136 matches found
RHEL 8 : go-toolset:rhel8 (RHSA-2019:3433)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3433 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: malformed hosts in...
Fedora 31 : nbdkit (2019-a75665981b)
New upstream version 1.14.1. Fixes Denial of Service / Amplication Attack: https://www.redhat.com/archives/libguestfs/2019-September/msg00084.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempte...
Fedora 29 : 1:openssl (2019-d51641f152)
Minor update release 1.1.1d with low impact security fixes. ---- Fix for TLS non-compliance causing server interoperability problems with golang TLS client. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
Amazon Linux 2 : kernel (ALAS-2019-1253)
There is a newly discovered variant side-channel attack of Spectre V1 which leverages SWAPGS instructions to bypass KPTI/KVA mitigations. This could lead to a kernel information disclosure. CVE-2019-1125 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Fedora 29 : evince (2019-ff2b5b5b47)
Security fix for CVE-2019-11459. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
Fedora 29 : buildbot (2019-2ea119f414)
Update to 1.8.2 to fix CVE-2019-12300. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
RHEL 7 : ovmf (RHSA-2019:0809)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0809 advisory. OVMF Open Virtual Machine Firmware is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for...
KB4493478: Security update for Adobe Flash Player (April 2019)
The remote Windows host is missing security update KB4493478. It is, therefore, affected by multiple vulnerabilities: - A use-after-free vulnerability exists in Adobe Flash. An unauthenticated, remote attacker could exploit this to execute arbitrary code. CVE-2019-7096 - An information disclosure...
Fedora 29 : wget (2019-7a0497cbc2)
update to 1.20.3 - fixed CVE-2019-5953 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
Amazon Linux AMI : squid (ALAS-2019-1176)
A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine. CVE-2018-19132 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AM...
Amazon Linux 2 : libXcursor (ALAS-2019-1173)
XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.CVE-2015-9262 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Amazon Linux 2 : wget (ALAS-2018-1121)
A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.CVE-2018-0494 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2...
Slackware 14.2 / current : ghostscript (SSA:2018-256-01)
New ghostscript packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-256-01. The text itself is copyright C Slackware Linux, Inc...
Amazon Linux 2 : ncurses (ALAS-2018-1053)
A NULL pointer dereference was found in the way the ncparseentry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it.CVE-2018-10754 C Tenable Network Security, Inc. The descriptive text...
RHEL 7 : libvirt (RHSA-2018:1997)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1997 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In...
Amazon Linux 2 : xdg-user-dirs (ALAS-2018-1030)
It was found that the system umask policy is not being honored when creating XDG user directories /Desktop etc on first login. This could lead to user's files being inadvertently exposed to other local users.CVE-2017-15131 C Tenable Network Security, Inc. The descriptive text and package checks i...
MacOS 10.13 root Authentication Bypass (Security Update 2017-001)
The remote host is running a version of MacOS 10.13 or 10.13.1 that is missing a security update. It is, therefore, affected by a root authentication bypass vulnerability. A local attacker or a remote attacker with credentials for a standard user account has the ability to blank out the root...
Oracle Linux 6 : openssh (ELSA-2017-2563)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2563 advisory. 5.3p1-123 - Fix for CVE-2016-6210: User enumeration via covert timing channel 1357442 Tenable has extracted the preceding description block directly from the...
Microsoft Office 2010 Service Pack 2 Remote Code Execution Vulnerability (KB3203468)
This host is missing an important security update according to Microsoft KB3203468 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Fedora 23 : kernel-4.4.7-300.fc23 (2016-8e858f96b8)
The 4.4.7 update contains a number of important fixes across the kernel tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...