Oracle Identity Manager (Apr 2023 CPU)

The version of Oracle Identity Manager installed on the remote host is missing a security patch and is, therefore affected by multiple vulnerabilities as referenced in the April 2023 Critical Patch UpdateCPU advisory. - Vulnerability in the jackson-databind component of Oracle Identity Manager...

SUSE SLES12 Security Update : php7 (SUSE-SU-2023:1847-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1847-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

Fedora 36 : firefox (2023-50f9eb7aca)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-50f9eb7aca advisory. - New upstream update 112.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

Adobe Substance 3D Stager 缓冲区错误漏洞

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Substance 3D Stager in versions 2.0.1 and earlier. The vulnerability stems from a failure to perform security checksums on parameters in a user's context,...

CBL Mariner 2.0 Security Update: bind (CVE-2022-3080)

The version of bind installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3080 advisory. - By sending specific queries to the resolver, an attacker can cause named to crash. CVE-2022-3080 Note that Ness...

SUSE SLES12 Security Update : dpdk (SUSE-SU-2023:1572-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1572-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

RHEL 8 : nss (RHSA-2023:1369)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1369 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

Amazon Linux 2 : nss (ALAS-2023-1992)

The version of nss installed on the remote host is prior to 3.79.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1992 advisory. firefox-esr , thunderbird and nss only are affected by this package. CVE-2023-0767 Tenable has extracted the preceding description blo...

CBL Mariner 2.0 Security Update: mariadb (CVE-2022-27449)

The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-27449 advisory. - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component...

Fedora 36 : tigervnc (2023-c41e8f24bb)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c41e8f24bb advisory. Tigervnc 1.13.1 update. CVE-2023-0494 tigervnc: xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation Tenable has...

Fedora 38 : stb (2023-815aa77986)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-815aa77986 advisory. Fix null pointer dereference in stbimage Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Scientific Linux Security Update : pesign on SL7.x x86_64 (2023:1093)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2023:1093-1 advisory. - pesign: Local privilege escalation on pesign systemd service CVE-2022-3560 Note that Nessus has not tested for this issue but has instead relied only on...

Fedora 36 : kernel (2023-457955ce13)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-457955ce13 advisory. The 6.1.12 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly from the...

SUSE CVE-2005-1158

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...

SUSE CVE-2008-1515

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."...

Vulnerable to clickjacking

Description Vulnerable to clickjacking Proof of Concept 1 Create an iframe.html with below contents The iframe element 2 Open with firefox and note that the frame is loaded which is potential to clickjacking due to missing x-frame-options security headers...

AIX (IJ42677)

The version of AIX installed on the remote host is prior to APAR IJ42677. It is, therefore, affected by a vulnerability as referenced in the IJ42677 advisory. - IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflo...

Oracle Linux 8 : expat (ELSA-2023-0103)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0103 advisory. - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910314 - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DT...

Mozilla Firefox Security Advisory (MFSA2021-33) - Mac OS X

This host is missing a security update for Mozilla Firefox. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Amazon Linux 2022 : jdom, jdom-demo, jdom-javadoc (ALAS2022-2022-168)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-168 advisory. An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CVE-2021-33813 Tenable has extracted the preceding description block directly...