Intercom, Inc. Security Vulnerabilities

Photon OS 2.0: Glib PHSA-2018-2.0-0108

An update of the glib package has been...

Debian DLA-1685-1 : drupal7 security update

Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-6339 is fixed. For Debian 8 'Jessie', this problem has been fixed in....

JVN#29471697: Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification (CWE-295). ## Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. ## Solution Update the application Update the....

Debian DSA-4377-1 : rssh - security update

The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...

Debian DLA-1650-1 : rssh security update

The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...

Debian DLA-1649-1 : spice security update

Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. For Debian 8 'Jessie', this problem has been fixed in version...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : CUPS regression (USN-6844-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-2 advisory. USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression...

Dell Client BIOS Improper Input Validation (DSA-2024-125)

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has instead...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...

Debian DSA-4384-1 : libgd2 - security update

Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is...

Debian DLA-1658-1 : phpmyadmin security update

A couple of vulnerabilities have been discovered in phpmyadmin, MySQL web administration tool. CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin...

GLSA-202406-05 : JHead: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202406-05 (JHead: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

VMware Workstation 16.0.x < 16.2.0 Vulnerability (VMSA-2022-0001.2)

The version of VMware Workstation installed on the remote host is 16.0.x prior to 16.2.0. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

Debian DSA-4394-1 : rdesktop - security update

Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary...

Debian DLA-1661-1 : mumble security update

It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. With the new security update a rate limiter is added with Leaky-Bucket...

Debian DLA-1683-1 : rdesktop security update

Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 1.8.4-0+deb8u1. We recommend that you upgrade your rdesktop...

Photon OS 1.0: Linux PHSA-2018-1.0-0188

An update of the linux package has been...

Photon OS 1.0: Linux PHSA-2018-1.0-0169

An update of the linux package has been...

Photon OS 2.0: Nginx PHSA-2019-2.0-0117

An update of the nginx package has been...

Photon OS 2.0: Redis PHSA-2018-2.0-0070

An update of the redis package has been...

Photon OS 2.0: Openssh PHSA-2019-2.0-0126

An update of the openssh package has been...

Photon OS 1.0: Openssl PHSA-2018-1.0-0097-(a)

An update of the openssl package has been...

Photon OS 1.0: Ntp PHSA-2018-1.0-0167

An update of the ntp package has been...

rpc.ypupdated RCE Vulnerability

ypupdated with...

Photon OS 1.0: Binutils PHSA-2017-1.0-0095

An update of the binutils package has been...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Plasma Workspace vulnerability (USN-6843-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6843-1 advisory. Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this...

Photon OS 1.0: Python3 PHSA-2018-1.0-0178

An update of the python3 package has been...

Photon OS 1.0: Python2 PHSA-2018-1.0-0178

An update of the python2 package has been...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libcdio vulnerability (USN-6855-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6855-1 advisory. Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0013

An update of the libtiff package has been...

OVAL Linux Compliance Checks

Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...

OVAL Windows Compliance Checks

Using the supplied credentials, this script performs a compliance check against the policy specified by OVAL...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : FontForge vulnerabilities (USN-6856-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6856-1 advisory. It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were ...

Debian DLA-1681-1 : gsoap security update

It was discovered that there was a denial of service vulnerability in gsoap a C/C++ language binding used for SOAP-based web services. For Debian 8 'Jessie', this issue has been fixed in gsoap version 2.8.17-1+deb8u2. We recommend that you upgrade your gsoap packages. Thanks to Mattias Ellert...

Ring agrees to pay $5.6 million after cameras were used to spy on customers

Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....

Debian DSA-4402-1 : mumble - security update

It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of...

GLSA-202406-04 : LZ4: Memory Corruption

The remote host is affected by the vulnerability described in GLSA-202406-04 (LZ4: Memory Corruption) An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an...

Slackware Linux 15.0 / current emacs Vulnerability (SSA:2024-174-01)

The version of emacs installed on the remote host is prior to 29.4. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-174-01 advisory. New emacs packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

Debian DSA-4400-1 : openssl1.0 - security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libheif vulnerabilities (USN-6847-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6847-1 advisory. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to...

Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6819-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Roundcube vulnerabilities (USN-6848-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A ...

VMware vCenter Server 7.0 < 7.0U3q / 8.0 < 8.0U3 DoS (CVE-2024-37087)

The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3q, or 8.0 prior to 8.0U3. It is, therefore, affected by an denial-of-service vulnerability as referenced in the VMSA-2024-0013 advisory. Note that Nessus has not tested for these issues but has instead relied...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is...

HESK Multiple XSS Vulnerabilities

HESK is prone to multiple cross-site scripting...

Debian DLA-1692-1 : phpmyadmin security update

An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration. When the AllowArbitraryServer configuration setting is set to false (default), the attacker.....

Debian DLA-1686-1 : freedink-dfarc security update

Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc, a frontend and extensions manager for the Dink Smallwood game, allowing an attacker to overwrite arbitrary files on the user's system. For Debian 8 'Jessie', this problem has been fixed in version 3.12-1+deb8u1......

Debian DSA-2929-1 : ruby-actionpack-3.2 - security update

Several vulnerabilities were discovered in Action Pack, a component of Ruby on Rails. CVE-2014-0081 actionview/lib/action_view/helpers/number_helper.rb contains multiple cross-site scripting vulnerabilities CVE-2014-0082 actionpack/lib/action_view/template/text.rb performs ...

Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-037-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security...

WordPress 6.0 < 6.5.5

WordPress versions 6.0 &lt; 6.5.5 are affected by one or more...