of service. ...

Photon OS 1.0: Glibc PHSA-2017-0041

An update of the glibc package has been...

Photon OS 1.0: Libxml2 PHSA-2017-0001

An update of the libxml2 package has been...

Debian DSA-4380-1 : golang-1.8 - security update

A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in 'go get', which could result in the execution of arbitrary shell...

Arecont Vision AV1355DN MegaDome camera Denial of Service (CVE-2013-0139)

The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Debian DSA-4399-1 : ikiwiki - security update

Joey Hess discovered that the aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side request forgery, resulting in information disclosure or denial of...

Debian DLA-1649-1 : spice security update

Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. For Debian 8 'Jessie', this problem has been fixed in version...

Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-2972-1)

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687,.....

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...

Photon OS 1.0: Openssl PHSA-2018-1.0-0097-(a)

An update of the openssl package has been...

Photon OS 1.0: Ntp PHSA-2018-1.0-0167

An update of the ntp package has been...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...

CVE-2022-48702

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

GLSA-202406-05 : JHead: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202406-05 (JHead: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

Debian DLA-1661-1 : mumble security update

It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. With the new security update a rate limiter is added with Leaky-Bucket...

CVE-2024-1587

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...

Photon OS 1.0: Systemd PHSA-2017-0044

An update of the systemd package has been...

Photon OS 1.0: Ruby PHSA-2017-0029

An update of the ruby package has been...

Photon OS 1.0: Rsyslog PHSA-2017-0030

An update of the rsyslog package has been...

Photon OS 1.0: Python3 PHSA-2018-1.0-0178

An update of the python3 package has been...

Photon OS 1.0: Python2 PHSA-2018-1.0-0178

An update of the python2 package has been...

CVE-2024-26023

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS...

Photon OS 1.0: Nginx PHSA-2018-1.0-0201

An update of the nginx package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0039

An update of the libtiff package has been...

Photon OS 1.0: Binutils PHSA-2017-1.0-0095

An update of the binutils package has been...

Photon OS 2.0: Openssl PHSA-2018-2.0-0010-(a)

An update of the openssl package has been...

Ubuntu 16.04 LTS / 18.04 LTS : H2 vulnerabilities (USN-6834-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6834-1 advisory. It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute...

Photon OS 1.0: Ruby PHSA-2017-0021

An update of the ruby package has been...

GLSA-202406-04 : LZ4: Memory Corruption

The remote host is affected by the vulnerability described in GLSA-202406-04 (LZ4: Memory Corruption) An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an...

Slackware Linux 15.0 / current emacs Vulnerability (SSA:2024-174-01)

The version of emacs installed on the remote host is prior to 29.4. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-174-01 advisory. New emacs packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

Debian DLA-1692-1 : phpmyadmin security update

An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration. When the AllowArbitraryServer configuration setting is set to false (default), the attacker.....

Debian DLA-1686-1 : freedink-dfarc security update

Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc, a frontend and extensions manager for the Dink Smallwood game, allowing an attacker to overwrite arbitrary files on the user's system. For Debian 8 'Jessie', this problem has been fixed in version 3.12-1+deb8u1......

Debian DSA-2929-1 : ruby-actionpack-3.2 - security update

Several vulnerabilities were discovered in Action Pack, a component of Ruby on Rails. CVE-2014-0081 actionview/lib/action_view/helpers/number_helper.rb contains multiple cross-site scripting vulnerabilities CVE-2014-0082 actionpack/lib/action_view/template/text.rb performs ...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ruby vulnerabilities (USN-6838-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6838-1 advisory. It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked...

Ubuntu 23.10 : Linux kernel (Azure) vulnerabilities (USN-6573-1)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6573-1 advisory. A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num...

Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-037-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security...

GLSA-202406-01 : GLib: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202406-01 (GLib: Privilege Escalation) A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

GLSA-202406-03 : RDoc: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202406-03 (RDoc: Remote Code Execution) A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

Photon OS 2.0: Unzip PHSA-2019-2.0-0126

An update of the unzip package has been...

Photon OS 1.0: Strongswan PHSA-2018-1.0-0164

An update of the strongswan package has been...

Photon OS 1.0: Librelp PHSA-2018-1.0-0129

An update of the librelp package has been...

Photon OS 1.0: Go PHSA-2018-1.0-0123

An update of the go package has been...

Photon OS 1.0: Glibc PHSA-2018-1.0-0098-(a)

An update of the glibc package has been...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : FontForge vulnerabilities (USN-6856-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6856-1 advisory. It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were ...

Slackware 14.2 : openssl (slackware 14.2) (SSA:2019-057-01)

New openssl packages are available for Slackware 14.2 to fix a security...

Debian DLA-1685-1 : drupal7 security update

Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-6339 is fixed. For Debian 8 'Jessie', this problem has been fixed in....

Debian DLA-1668-1 : libarchive security update

Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) CVE-2019-1000020 Vulnerability in...

HESK Multiple XSS Vulnerabilities

HESK is prone to multiple cross-site scripting...