IID, Inc. Security Vulnerabilities

Photon OS 1.0: Elfutils PHSA-2018-1.0-0194

An update of the elfutils package has been...

Photon OS 2.0: Elfutils PHSA-2018-2.0-0108

An update of the elfutils package has been...

Photon OS 2.0: Glibc PHSA-2018-2.0-0009

An update of the glibc package has been...

Ivanti Endpoint Manager < 2022 SU3 Privilege Escalation (SA-2023-06-06)

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Plasma Workspace vulnerability (USN-6843-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6843-1 advisory. Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this...

OVAL Windows Compliance Checks

Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...

OVAL Linux Compliance Checks

Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libndp vulnerability (USN-6830-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6830-1 advisory. It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could...

Debian DSA-4396-1 : ansible - security update

Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working...

Debian DLA-1703-1 : jackson-databind security update

Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : gdb vulnerabilities (USN-6842-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6842-1 advisory. It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker...

Debian DLA-1675-1 : python-gnupg security update

Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase.....

Photon OS 1.0: Libsolv PHSA-2019-1.0-0212

An update of the libsolv package has been...

Photon OS 2.0: Kibana PHSA-2019-2.0-0132

An update of the kibana package has been...

Photon OS 2.0: Keepalived PHSA-2019-2.0-0134

An update of the keepalived package has been...

Debian DLA-1702-1 : advancecomp security update

Several vulnerabilities were discovered in advancecomp, a collection of recompression utilities. CVE-2018-1056 Joonun Jang discovered that the advzip tool was prone to a heap-based buffer overflow. This might allow an attacker to cause a denial of service (application crash) or other unspecified...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6536-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6536-1 advisory. A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode...

Photon OS 1.0: Perl PHSA-2019-1.0-0212

An update of the perl package has been...

Photon OS 2.0: Binutils PHSA-2019-2.0-0134

An update of the binutils package has been...

Debian DLA-1682-1 : uriparser security update

Joergen Ibsen reported an issue with uriparser, a URI parsing library compliant with RFC 3986. An Out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. '//[::44.1', were possible. For Debian 8 'Jessie', this problem has been fixed in version 0.8.0.1-2+deb8u2......

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Roundcube vulnerabilities (USN-6848-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A ...

Ubuntu 16.04 ESM : Gzip vulnerability (USN-5378-4)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5378-4 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for...

Mattermost Desktop CVE-2024-36287 (macOS) (MMSA-2024-00326)

According to MMSA-2024-00326, Mattermost Desktop App versions &lt;= 5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

GLSA-201903-09 : GNU C Library: Arbitrary descriptor allocation

The remote host is affected by the vulnerability described in GLSA-201903-09 (GNU C Library: Arbitrary descriptor allocation) A vulnerability was discovered in the GNU C Library functions xdr_bytes and xdr_string. Impact : A remote attacker, by sending a crafted UDP packet, could cause a...

Debian DLA-1699-1 : ldb security update

Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 'Jessie', this problem has been fixed in version 2:1.1.20-0+deb8u2. We recommend that you upgrade your ldb packages. NOTE: Tenable...

Debian DLA-1693-1 : gpac security update

Several issues have been found by different authors in gpac, an Open Source multimedia framework for research and academic purposes. The issues are basically all buffer overflows in different functions all over the package. For Debian 8 'Jessie', these problems have been fixed in version...

Debian DSA-3531-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1646 Wen Xu discovered an out-of-bounds read issue in the v8 library. CVE-2016-1647 A use-after-free issue was discovered. CVE-2016-1648 A use-after-free issue was discovered in the handling...

Debian DLA-1651-1 : libgd2 security update

Several issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImage*Ptr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2019-6978 Simon Scannell found a heap-based buffer overflow, exploitable with crafted image....

Photon OS 2.0: Glibc PHSA-2019-2.0-0134

An update of the glibc package has been...

Debian DSA-4407-1 : xmltooling - security update

Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using...

Debian DLA-1653-1 : postgis security update

It was found that the function ST_AsX3D in PostGIS, a module that adds spatial objects to the PostgreSQL object-relational database, did not handle empty values properly, allowing malicious users to cause denial of service or possibly other unspecified behaviour. For Debian 8 'Jessie', this...

GLSA-201903-15 : NTP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-15 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition,...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libcdio vulnerability (USN-6855-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6855-1 advisory. Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when...

Atlassian JIRA < 7.6.7 / 7.7.x < 7.11.0 Information Disclosure

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by an information disclosure vulnerability due to webhook events being sent improperly due to issues in the related JQL...

Photon OS 1.0: Linux PHSA-2017-0011

An update of the linux package has been...

Debian DSA-4385-1 : dovecot - security update

halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else.....

Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5582-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5582-1 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5566-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5566-1 advisory. Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the...

Debian dsa-5715 : composer - security update

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5715 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5715-1 [email protected] ...

RHEL 6 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pcs: Cross-Site Request Forgery in web UI (CVE-2016-0720) Session fixation vulnerability in pcsd in pcs...

Photon OS 1.0: Linux PHSA-2018-1.0-0132

An update of the linux package has been...

Dell Client BIOS Multiple Vulnerabilities (DSA-2024-124)

Dell Client Platform BIOS contains multiple Improper Input Validation vulnerabilities in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has...

ZZZCMS 1.6.1 - Remote Code Execution

ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzz_template.php file because the parserIfLabel() function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4shell-finder - Fastest file system scanner for log4j...

GLSA-201903-01 : Keepalived: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-01 (Keepalived: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in keepalived. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially...

Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6819-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

Debian dsa-5718 : elpa-org - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5718 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5718-1 [email protected] ...

Debian DLA-1644-1 : policykit-1 security update

Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges : CVE-2018-19788 It was discovered that incorrect processing of very high UIDs in Policykit could result in authentication bypass. CVE-2019-6133 Jann Horn of Google found that Policykit...