IID, Inc. Security Vulnerabilities

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : ImageMagick vulnerability (USN-6621-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6621-1 advisory. A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341) Note that Nessus has not tested for this...

IBM MQ DoS (7157979)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157979 advisory. IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used....

Hanwha Vision Multiple Products Denial of Service (CVE-2023-31994)

Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R...

Scientific Linux Security Update : keepalived on SL7.x x86_64 (20190103)

Security Fix(es) : keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution...

Artifex Ghostscript < 10.03.1 Multiple Vulnerabilities

Multiple vulnerabilities exist in Artifex Ghostscript versions prior to 10.03.1. See vendor advisory for more details. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Palo Alto GlobalProtect Agent Encrypted Credential Exposure (CVE-2024-5908)

A credential exposure vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices could enable a remote attacker to gain encrypted user credentials, used for connecting to GlobalProtect, from the exposure of application logs. Note that Nessus has not tested for this issue but has.....

Rockwell Automation ThinManager ThinServer SD1677 Multiple Vulnerabilites

The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.5, 13.1.x prior to 13.1.3 or 13.2.x prior to 13.2.2. It is therefore, affected by mutliple.....

Fedora 29 : anaconda / python3 (2019-00870e8bfc)

Security fix for CVE-2019-5010 in Python. Anaconda is joined because an unrelated fix was done there that allowed to remove a workaround in Python. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted....

Fedora 28 : perl-Email-Address (2019-8deebad756)

Update to 1.912, fixes CVE-2015-7686 and CVE-2018-12558. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

openSUSE Security Update : irssi (openSUSE-2019-48)

This update for irssi fixes the following issues : CVE-2019-5882: Use after free when hidden lines were expired from the scroll buffer (boo#1121396) This update to the 1.1.2 version also fixes a number of stability issues and...

Debian dla-3838 : composer - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3838 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3838-1 [email protected] ...

Debian DLA-1713-2 : libsdl1.2 regression update

The update of libsdl1.2 released as DLA 1713-1 led to a regression, caused by an incomplete fix for CVE-2019-7637. This issue was known upstream and resulted, among others, in windows versions from libsdl1.2 failing to set video mode. For Debian 8 'Jessie', this problem has been fixed in version...

KB5018415: Windows 10 version 17784 / Azure Stack HCI Security Update (October 2022)

The remote Windows host is missing security update 5018415. It is, therefore, affected by multiple...

Johnson Controls exacqVision Web Service Detection

The Johnson Controls exacqVision Web Service, a web application allowing users to use a web browser to view live video, search and play back recorded video, and control pan/tilt/zoom functions on cameras connected to exacqVision servers, is running on the remote...

SCAP Linux Compliance Checks

Using the supplied credentials, this script performs a compliance check against the policy specified by SCAP...

Progress MOVEit Transfer 2023.0.x < 2023.0.11 / 2023.1.x < 2023.1.6 / 2024.0.x < 2024.0.2 Authentication Bypass (June 2024)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by an authentication bypass vulnerability as referenced in Progress Community article 000259290. Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead.....

Google Chrome < 126.0.6478.126 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_24 advisory. Use after free in Dawn. (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293) ...

Google Chrome < 126.0.6478.114 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_18 advisory. Type Confusion in V8. (CVE-2024-6100) Inappropriate implementation in...

Atlassian JIRA Service Desk < 4.20.25 / 5.3.x < 5.4.9 / 5.9.x < 5.9.2 / 5.10.x < 5.10.1 (JSDSERVER-14007)

The version of Atlassian JIRA Service Desk Server running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14007 advisory. The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in...

Fedora 29 : radare2 (2019-5750ad7485)

Security fix for CVE-2018-20455 CVE-2018-20456 CVE-2018-20457 CVE-2018-20458 CVE-2018-20459 CVE-2018-20460 CVE-2018-20461 through rebase to 3.2.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted...

openSUSE Security Update : live555 (openSUSE-2019-58)

This update fixes two security issues in live555 : CVE-2018-4013: Remote code execution vulnerability (bsc#1114779) CVE-2019-6256: Denial of Service issue with RTSP-over-HTTP tunneling via x-sessioncookie HTTP headers (boo#1121892) This library is statically linked into VLC....

Fedora 29 : openssh (2019-f6ff819834)

This update fixes CVE-2018-20685 (the first 'variant') and backports several fixes to unbreak ECDSA authentication from PKCS#11, certificate authentication and so on. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website....

openSUSE Security Update : wget (openSUSE-2019-57)

This update for wget fixes the following issues : Security issue fixed : CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382) This update was imported from the SUSE:SLE-15:Update update...

Fedora 29 : perl-Email-Address (2019-026d5ab23d)

Update to 1.912, fixes CVE-2015-7686 and CVE-2018-12558. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Streamline NX Client < 3.4.3.2 / 3.5.x < 3.5.1.202 / 3.6.x < 3.6.2.2 / 3.7.x < 3.7.2.1 Privilege Escalation (2024-000005)

The version of Streamline NX Client installed on the remote host is prior to 3.4.3.2, 3.5.1.202, 3.6.2.2, or 3.7.2.1. It is, therefore, affected by a vulnerability as referenced in the 2024-000005 advisory. Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and...

Security Updates for Microsoft Word Products (September 2023)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2023-36761) A remote code execution vulnerability. An...

Fedora 29 : python36 (2019-7eb6d3b8ea)

Security fix for CVE-2019-5010 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

CVE-2021-47014

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using act_ct, it's possible to observe a crash like the following one: KASAN: maybe wild-memory-access in range...

Oracle Fusion Middleware Oracle HTTP Server (Apr 2019 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by a stack-based buffer overflow as noted in the April 2019 CPU advisory. The condition exists in the included cURL library due to using unsigned math when preventing the overflow. An unauthenticated, remote attacker can...

Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2019 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by vulnerabilities as noted in the January 2019 CPU advisory: This vulnerability is in the Oracle HTTP server component of Oracle Fusion Middleware (subcomponent: Web Listener). The affected version is 12.1.2.3....

Debian dsa-5716 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5716 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5716-1 [email protected] ...

Fedora 28 : 1:wireshark (2019-fbd2bad9f9)

New version 2.6.6. Security fix for CVE-2019-5716, CVE-2019-5717, CVE-2019-5718, CVE-2019-5719 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2019-062-01)

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security...

Debian dla-3845 : dlt-daemon - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3845 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3845-1 [email protected] ...

IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158058)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158058 advisory. IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150045)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150045 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons ...

Photon OS 1.0: Python3 PHSA-2019-1.0-0212

An update of the python3 package has been...

Photon OS 2.0: Curl PHSA-2019-2.0-0131

An update of the curl package has been...

Debian dsa-5687 : chromium - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5687 advisory. Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox...

Debian DLA-1701-1 : openssl security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling...

RHEL 6 : chromium-browser (RHSA-2019:0396)

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6821-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-4 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....

Fedora 28 : libwmf (2019-e9bc354ee8)

CVE-2019-6978: double free in the gdImage*Ptr in gd_jpeg.c, and gd_wbmp.c Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 28 : poppler (2019-40f4af0687)

Security fix for CVE-2018-20551, CVE-2018-20481 and CVE-2018-20650. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Debian DLA-1676-1 : unbound security update

Ralph Dolmans and Karst Koymans found a flaw in the way unbound, a validating, recursive, caching DNS resolver, validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or...

Scientific Linux Security Update : spice-server on SL6.x x86_64 (20190131)

Security Fix(es) : spice: Off-by-one error in array access in spice/server/memslot.c...

Fedora 28 : nagios (2019-0b44528ff1)

Incorporate many fixes from Justin Paulsen [email protected] THANKS!!! Updates to nagios-4.4.2 which is a major update. Fixes CVE's CVE-2018-13441 CVE-2016-8641 Remove section which unset nagios Fix BZ#1568273 Note that Tenable Network Security has extracted the preceding description block...

Ubuntu 23.04 : Linux kernel vulnerabilities (USN-6534-2)

The remote Ubuntu 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6534-2 advisory. An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in...

Photon OS 2.0: Linux PHSA-2018-2.0-0037-(a)

An update of the linux package has been...

TeamCity Server < 2023.11.1 CSRF

According to its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.1. It is, therefore, affected by a cross-site request forgery vulnerabilty. Note that Nessus did not actually test for these issues, but instead has relied on...