Ragic, Inc. Security Vulnerabilities

GLSA-201903-04 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-04 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice...

VMware vCenter Server 7.0 < 7.0U3r / 8.0 < 8.0U2d Multiple Vulnerabilities (VMSA-2024-0012)

The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3r, or 8.0 prior to 8.0U2d. It is, therefore, affected by a partial information disclosure vulnerability as referenced in the VMSA-2024-0012 advisory: The vCenter Server contains multiple heap-overflow...

openSUSE Security Update : python-python-gnupg (openSUSE-2019-143)

This update for python-python-gnupg to version 0.4.4 fixes the following issues : Security issue fixed : CVE-2019-6690: Added a check to disallow certain control characters ('\r', '\n', NUL) in passphrases ...

Fedora 28 : python3 (2019-6fafd84f5d)

Security fix for CVE-2019-5010 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 29 : golang (2019-dbd82d0882)

Security fix for CVE-2019-6486 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : php-PHPMailer (2018-f73869d61e)

Version 5.2.27 SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018. Note that Tenable Network Security has extracted the preceding...

Fedora 28 : kernel (2018-db0d3e157e) (Spectre)

The v4.16.11 kernel includes important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 28 : libmspack (2018-ddda173f56)

New upstream version 0.7alpha. Fixes CVE-2018-14679 libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically.....

Fedora 28 : 32:bind (2018-f22b937f52)

Update to bind-9.11.4-P2 Add /dev/urandom to chroot (#1631515) Fix multilib conflicts of devel package Add support for OpenSSL provided random data Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

Fedora 28 : cantata (2018-d1f6c8957f)

Latest upstream release, omits some mounting code found to be insecure and not well tested. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : GIFLIB vulnerabilities (USN-6824-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6824-1 advisory. It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this ...

Hanwha Techwin SRN-4000 Improper Access Control (CVE-2017-7912)

A security research organization has discovered and disclosed a critical vulnerability in the firmware of certain Hanwha network video recording (NVR) devices. A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges...

Fedora 28 : krb5 (2019-ac7e19b0c8)

Improve memset hygiene in one location. Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.) Note that Tenable Network Security has extracted the...

Debian dla-3834 : libnetty-java - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] ...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6782-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6782-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

KB5001028: Windows 10 version 1909 OOB Security Update (Feb 2021)

The remote Windows host is missing a security update. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

Ubuntu 24.04 LTS : AOM vulnerability (USN-6815-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6815-1 advisory. Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application using AOM opened a specially crafted file, a remote...

IBM MQ DoS (7157979)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157979 advisory. IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used....

Hanwha Vision Multiple Products Denial of Service (CVE-2023-31994)

Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R...

Docker Desktop < 4.6.0 DirtyPipe

The version of Docker Desktop for Mac is prior to 4.6.0. It is therefore affected by CVE-2022-0847, AKA 'DirtyPipe', an issue that could enable attackers to modify files in container images on the host, from inside a container. A flaw was found in the way the 'flags' member of the new pipe buffer.....

Fedora 28 : moodle (2019-077cd6f168)

Multiple CVE fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : apache-commons-compress (2018-d29be920dc)

Fix for CVE-2018-11771 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : golang (2018-fe65c14082)

Security fix for CVE-2018-7187 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : 3:mailman (2018-e071e178f8)

New version 2.1.29. Security fix for CVE-2018-13796 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : hadoop (2018-f1f44e4c6d)

Bug fix and upgrade to version 2.7.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : libid3tag (2018-d187b44f75)

Security fix for CVE-2004-2779 and CVE-2017-11550 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : xdg-utils (2018-efd98d9a58)

New upstream bugfix release, includes security fix for CVE-2017-18266 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing.....

Fedora 29 : libmad (2018-f8b87f9d12)

Add few patches from Kurt Roeckx Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 28 : mosquitto (2018-d305559481)

Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6779-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6779-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : ImageMagick vulnerability (USN-6621-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6621-1 advisory. A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341) Note that Nessus has not tested for this...

Johnson Controls exacqVision Web Service Detection

The Johnson Controls exacqVision Web Service, a web application allowing users to use a web browser to view live video, search and play back recorded video, and control pan/tilt/zoom functions on cameras connected to exacqVision servers, is running on the remote...

Debian DLA-1655-1 : mariadb-10.0 security update

Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.38. Please see the MariaDB 10.0 Release Notes for further details : https://mariadb.com/kb/en/mariadb/mariadb-10038-release-notes/ For Debian.....

Rockwell Automation ThinManager ThinServer SD1677 Multiple Vulnerabilites

The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.5, 13.1.x prior to 13.1.3 or 13.2.x prior to 13.2.2. It is therefore, affected by mutliple.....

Fedora 29 : anaconda / python3 (2019-00870e8bfc)

Security fix for CVE-2019-5010 in Python. Anaconda is joined because an unrelated fix was done there that allowed to remove a workaround in Python. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted....

Fedora 28 : perl-Email-Address (2019-8deebad756)

Update to 1.912, fixes CVE-2015-7686 and CVE-2018-12558. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

openSUSE Security Update : irssi (openSUSE-2019-48)

This update for irssi fixes the following issues : CVE-2019-5882: Use after free when hidden lines were expired from the scroll buffer (boo#1121396) This update to the 1.1.2 version also fixes a number of stability issues and...

Debian DLA-1724-1 : ntfs-3g security update

A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation. For Debian 8 'Jessie', this problem has been fixed in version 1:2014.2.15AR.2-1+deb8u4. We recommend that you upgrade your...

Debian DLA-1721-1 : otrs2 security update

It has been discovered that OTRS (Open source Ticket Request System) is susceptible to code injection vulnerability. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is.....

Fedora 28 : libtiff (2018-d41d114d3e)

Added fixes for : CVE-2017-9935 CVE-2017-18013 CVE-2018-8905 CVE-2018-10963 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

Fedora 29 : pdns-recursor (2018-e14840a7f5)

Fixes CVE-2018-16855 (Crafted query can cause a denial of service) New upstream release with security fixes for CVE-2018-10851, CVE-2018-14626 and CVE-2018-14644 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website....

Fedora 29 : 2:samba (2018-e423e8743f)

Update to Samba 4.9.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

CVE-2021-47014

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using act_ct, it's possible to observe a crash like the following one: KASAN: maybe wild-memory-access in range...

GitLab 16.7 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-3959)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private...

GitLab 16.10 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-5430)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a...

GitLab 15.8 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-5655)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an...

SolarWinds Platform < 2024.2 Multiple Vulnerabilities

The version of SolarWinds Platform installed on the remote host is prior to 2024.2. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisories. The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is...