Amazon Linux AMI : squid (ALAS-2019-1176)

A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine. CVE-2018-19132 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AM...

Amazon Linux 2 : libXcursor (ALAS-2019-1173)

XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.CVE-2015-9262 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Photon OS 2.0: Linux PHSA-2018-2.0-0043

An update of the linux package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0043. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121945...

Photon OS 1.0: Openjre PHSA-2016-0015

An update of the openjre package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2016-0015. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121661;...

Photon OS 2.0: Systemd PHSA-2018-2.0-0076

An update of the systemd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0076. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 2.0: Binutils PHSA-2018-2.0-0064

An update of the binutils package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0064. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 1.0: Linux PHSA-2017-0042

An update of the linux package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0042. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121752;...

Photon OS 1.0: Xerces PHSA-2018-1.0-0126

An update of the xerces package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid12183...

Photon OS 2.0: Freetype2 PHSA-2018-2.0-0058

An update of the freetype2 package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0058. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 29 : openssh (2019-f6ff819834)

This update fixes CVE-2018-20685 the first 'variant' and backports several fixes to unbreak ECDSA authentication from PKCS11, certificate authentication and so on. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

Security Updates for Microsoft Office Web Apps (January 2019)

The Microsoft Office Web Apps installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who...

Amazon Linux 2 : wget (ALAS-2018-1121)

A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.CVE-2018-0494 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2...

Security Updates for Microsoft Team Foundation Server (November 2018)

The Microsoft Team Foundation Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Team Foundation Server TFS does not enable basic authorization on the communication betwee...

Slackware 14.2 / current : ghostscript (SSA:2018-256-01)

New ghostscript packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-256-01. The text itself is copyright C Slackware Linux, Inc...

Amazon Linux 2 : ncurses (ALAS-2018-1053)

A NULL pointer dereference was found in the way the ncparseentry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it.CVE-2018-10754 C Tenable Network Security, Inc. The descriptive text...

RHEL 7 : libvirt (RHSA-2018:1997)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1997 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In...

VOOKI - Web Application Vulnerability Scanner

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...

Amazon Linux 2 : xdg-user-dirs (ALAS-2018-1030)

It was found that the system umask policy is not being honored when creating XDG user directories /Desktop etc on first login. This could lead to user's files being inadvertently exposed to other local users.CVE-2017-15131 C Tenable Network Security, Inc. The descriptive text and package checks i...

MacOS 10.13 root Authentication Bypass (Security Update 2017-001)

The remote host is running a version of MacOS 10.13 or 10.13.1 that is missing a security update. It is, therefore, affected by a root authentication bypass vulnerability. A local attacker or a remote attacker with credentials for a standard user account has the ability to blank out the root...

Oracle Linux 6 : openssh (ELSA-2017-2563)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2563 advisory. 5.3p1-123 - Fix for CVE-2016-6210: User enumeration via covert timing channel 1357442 Tenable has extracted the preceding description block directly from the...