Category Archives: Advisories

CVE-2016-20015

Read Time:14 Second

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.

Read More

CVE-2017-20147

Read Time:15 Second

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.

Read More

CVE-2017-20148

Read Time:10 Second

In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.

Read More

[R1] Nessus Network Monitor 6.1.0 Fixes Multiple Third-party Vulnerabilities

Read Time:32 Second

[R1] Nessus Network Monitor 6.1.0 Fixes Multiple Third-party Vulnerabilities
Arnie Cabral
Tue, 09/20/2022 – 13:14

Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several third-party components (OpenSSL and moment.js) were found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution and in line with best practice, Tenable opted to upgrade the bundled components to address the potential impact of these issues. Nessus Network Monitor 6.1.0 updates OpenSSL to version 3.0.5 and moment.js to 2.29.4 to address the identified vulnerabilities.

Read More