Several vulnerabilities have been discovered in Minetest, a sandbox video game
and game creation system. These issues may allow attackers to manipulate game
mods and grant them an unfair advantage over other players. These flaws could
also be abused for a denial of service attack against a Minetest server or if
user input is passed directly to minetest.deserialize without serializing it
first, then a malicious user could run Lua code in the server environment.
Several vulnerabilities have been discovered in Expat, an XML parsing C
library, which could result in denial of service or potentially the
execution of arbitrary code, if a malformed XML file is processed.
Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann
discovered that debian-edu-config, a set of configuration files used for
the Debian Edu blend configured insecure permissions for the user web
shares (~/public_html), which could result in privilege escalation.
Multiple vulnerabilities have been discovered in SAP products, the most severe of which (CVE-2022-22536) could allow for remote code execution. SAP is a software company which creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Applications configured to have fewer restrictions on the system could be less impacted than those who operate with elevated privileges.
Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure or spoofing.
Nessus leverages third-party software to help provide underlying functionality. One of the third-party components (Expat) was found to contain vulnerabilities, and an updated version has been made available by the provider.
Out of caution and in line with best practice, Tenable has opted to upgrade the Expat component to address the potential impact of the issue. Nessus 10.1.1 and Nessus 8.15.3 update Expat to version 2.4.4 to address the identified vulnerability.