CentOS 8 : container-tools:2.0 (CESA-2021:0706)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:0706 advisory. - podman: container users permissions are not respected in privileged containers CVE-2021-20188 Note that Nessus has not tested for this issue but has instead...

openSUSE Security Update : virtualbox (openSUSE-2021-165)

This update for virtualbox fixes the following issues : Version update to 6.1.18 released January 19 2021 This is a maintenance release. The following items were fixed and/or added : - Nested VM: Fixed hangs when executing SMP nested-guests under certain conditions on Intel hosts bug 19315, 19561...

RHEL 8 : freerdp (RHSA-2020:2335)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2335 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

CVE-2019-0069

On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device...

Design/Logic Flaw

On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device...

CVE-2019-0069 Junos OS: vSRX, SRX1500, SRX4K, ACX5K, EX4600, QFX5100, QFX5110, QFX5200, QFX10K and NFX Series: console management port device authentication credentials are logged in clear text

On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device...

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2019:1547-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-5525

VMware Workstation 15.x before 15.1.0 contains a use-after-free vulnerability in the Advanced Linux Sound Architecture ALSA backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where...

Design/Logic Flaw

VMware Workstation 15.x before 15.1.0 contains a use-after-free vulnerability in the Advanced Linux Sound Architecture ALSA backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where...

CVE-2019-5525

VMware Workstation 15.x before 15.1.0 contains a use-after-free vulnerability in the Advanced Linux Sound Architecture ALSA backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where...

CVE-2019-5525

CVE-2019-5525 is a use-after-free vulnerability in the ALSA backend of VMware Workstation. In the Linux host context, a malicious user with normal guest-privilege can exploit the issue (in combination with other issues) to execute arbitrary code on the host. Affected are VMware Workstation 15.x p...

Immunity Canvas: BLUEKEEP

Name| BLUEKEEP ---|--- CVE| CVE-2019-0708 Exploit Pack| CANVAS Description| BLUEKEEP - Remote command execution RDP Notes| CVE Name: CVE-2019-0708 VENDOR: Microsoft NOTES: -- IMPORTANT -- The module is currently in beta stage. If you do not select "Allow remote code execution" from the module's...

Cisco NX-OS Command Injection Vulnerability (CNVD-2019-14614)

Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A command injection vulnerability exists in the CLI of Cisco NX-OS. The vulnerability stems from insufficient validation of parameters...

RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts

A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to the host operating system. The vulnerability,...

VirtualBox 5.2.6.r120293 - VM Escape Exploit

Exploit for linux platform in category local exploits Oracle fixed some of the issues I reported in VirtualBox during the Oracle Critical Patch Update - April 2018. CVE-2018-2844 was an interesting double fetch vulnerability in VirtualBox Video Acceleration VBVA feature affecting Linux hosts. VBV...

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML...

ISC DHCP 4.1.0 to 4.1-ESV-R15 / 4.2.0 to 4.2.8 / 4.3.0 to 4.3.6 DoS vulnerability

The DHCP server version installed on the remote host is 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, or 4.3.0 to 4.3.6. It is, therefore, vulnerable to a denial of service condition with in the omapiconnectionwriter function of the omapip/buffer.c script due to improper handling of an empty message. A...

Test existence of App-Armor, SeLinux

This script checks the existence of App-Armor and SeLinux on a Linux host. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-4915

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine...