CVE-2018-25414 AiOPMSD Final 1.0.0 SQL Injection via actor.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

RHCOS 3 : OpenShift Container Platform 3.6 (RHSA-2018:3598)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3598 advisory. - kubernetes: authentication/authorization bypass in the handling of non-101 responses CVE-2018-1002105 Note that Nessus has not tested for...

RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2018:3537)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3537 advisory. - kibana: Cross-site scripting via the source field formatter CVE-2018-3830 - nodejs: Out of bounds OOB write via UCS-2 encoding...

RHCOS 3 : OpenShift Container Platform 3.8 (RHSA-2018:1229)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1229 advisory. - source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go CVE-2018-1102 Note that Nessus has not tested fo...

RHCOS 3 : OpenShift Container Platform 3.5 (RHSA-2018:1235)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1235 advisory. - source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go CVE-2018-1102 Note that Nessus has not tested fo...

MiracleLinux 7 : patch-2.7.1-10.el7 (AXSA:2018-2972:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2972:01 advisory. patch: Malicious patch files cause ed to execute arbitrary commands CVE-2018-1000156 Tenable has extracted the preceding description block directly from the...

MiracleLinux 4 : python-paramiko-1.7.5-4.AXS4 (AXSA:2018-2793:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2793:01 advisory. python-paramiko: Authentication bypass in transport.py CVE-2018-7750 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.506.AXS4.1 (AXSA:2018-3247:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3247:04 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Tenable has extracted...

MiracleLinux 7 : krb5-1.15.1-34.el7 (AXSA:2018-3419:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3419:03 advisory. krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data CVE-2018-5729 krb5: DN container check bypass by...

MiracleLinux 7 : libvorbis-1.3.3-8.el7.1 (AXSA:2018-2816:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2816:01 advisory. Mozilla: Vorbis audio processing out of bounds write MFSA 2018-08 CVE-2018-5146 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : libvncserver-0.9.9-12.el7 (AXSA:2018-2817:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2817:02 advisory. libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c CVE-2018-7225 Tenable has extracted the preceding description block...

MiracleLinux 7 : firefox-60.2.2-1.0.1.el7.AXS7 (AXSA:2018-3353:07)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3353:07 advisory. Mozilla: type confusion in JavaScript CVE-2018-12386 Mozilla: stack out-of-bounds read in Array.prototype.push CVE-2018-12387 Tenable has extracted...

MiracleLinux 7 : libvirt-3.9.0-14.5.0.1.el7.AXS7 (AXSA:2018-3138:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3138:01 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Tenable has extracted the...

MiracleLinux 7 : policycoreutils-2.5-22.el7 (AXSA:2018-2922:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2922:01 advisory. policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead CVE-2018-1063 Tenable has extracted the...

MiracleLinux 7 : rh-mysql56-mysql-5.6.39-1.el7.1 (AXSA:2018-2639:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2639:01 advisory. mysql: sha256password authentication DoS via long password CVE-2018-2696 mysql: Server : Partition unspecified vulnerability CPU Jan 2018...

MiracleLinux 4 : xmlrpc3-3.0-4.17.AXS4 (AXSA:2018-3129:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3129:01 advisory. xmlrpc: Deserialization of untrusted Java object through tag CVE-2016-5003 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 7 : libreoffice-5.0.6.2-15.el7 (AXSA:2018-2622:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2622:01 advisory. libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula CVE-2018-6871 Tenable has extracted the preceding description block direct...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.171-8.b10.AXS4 (AXSA:2018-3113:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3113:02 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Tenable has extracted the...

MiracleLinux 7 : libvirt-3.2.0-14.el7.7 (AXSA:2018-2502:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2502:01 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used...

MiracleLinux 7 : firefox-60.2.0-1.0.1.el7.AXS7 (AXSA:2018-3322:05)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3322:05 advisory. Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 CVE-2018-12376 Mozilla: Use-after-free in driver timers CVE-2018-12377 Mozilla:...