Ragic, Inc. Security Vulnerabilities

Photon OS 1.0: Glibc PHSA-2018-1.0-0098-(a)

An update of the glibc package has been...

Debian DLA-1703-1 : jackson-databind security update

Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For...

Debian DSA-4396-1 : ansible - security update

Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working...

Debian DLA-1685-1 : drupal7 security update

Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-6339 is fixed. For Debian 8 'Jessie', this problem has been fixed in....

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : FontForge vulnerabilities (USN-6856-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6856-1 advisory. It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were ...

Photon OS 1.0: Curl PHSA-2018-1.0-0108

An update of the curl package has been...

Photon OS 2.0: Glibc PHSA-2018-2.0-0011-(a)

An update of the glibc package has been...

Photon OS 2.0: Glib PHSA-2018-2.0-0108

An update of the glib package has been...

Dell Client BIOS DoS (DSA-2024-168)

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. Note that Nessus has not tested for this issue but has instead relied only on the...

Photon OS 1.0: Freetype2 PHSA-2017-0015

An update of the freetype2 package has been...

HESK Multiple XSS Vulnerabilities

HESK is prone to multiple cross-site scripting...

Debian DLA-1668-1 : libarchive security update

Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that can result in a crash (denial of service, CWE-125) CVE-2019-1000020 Vulnerability in...

GLSA-202406-04 : LZ4: Memory Corruption

The remote host is affected by the vulnerability described in GLSA-202406-04 (LZ4: Memory Corruption) An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an...

Slackware Linux 15.0 / current emacs Vulnerability (SSA:2024-174-01)

The version of emacs installed on the remote host is prior to 29.4. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-174-01 advisory. New emacs packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

Photon OS 1.0: Openjdk PHSA-2016-0015

An update of the openjdk package has been...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Roundcube vulnerabilities (USN-6848-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A ...

GLSA-201903-15 : NTP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-15 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition,...

Ubuntu 14.04 LTS : GNU C Library vulnerability (USN-2900-1)

It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has....

Debian DSA-4394-1 : rdesktop - security update

Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary...

VMware Fusion 12.0.x < 12.2.0 Vulnerability (VMSA-2022-0001.2)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 12.0.x prior to 12.2.0. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

Ubuntu 18.10 : linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3878-1)

It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)...

Photon OS 2.0: Libtiff PHSA-2019-2.0-0131

An update of the libtiff package has been...

Photon OS 1.0: Curl PHSA-2019-1.0-0205

An update of the curl package has been...

Photon OS 2.0: Libsolv PHSA-2019-2.0-0136

An update of the libsolv package has been...

Photon OS 1.0: Keepalived PHSA-2019-1.0-0212

An update of the keepalived package has been...

Debian DLA-1650-1 : rssh security update

The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...

Debian DSA-4377-1 : rssh - security update

The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...

Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-037-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security...

Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)

The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...

GLSA-201903-01 : Keepalived: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-01 (Keepalived: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in keepalived. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially...

VMware Workstation 16.0.x < 16.2.1 Multiple Vulnerabilities (VMSA-2022-0004)

The version of VMware Workstation installed on the remote host is 16.0.x prior to 16.2.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

Photon OS 2.0: Redis PHSA-2018-2.0-0070

An update of the redis package has been...

Photon OS 2.0: Openssh PHSA-2019-2.0-0126

An update of the openssh package has been...

Photon OS 2.0: Nginx PHSA-2019-2.0-0117

An update of the nginx package has been...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...

Debian DLA-1658-1 : phpmyadmin security update

A couple of vulnerabilities have been discovered in phpmyadmin, MySQL web administration tool. CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin...

Debian DSA-4384-1 : libgd2 - security update

Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is...

GLSA-201903-08 : GNU Wget: Password and metadata leak

The remote host is affected by the vulnerability described in GLSA-201903-08 (GNU Wget: Password and metadata leak) A vulnerability was discovered in GNU Wget&rsquo;s file_metadata in xattr.c. Impact : A local attacker could obtain sensitive information to include credentials. Workaround :...

Debian DSA-4402-1 : mumble - security update

It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of...

Slackware 14.2 : openssl (slackware 14.2) (SSA:2019-057-01)

New openssl packages are available for Slackware 14.2 to fix a security...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : ADOdb vulnerabilities (USN-6825-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6825-1 advisory. It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could...

Photon OS 2.0: Libtiff PHSA-2018-2.0-0013

An update of the libtiff package has been...

Debian DSA-4400-1 : openssl1.0 - security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in...

Docker Desktop < 4.5.0 Incorrect Access Control

The version of Docker Desktop for Mac is prior to 4.5.0. Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Photon OS 1.0: Binutils PHSA-2019-1.0-0203

An update of the binutils package has been...

OpenTelemetry Collector < 0.102.1 DoS

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue.....

Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (July 2016 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the July 2016 CPU...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libheif vulnerabilities (USN-6847-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6847-1 advisory. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to...

CVE-2024-23486

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured...

Debian DSA-4406-1 : waagent - security update

Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information...