RHEL 7 : libxrandr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXrandr: Insufficient validation of server responses result in various data mishandlings CVE-2016-7948 ...

RHEL 6 : spice-gtk (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spice-gtk: Integer overflows causing buffer overflows in spice-client CVE-2017-12194 - The spice-gtk widg...

RHEL 7 : libksba (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libksba: Out-of-bounds read in ksbaberparsetl CVE-2016-4579 - ber-decoder.c in Libksba before 1.3.3 does...

GLSA-202405-11 : MIT krb5: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-11 MIT krb5: Multiple Vulnerabilities - ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer...

Fedora 40 : firefox (2024-cd3a64f43b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cd3a64f43b advisory. - Updated to 124.0 ---- - Updated to latest upstream 123.0.1 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 40 : thunderbird (2024-fc2ae12c31)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fc2ae12c31 advisory. Update to 115.9.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/...

RHEL 5 : java-1.4.2-ibm-sap (RHSA-2011:1265)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1265 advisory. - IBM JDK Class file parsing denial-of-service CVE-2011-0311 - Oracle/IBM JDK: unspecified vulnerabilities fixed in 6u26 Sound CVE-2011-0802...

CentOS 7 : thunderbird (RHSA-2024:1935)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1935 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6750-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6750-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsin...

AlmaLinux 9 : firefox (ALSA-2024:1908)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1908 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

Mozilla Thunderbird < 115.10

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-20 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only...

Mozilla Thunderbird < 115.10

The version of Thunderbird installed on the remote Windows host is prior to 115.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-20 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected...

Debian dla-3790 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3790 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3790-1 [email protected]...

NewStart CGSL CORE 5.04 / MAIN 5.04 : git Multiple Vulnerabilities (NS-SA-2024-0015)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by multiple vulnerabilities: - Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by...

Oracle Linux 7 : firefox (ELSA-2024-1910)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-1910 advisory. 115.10.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add...

Fedora 39 : firefox (2024-121f5cec9f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-121f5cec9f advisory. - New upstream release 125.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

CVE-2024-3859

On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

Security Vulnerabilities fixed in Firefox 125 — Mozilla

GetBoundName could return the wrong version of an object when JIT optimizations were applied. Memory corruption in the networking stack could have led to a potentially exploitable crash. A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage...

Security Vulnerabilities fixed in Firefox ESR 115.10 — Mozilla

GetBoundName could return the wrong version of an object when JIT optimizations were applied. In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. The JIT created incorrect code for arguments in certain cases. This led to potential...

CentOS 8 : thunderbird (CESA-2024:1494)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:1494 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...