Oracle Linux 8 : gstreamer1-plugins-base (ELSA-2024-11345)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-11345 advisory. 1.16.1-5.0.1 - Update origin URL Orabug: 36209826 1.16.1-5 - Fixes for CVE-2024-47538, CVE-2024-47607, CVE-2024-47615 Resolves: RHEL-70974, RHEL-71010...

Oracle Linux 7 / 8 / 9 : linux-firmware (ELSA-2024-12797)

The remote Oracle Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12797 advisory. 20241003-999.35.git95bfe086.el8 - Rebase to latest upstream Orabug: 37132142 - Fix build error in ol7 due to linking in copy-firmware.sh Orabu...

FreeBSD : chromium -- multiple security fixes (2f82696c-adad-447b-9938-c99441805fa3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2f82696c-adad-447b-9938-c99441805fa3 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...

Oracle Linux 8 : grafana (ELSA-2024-7349)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-7349 advisory. 9.2.10-18 - Resolves RHEL-47191 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

NewStart CGSL MAIN 6.06 : cpio Vulnerability (NS-SA-2023-0088)

The remote NewStart CGSL host, running version MAIN 6.06, has cpio packages installed that are affected by a vulnerability: - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-boun...

Debian dla-3150 : rexical - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3150 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3150-1 [email protected] https://www.debian.org/lts/security/...

PHP 8.0.x < 8.0.24 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...

Debian dla-3087 : gir1.2-javascriptcoregtk-4.0 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3087 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3087-1 [email protected] https://www.debian.org/lts/security/...

CentOS 8 : nodejs:12 (CESA-2020:0598)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:0598 advisory. - nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string CVE-2019-15604 - nodejs: HTTP request smuggling using...

CentOS 8 : java-1.8.0-openjdk (CESA-2020:1515)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1515 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 - OpenJDK: Incorrect handling of empty...

RHEL 8 : thunderbird (RHSA-2020:3342)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3342 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fixes:...

Ubuntu 18.04 LTS : VLC vulnerabilities (USN-4131-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4131-1 advisory. It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could...

PHP 7.1.x < 7.1.2 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.2. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in mysqli.c due to a memory leak. An unauthenticated, remote attacker can exploit this to...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox vulnerability (USN-3682-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3682-1 advisory. A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could...

RHEL 7 : glibc (RHSA-2014:2023)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:2023 advisory. - glibc: command execution in wordexp with WRDENOCMD specified CVE-2014-7817 Note that Nessus has not tested for this issue but has instead relied on...

Oracle Linux 6 : udisks (ELSA-2014-0293)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-0293 advisory. 1.0.1-7.el65 - Make sure doc subpackage is noarch 1.0.1-6.el65 - Put devel-docs in a separate package related: rhbz1070145 . 1.0.1-5.el65 - Related: rhbz1070145...

Oracle Linux 5 / 6 : ruby (ELSA-2013-1090)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1090 advisory. - Fix regression introduced by CVE-2013-4073 https://bugs.ruby-lang.org/issues/8575...