RHCOS 3 : atomic-openshift (RHSA-2016:1427)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1427 advisory. - Kubernetes: disclosure of information in multi tenant environments via watch-cache list CVE-2016-5392 Note that Nessus has not tested for...

RHCOS 3 : Red Hat OpenShift Enterprise 3.1 (RHSA-2016:1852)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1852 advisory. - libarchive: Archive Entry with type 1 hardlink, but has a non-zero data size file overwrite CVE-2016-5418 Note that Nessus has not tested f...

MiracleLinux 4 : thunderbird-38.5.0-1.AXS4 (AXSA:2016-004:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-004:01 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security issues fixed with this release: CVE-2015-7201 Multiple unspecified...

MiracleLinux 4 : python-twisted-web-8.2.0-5.AXS4 (AXSA:2016-689:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2016-689:01 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Pytho...

MiracleLinux 7 : rh-python35-python-3.5.1-9.el7 (AXSA:2016-629:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-629:01 advisory. Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details,...

MiracleLinux 4 : thunderbird-45.5.0-1.AXS4 (AXSA:2016-1131:08)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2016-1131:08 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security issues fixed with this release: CVE-2016-5290 RESERVED This candidate has been reserv...

MiracleLinux 7 : firefox-45.3.0-1.0.1.el7.AXS7 (AXSA:2016-608:06)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-608:06 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

MiracleLinux 7 : nss-3.19.1-19.el7 (AXSA:2016-016:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-016:01 advisory. Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications...

MiracleLinux 4 : bind-9.8.2-0.47.3.0.1.rc1.AXS4 (AXSA:2016-718:05)

"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-718:05 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names ...

MiracleLinux 4 : libxml2-2.7.6-21.1.0.1.AXS4 (AXSA:2016-544:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-544:01 advisory. Description: This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support thi...

SUSE CVE-2016-5824

libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...

DEBIAN-CVE-2016-9539

tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer. Reported as MSVR 35092...

Immunity Canvas: JENKINS_JRMP_DESERIALIZATION

Name| jenkinsjrmpdeserialization ---|--- CVE| CVE-2016-0788 Exploit Pack| CANVAS Description| jenkinsjrmpdeserialization Notes| CVE Name: CVE-2016-0788 VENDOR: Jenkins NOTES: Versions tested: Ubuntu Linux 14.04.3 Jenkins 1.598 - 6 / 7 / 8 Jenkins 1.649 - 7 / 8 Windows 7 Ultimate SP1 Jenkins 1.598...

graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart...

Jenkins 低权限用户 API 服务调用 可致远程命令执行

漏洞演示 将 Jenkins 跑起来后，在低权限用户下构造 XML 文档： hashCode open /Applications/Calculator.app false 0 0 0 start 1 发送 Payload 至接口 http://...:8080/jenkins/createItem?name=knownsec： 成功后服务端会运行 计算器 程序。 漏洞影响 影响版本： 1.650 （1.650版本已修复该问题） 从zoomeye.org上搜索设备指纹“Jenkins” 从搜索的结果来看，约存在20000个潜在受到影响的目标。 相关链接...

Oracle Linux 5 / 7 : java-1.7.0-openjdk (ELSA-2016-0054)

The remote Oracle Linux 5 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0054 advisory. 1.7.0.95-2.6.4.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.95-2.6.4.0 - Bump to 2.6.4 and u95b00. - Backport tarball creation script from OpenJDK...