IID, Inc. Security Vulnerabilities

GLSA-202406-01 : GLib: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202406-01 (GLib: Privilege Escalation) A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

GLSA-202406-03 : RDoc: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202406-03 (RDoc: Remote Code Execution) A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : FontForge vulnerabilities (USN-6856-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6856-1 advisory. It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were ...

Slackware 14.2 : openssl (slackware 14.2) (SSA:2019-057-01)

New openssl packages are available for Slackware 14.2 to fix a security...

Debian DLA-1685-1 : drupal7 security update

Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-6339 is fixed. For Debian 8 'Jessie', this problem has been fixed in....

Debian DLA-1668-1 : libarchive security update

Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) CVE-2019-1000020 Vulnerability in...

HESK Multiple XSS Vulnerabilities

HESK is prone to multiple cross-site scripting...

Photon OS 1.0: Curl PHSA-2018-1.0-0108

An update of the curl package has been...

Photon OS 2.0: Glibc PHSA-2018-2.0-0011-(a)

An update of the glibc package has been...

Photon OS 2.0: Glib PHSA-2018-2.0-0108

An update of the glib package has been...

Photon OS 1.0: Openjdk PHSA-2016-0015

An update of the openjdk package has been...

Docker Desktop < 4.5.0 Incorrect Access Control

The version of Docker Desktop for Mac is prior to 4.5.0. Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Dell Client BIOS DoS (DSA-2024-168)

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. Note that Nessus has not tested for this issue but has instead relied only on the...

Photon OS 1.0: Freetype2 PHSA-2017-0015

An update of the freetype2 package has been...

Ubuntu 14.04 LTS : GNU C Library vulnerability (USN-2900-1)

It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has....

Debian DSA-4406-1 : waagent - security update

Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...

Photon OS 2.0: Glibc PHSA-2018-2.0-0009

An update of the glibc package has been...

Photon OS 1.0: Elfutils PHSA-2018-1.0-0194

An update of the elfutils package has been...

Photon OS 2.0: Elfutils PHSA-2018-2.0-0108

An update of the elfutils package has been...

VMware Fusion 12.0.x < 12.2.0 Vulnerability (VMSA-2022-0001.2)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 12.0.x prior to 12.2.0. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

Photon OS 2.0: Libtiff PHSA-2019-2.0-0131

An update of the libtiff package has been...

Photon OS 2.0: Libsolv PHSA-2019-2.0-0136

An update of the libsolv package has been...

Photon OS 1.0: Curl PHSA-2019-1.0-0205

An update of the curl package has been...

Photon OS 1.0: Keepalived PHSA-2019-1.0-0212

An update of the keepalived package has been...

Ubuntu 18.10 : linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3878-1)

It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)...

CVE-2024-23486

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured...

Debian DSA-4373-1 : coturn - security update

Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not...

Debian DSA-4394-1 : rdesktop - security update

Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary...

Fortra FileCatalyst Workflow SQLi (CVE-2024-5276) (Version Check)

The version of Fortra FileCatalyst Workflow running on the remote host is prior to 5.1.6 Build 139. It is, therefore, is affected by a SQL injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)

The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...

rpc.ypupdated RCE Vulnerability

ypupdated with...

Debian DLA-1682-1 : uriparser security update

Joergen Ibsen reported an issue with uriparser, a URI parsing library compliant with RFC 3986. An Out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. '//[::44.1', were possible. For Debian 8 'Jessie', this problem has been fixed in version 0.8.0.1-2+deb8u2......

Ubuntu 22.04 LTS / 23.04 / 23.10 : Ghostscript vulnerability (USN-6551-1)

The remote Ubuntu 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6551-1 advisory. An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to...

GLSA-201903-08 : GNU Wget: Password and metadata leak

The remote host is affected by the vulnerability described in GLSA-201903-08 (GNU Wget: Password and metadata leak) A vulnerability was discovered in GNU Wget&rsquo;s file_metadata in xattr.c. Impact : A local attacker could obtain sensitive information to include credentials. Workaround :...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : ADOdb vulnerabilities (USN-6825-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6825-1 advisory. It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could...

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libndp vulnerability (USN-6830-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6830-1 advisory. It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could...

Photon OS 1.0: Libsolv PHSA-2019-1.0-0212

An update of the libsolv package has been...

Photon OS 2.0: Kibana PHSA-2019-2.0-0132

An update of the kibana package has been...

Photon OS 2.0: Keepalived PHSA-2019-2.0-0134

An update of the keepalived package has been...

Debian DLA-1658-1 : phpmyadmin security update

A couple of vulnerabilities have been discovered in phpmyadmin, MySQL web administration tool. CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin...

Debian DSA-4402-1 : mumble - security update

It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...

Debian DLA-1675-1 : python-gnupg security update

Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase.....

Debian DLA-1683-1 : rdesktop security update

Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 1.8.4-0+deb8u1. We recommend that you upgrade your rdesktop...

Photon OS 1.0: Binutils PHSA-2019-1.0-0203

An update of the binutils package has been...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : gdb vulnerabilities (USN-6842-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6842-1 advisory. It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0013

An update of the libtiff package has been...

Photon OS 1.0: Linux PHSA-2018-1.0-0169

An update of the linux package has been...

Photon OS 1.0: Linux PHSA-2018-1.0-0188

An update of the linux package has been...