Lucene search
K

39 matches found

Tenable Nessus
Tenable Nessus
added 2020/06/05 12:0 a.m.35 views

Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20200603)

Security Fixes : - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals CVE-2020-8616 - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c CVE-2020-8617 C Tenable Network Security, Inc. The...

8.6CVSS6.7AI score0.93422EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2020/03/19 12:0 a.m.34 views

Scientific Linux Security Update : zsh on SL6.x i386/x86_64 (20200318)

Security Fixes : - zsh: insecure dropping of privileges when unsetting PRIVILEGED option CVE-2019-20044 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid134695; scriptversion"1.3";...

7.8CVSS8AI score0.00495EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/02/27 12:0 a.m.61 views

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190226)

Security Fixes : - kernel: MIDI driver race condition leads to a double-free CVE-2018-10902 Bug Fixes : - Previously backported upstream patch caused a change in the behavior of page fault handler. As a consequence, applications compiled through GNU Compiler Collection GCC version 4.4.7 sometimes...

7.8CVSS6.9AI score0.00523EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/07/03 12:0 a.m.34 views

Scientific Linux Security Update : zsh on SL6.x i386/x86_64 (20180619)

Security Fixes : - zsh: Stack-based buffer overflow in genmatchesfiles at compctl.c CVE-2018-1083 - zsh: buffer overflow when scanning very long directory paths for symbolic links CVE-2014-10072 - zsh: buffer overrun in symlinks CVE-2017-18206 - zsh: buffer overflow in utils.c:checkmailpath can...

9.8CVSS8.2AI score0.03173EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/04/24 12:0 a.m.26 views

Scientific Linux Security Update : patch on SL6.x i386/x86_64 (20180423)

Patch should be installed because it is a common way of upgrading applications. Security Fixes : - patch: Malicious patch files cause ed to execute arbitrary commands CVE-2018-1000156 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...

7.8CVSS7.6AI score0.0556EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/07/12 12:0 a.m.74 views

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20170711)

Security Fixes : - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters...

7.5CVSS6.4AI score0.13252EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/11/22 12:0 a.m.20 views

Scientific Linux Security Update : policycoreutils on SL6.x, SL7.x i386/x86_64

Security Fixes : - It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox...

8.8CVSS0.1AI score0.00382EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/02/17 12:0 a.m.26 views

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160216)

Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 After...

9.3CVSS8AI score0.0831EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2016/01/11 12:0 a.m.249 views

Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20160107) (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

5.9CVSS7.3AI score0.0288EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/08/18 12:0 a.m.41 views

Scientific Linux Security Update : sqlite on SL6.x i386/x86_64 (20150817)

It was found that SQLite's sqlite3VXPrintf function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. CVE-2015-3416...

7.5CVSS7AI score0.05531EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/04/22 12:0 a.m.26 views

Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150421)

It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM- allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. CVE-2014-8106 This update also fixes the following bug : -...

4.6CVSS7.2AI score0.00603EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.54 views

Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64 (20141209)

It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and...

7.6CVSS7.3AI score0.07669EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/01/10 12:0 a.m.66 views

Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140108)

A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. CVE-2013-6449 It was discovered that the Datagr...

5.8CVSS6.9AI score0.21174EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2013/12/04 12:0 a.m.30 views

Scientific Linux Security Update : luci on SL6.x i386/x86_64 (20131121)

A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. CVE-2013-4482 A flaw was found in the way luci...

6.2CVSS5.7AI score0.00378EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/07/31 12:0 a.m.33 views

Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20130730)

A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. CVE-2013-4854 After installing the update, the BIND daemon named will be restarted...

7.8CVSS6.4AI score0.3415EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/01/17 12:0 a.m.29 views

Scientific Linux Security Update : conga on SL5.x i386/x86_64 (20130108)

It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials. CVE-2012-3359 This...

3.7CVSS5.5AI score0.0034EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/11/15 12:0 a.m.33 views

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121113)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : - It was found that a previous update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged use...

7.1CVSS7.5AI score0.03431EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.37 views

Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64

An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. CVE-2008-4226 A denial of service...

10CVSS8.6AI score0.04051EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.13 views

Scientific Linux Security Update : selinux-policy on SL6.x i386/x86_64 (20120709)

This update adds the following enhancements : - When the system produces a new SELinux denial, the setroubleshootd daemon executes the rpm tool to check information about the relevant packages. Previously, setroubleshootd was unable to execute the rpm tool, and AVC denials were logged in the...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.57 views

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120209)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - Using the SGIO ioctl to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged...

7.8CVSS6.6AI score0.20492EPSS
Exploits11References6
Rows per page
Query Builder