Nessus leverages third-party software to help provide underlying functionality. One of the third-party components (expat) was found to contain vulnerabilities, and an updated version has been made available by the provider.
Out of caution and in line with good practice, Tenable has opted to upgrade the expat component to address the potential impact of the issue. Nessus 8.15.5 updates expat to version 2.4.8 to address the identified vulnerabilities.
It was discovered that libXv incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.
USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)
Aliaksei Levin discovered that OpenSSL incorrectly handled resources when
decoding certificates and keys. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)
Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components (zlib, expat, jQuery UI) were found to contain vulnerabilities, and updated versions have been made available by the providers.
Out of caution and in line with good practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Nessus 10.2.0 updates zlib to version 1.2.12, expat to version 2.4.8 and jQuery UI to version 1.13.0 to address the identified vulnerabilities.
It was discovered that logrotate incorrectly handled the state file. A
local attacker could possibly use this issue to keep a lock on the state
file and cause logrotate to stop working, leading to a denial of service.
Max Justicz discovered that dpkg incorrectly handled unpacking certain
source packages. If a user or an automated system were tricked into
unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
