CVE-2014-4980
published 2014-07-23CVE-2014-4980: The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.70%
74.3th percentile
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | nessus | — | — |
| tenable | web_ui | <= 2.3.4 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p784-84p4-47fp: The /server/properties resource in Tenable Web UI before 2
ghsa_unreviewed·2022-05-14
CVE-2014-4980 [MEDIUM] CWE-200 GHSA-p784-84p4-47fp: The /server/properties resource in Tenable Web UI before 2
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.
Red Hat
kernel: Bluetooth: fix use-after-free in device_for_each_child()
vendor_redhat·2024-12-27·CVSS 7.8
CVE-2024-53237 [HIGH] CWE-416 kernel: Bluetooth: fix use-after-free in device_for_each_child()
kernel: Bluetooth: fix use-after-free in device_for_each_child()
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: fix use-after-free in device_for_each_child()
Syzbot has reported the following KASAN splat:
BUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0
Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980
CPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
Call Trace:
dump_stack_lvl+0x100/0x190
? device_for_each_child+0x18f/0x1a0
print_report+0x13a/0x4cb
? __virt_addr_valid+0x5e/0x590
? __phys_addr+0xc6/0x150
? device_for_each_child+0x18f/0x1a0
kasan_report+0xda/0x110
? device_for_each_child+0x18f/0x1a0
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/127532/Tenable-Nessus-5.2.7-Parameter-Tampering-Authentication-Bypass.htmlhttp://www.halock.com/blog/cve-2014-4980-parameter-tampering-nessus-web-ui/http://www.osvdb.org/109376http://www.securityfocus.com/archive/1/532839/100/0/threadedhttp://www.securityfocus.com/bid/68782http://www.securitytracker.com/id/1030614http://www.tenable.com/security/tns-2014-05http://packetstormsecurity.com/files/127532/Tenable-Nessus-5.2.7-Parameter-Tampering-Authentication-Bypass.htmlhttp://www.halock.com/blog/cve-2014-4980-parameter-tampering-nessus-web-ui/http://www.osvdb.org/109376http://www.securityfocus.com/archive/1/532839/100/0/threadedhttp://www.securityfocus.com/bid/68782http://www.securitytracker.com/id/1030614http://www.tenable.com/security/tns-2014-05
2014-07-23
Published