90 matches found
Debian DSA-4817-1 : php-pear - security update
Two vulnerabilities were discovered in the PEAR ArchiveTar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
openSUSE Security Update : xen (openSUSE-2020-2192)
This update for xen fixes the following issues : - bsc1178963 - VUL-0: xen: stack corruption from XSA-346 change XSA-355 This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
Photon OS 3.0: Linux PHSA-2020-3.0-0142
An update of the linux package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0142. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid140708;...
Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200908)
Security Fixes : - Mozilla: Attacker-induced prompt for extension installation CVE-2020-15664 - Mozilla: Use-After-Free when aborting an operation CVE-2020-15669 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid140440;...
Junos OS: SRX Series: Unified Access Control (UAC) bypass vulnerability (JSA11018)
The version of Junos OS installed on the remote host is prior to 12.3X48-D100, 15.1X49-D210, 17.3R2-S5, 17.4R2-S9, 18.1R3-S10, 18.2R2-S7, 18.3R1-S7, 18.4R1-S6, 19.1R1-S4, 19.2R1-S3, 19.3R2-S1, or 19.4R1-S1. It is, therefore, affected by a unified access control UAC bypass vulnerability as...
Cisco IOS XE Software Web UI Command Injection (cisco-sa-web-cmdinj3-44st5CcA)
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. Please see the included Cisco BID and Cisco Security Advisory for more information. TRUSTED...
Cisco Firepower Management Center File Overwrite (cisco-sa-fmcai-z5dQObVN)
File overwrite vulnerability exist in the web UI of Cisco Firepower Management Center due to insufficient input validation. An authenticated, remote attacker can exploit this by sending crafted input to the web UI in order to overwrite files on the file system of the affected device. Please see t...
Fedora 31 : python-waitress (2020-65a7744e38)
Update to 1.4.3, fixing CVE-2019-16786 CVE-2019-16785 CVE-2019-16789 and adding various other hardening features. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and forma...
RHEL 8 : nss (RHSA-2019:4114)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4114 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...
Fedora 29 : kernel / kernel-headers (2019-69c132b061)
Update to v5.1.15 ---- Update to v5.1.14 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
GLSA-201904-25 : QEMU: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201904-25 QEMU: Multiple vulnerabilities Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...
Fedora 28 : libarchive (2018-20c24949c0)
latest upstream release, fixes several CVE issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Adobe Flash Player for Mac <= 29.0.0.171 (APSB18-19)
The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110396; scriptversion"1.8";...
F5 Networks BIG-IP : Linux kernel vulnerability (K20022580)
Use-after-free vulnerability in net/unix/afunix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AFUNIX socket permissions or cause a denial of service panic via crafted epollctl calls. CVE-2013-7446 C Tenable Network Security, Inc. The descriptive text and package checks ...
F5 Networks BIG-IP : libxml2 vulnerability (K14338030)
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document. CVE-2016-1762 File data f5bigipSOL14338030.nasl...
F5 Networks BIG-IP : PHP vulnerability (K42065024)
DISPUTED Integer overflow in the phprawurlencode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service application crash via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if...
F5 Networks BIG-IP : QEMU vulnerability (SOL51841514)
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WINREADNATIVEMAX command to an empty drive, which triggers a...
F5 Networks BIG-IP : PHP vulnerability (SOL14574)
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file upload...
Oracle Identity Analytics / Sun Role Manager Unspecified Remote Vulnerability (April 2014 CPU)
The remote Oracle Identity Analytics formerly known as Sun Role Manager install is affected by an unspecified vulnerability that can be exploited by remote, authenticated attackers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Fedora 15 : tremulous-1.2.0-0.4.beta1.fc15 (2012-2405)
Fixes CVE-2011-2764 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...