Fedora 37 : netconsd (2023-88629e9585)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-88629e9585 advisory. Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ2181655 Tenable has extracted the preceding description block directly from the Fedora security advisory...

RHEL 7 : kpatch-patch (RHSA-2023:0404)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0404 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fixe...

Taking the Risk-Based Approach to Vulnerability Patching

Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation. Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of...

AlmaLinux 8 : tcpdump (ALSA-2021:4236)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4236 advisory. - The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVE-2020-8037 Note that Nessus has not tested for this issue but has...

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-30882)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in the InnoDB component of Oracle MySQL Server 5.7.33, 8.0.23 and earlier versions. An attacker could exploit this vulnerability to affect availability...

CentOS 8 : sane-backends (CESA-2020:2902)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:2902 advisory. - sane-backends: Heap buffer overflow in epsondsnetread in epsonds-net.c CVE-2020-12861 - sane-backends: Heap buffer overflow in esci2img CVE-2020-1286...

Photon OS 3.0: Linux PHSA-2019-3.0-0041

An update of the linux package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0041. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid132530;...

Photon OS 2.0: Libgcrypt PHSA-2018-2.0-0091

An update of the libgcrypt package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0091. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2018-13405

creationtimestamp| type| source ---|---|--- 2018-07-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45033 2022-08-24 20:23:00+00:00| seen| https://t.me/cibsecurity/48666 2022-08-29 18:34:20+00:00| seen| https://t.me/cibsecurity/48974 2022-09-01 07:42:36+00:00| seen|...

Fedora 27 : thunderbird-enigmail (2018-fd67c19256)

Security fix CVE-2018-12019 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Outpost24 OUTSCAN for detecting vulnerabilities on your network perimeter

Today I would like to write a post about Outpost24. This company was founded in 2001. For comparison, Tenable was founded in 2002 and Qualys in 1999. So, it's a company with a pretty long history. Outpost24 make Vulnerability Management & Web Application Security products and provide various...

Philips Xper-IM Connect Vulnerabilities

OVERVIEW Independent researchers Mike Ahmadi of Synopsys and Billy Rios of Whitescope LLC, in collaboration with Philips, have identified numerous vulnerabilities with an automated software composition analysis tool in the Philips Xper-IM Connect system running on Windows XP. Philips reports that...

openSUSE Security Update : flash-player (openSUSE-2015-473) (Underminer)

flash-player was updated to fix one security issue. This security issue was fixed : - CVE-2015-5119: Unspecified vulnerability allowing remote attackers to take over the system bsc937339. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Exploit For Ms12-020 RDP Bug Moves to Metasploit

As the inquiry into who leaked the proof-of-concept exploit code for the MS12-020 RDP flaw continues, organizations that have not patched their machines yet have a new motivation to do so: A Metasploit module for the vulnerability is now available. It’s been a week now since Microsoft released a...

GGCMS <= 1.1.0 RC1 Remote Code Execution Exploit

No description provided by source. ? // //Kacper & str0ke Settings $exploitname = "GGCMS = v1.1.0 RC1 Remote Auto Deface Exploit / Remote Code Execution Exploit"; $scriptname = "GGCMS v1.1.0 RC1"; $scriptsite = "http://ggcms.weblance.pl/"; $dork = '"Powered by GGCMS"'; // print ' :::::::::...

Symantec Sygate Management Server: SMS Authentication Servlet SQL Injection

SUMMARY A SQL injection vulnerability in Symantec's Sygate Management Server SMS version 4.1, build 1417 and earlier could potentially allow a remote or local attacker to gain administrative privileges to the SMS server. Risk Impact High Remote Access | Yes ---|--- Local Access | Yes Authenticati...

Hummingbird InetD LPD Component (Lpdw.exe) Data Overflow

The lpd daemon installed on the remote host appears to be from the Hummingbird Connectivity suite and suffers from a buffer overflow vulnerability. An attacker can crash the daemon by sending commands with overly-long queue names. Additionally, with a specially crafted packet, the attacker can al...

MS05-017: Vulnerability in MSMQ Could Allow Code Execution (892944)

The remote version of Windows is affected by a vulnerability in Microsoft Message Queuing Service MSMQ. An attacker could exploit this flaw to execute arbitrary code on the remote host with the SYSTEM privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18021;...

Cisco IOS Malformed BGP Packet Processing Remote DoS (CSCee67450)

The remote version of IOS is vulnerable to a denial of service attack when processing malformed BGP packets. If IPv6 is enabled, an attacker may exploit this flaw to prevent the router from working properly. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid17635;...

CA License Service Multiple Vulnerabilities

The remote host is running the Computer Associate License Application. The remote version of this software is vulnerable to several flaws that could allow a remote attacker to execute arbitrary code on the remote host with SYSTEM privileges. C KK Liu Changes by Tenable: - Fixed the request -...