Monday, January 24, 2022
Tenable

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202201.1

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (Apache) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable...
Tenable

[R1] Nessus Network Monitor 6.0.0 Fixes Multiple Third-party Vulnerabilities

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with best...
Tenable

[R1] Tenable.sc 5.20.0 Fixes Multiple Vulnerabilities

Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in...
Tenable

[R1] Nessus 10.0.0 Fixes One Vulnerability

Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host.
Tenable

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (Apache) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable...
Tenable

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable...
Tenable

[R1] Nessus Agent 8.3.1 Fixes Multiple Vulnerabilities

Nessus Agent 8.3.0 and earlier for were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host.
Tenable

[R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable has upgraded the...
Tenable

[R1] Nessus Agent 8.3.0 Fixes One Vulnerability

Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
Tenable

[R1] Nessus Agent 8.2.5 Fixes Multiple Vulnerabilities

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus Agent host.
Tenable

[R1] Nessus 8.15.0 Fixes Multiple Vulnerabilities

Nessus versions 8.14.0 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. Additionally, two third-party components (expat, sqlite) were found...
Tenable

[R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities

Tenable Log Correlation Engine leverages third-party software to help provide underlying functionality. Two separate third-party components (OpenSSL, jQuery) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with...
Tenable

[R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...
Tenable

[R1] Nessus Agent 8.2.4 Fixes Multiple Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. Two separate third-party components (OpenSSL and sqlite) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...
Tenable

[R1] Nessus 8.14.0 Fixes One Vulnerability

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.

AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps

Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
SecurityWeek

DC, 3 States Sue Google Saying it Invades Users' Privacy

The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked. read more
Security Affairs

A flaw in Rust Programming language could allow to delete files and directories

The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity...