Intercom, Inc. Security Vulnerabilities

Photon OS 1.0: Rsync PHSA-2018-1.0-0096

An update of the rsync package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0060

An update of the libtiff package has been...

Photon OS 2.0: Ruby PHSA-2018-2.0-0013

An update of the ruby package has been...

Photon OS 2.0: Strongswan PHSA-2018-2.0-0075

An update of the strongswan package has been...

Photon OS 1.0: Libgcrypt PHSA-2018-1.0-0182

An update of the libgcrypt package has been...

Ubuntu 23.10 / 24.04 LTS : Rack vulnerabilities (USN-6837-1)

The remote Ubuntu 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6837-1 advisory. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ruby vulnerabilities (USN-6838-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6838-1 advisory. It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked...

Ubuntu 18.10 : libsolv vulnerabilities (USN-3916-1)

It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service. Note that Tenable Network Security has extracted....

Ubuntu 23.10 : Linux kernel (Azure) vulnerabilities (USN-6573-1)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6573-1 advisory. A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num...

CVE-2024-1587

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...

Ubuntu 20.04 LTS : Git vulnerability (USN-6793-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6793-2 advisory. USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further investigation. This update fixes the problem. Original advisory details: It...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan regression (USN-6851-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-2 advisory. USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl...

Debian DSA-4372-1 : ghostscript - security update

Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being...

CVE-2023-52644

In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is...

GLSA-202406-02 : Flatpak: Sandbox Escape

The remote host is affected by the vulnerability described in GLSA-202406-02 (Flatpak: Sandbox Escape) A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

Debian DLA-1662-1 : libthrift-java security update

It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making...

Debian DLA-1659-1 : drupal7 security update

A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this...

Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-2972-1)

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687,.....

Photon OS 2.0: Shadow PHSA-2018-2.0-0080

An update of the shadow package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0048

An update of the libtiff package has been...

Photon OS 2.0: Curl PHSA-2018-2.0-0009

An update of the curl package has been...

Photon OS 1.0: Ruby PHSA-2017-0021

An update of the ruby package has been...

Photon OS 1.0: Libevent PHSA-2017-0013

An update of the libevent package has been...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : CUPS regression (USN-6844-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-2 advisory. USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0039

An update of the libtiff package has been...

Photon OS 1.0: Nginx PHSA-2018-1.0-0201

An update of the nginx package has been...

Photon OS 2.0: Nodejs PHSA-2018-2.0-0093

An update of the nodejs package has been...

Photon OS 1.0: Glib PHSA-2018-1.0-0194

An update of the glib package has been...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0110

An update of the libtiff package has been...

Arecont Vision AV1355DN MegaDome camera Denial of Service (CVE-2013-0139)

The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Photon OS 1.0: Ruby PHSA-2017-0029

An update of the ruby package has been...

Photon OS 1.0: Rsyslog PHSA-2017-0030

An update of the rsyslog package has been...

Photon OS 1.0: Systemd PHSA-2017-0044

An update of the systemd package has been...

JVN#29471697: Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification (CWE-295). ## Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. ## Solution Update the application Update the....

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Plasma Workspace vulnerability (USN-6843-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6843-1 advisory. Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this...

Debian DLA-1649-1 : spice security update

Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. For Debian 8 'Jessie', this problem has been fixed in version...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...

Dell Client BIOS Improper Input Validation (DSA-2024-125)

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has instead...

OVAL Linux Compliance Checks

Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...

OVAL Windows Compliance Checks

Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...

GLSA-202406-01 : GLib: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202406-01 (GLib: Privilege Escalation) A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

GLSA-202406-03 : RDoc: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202406-03 (RDoc: Remote Code Execution) A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

GLSA-202406-05 : JHead: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202406-05 (JHead: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

VMware Workstation 16.0.x < 16.2.0 Vulnerability (VMSA-2022-0001.2)

The version of VMware Workstation installed on the remote host is 16.0.x prior to 16.2.0. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

CVE-2024-2830

The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....

Debian DLA-1661-1 : mumble security update

It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. With the new security update a rate limiter is added with Leaky-Bucket...

GLSA-202406-06 : GStreamer, GStreamer Plugins: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202406-06 (GStreamer, GStreamer Plugins: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Tenable has...

Debian DLA-1683-1 : rdesktop security update

Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 1.8.4-0+deb8u1. We recommend that you upgrade your rdesktop...

Photon OS 1.0: Linux PHSA-2018-1.0-0188

An update of the linux package has been...

Photon OS 1.0: Linux PHSA-2018-1.0-0169

An update of the linux package has been...