FreeBSD : chromium -- multiple vulnerabilities (7d138476-7710-11e7-88a1-e8e0b747a45a)

Google Chrome releases reports : 40 security fixes in this release Please reference CVE/URL list for details %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2019 Jacques...

Microsoft Office 2010 Service Pack 2 Remote Code Execution Vulnerability (KB3203468)

This host is missing an important security update according to Microsoft KB3203468 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2016-9972

IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208...

F5 Networks BIG-IP : NTP vulnerabilities (K00329831)

CVE-2015-8139 ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. CVE-2015-8140 The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. C Tenable Network...

Citrix XenServer Multiple Vulnerabilities (CTX220112)

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM vulnerability exists in the NTP component due to an improperly implemented threshold limitation for the '-g' option. A...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0179)

The remote OracleVM system is missing necessary patches to address critical security updates : - net: Fix use after free in the recvmmsg exit path Arnaldo Carvalho de Melo Orabug: 25298601 CVE-2016-7117 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were...

AIX 7.1 TL 4 : pconsole (IV89737)

https://vulners.com/cve/CVE-2016-0266 https://vulners.com/cve/CVE-2016-0266 IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. %NASLMINLEVEL 70300 C...

AIX 6.1 TL 9 : mustendd (IV80569)

https://vulners.com/cve/CVE-2016-0281 IBM AIX Adapter FC5899 / FC1763 with 'jumboframes' disabled could allow a remote attacker to send specially crafted packets that would crash the adapter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was extracted from AIX...

Fedora 23 : kernel-4.4.7-300.fc23 (2016-8e858f96b8)

The 4.4.7 update contains a number of important fixes across the kernel tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Apple iOS < 8.3 Multiple Vulnerabilities

Binary data 8803.prm...

SuSE 11.3 Security Update : KVM (SAT Patch Number 10672)

KVM was updated to fix a buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. CVE-2015-3456 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Apple iOS < 8.1.4 Multiple Vulnerabilities

Binary data 8673.prm...

Fedora 22 : compat-libuv010-0.10.34-1.fc22 (2015-2563)

It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Oracle OpenSSO SAML Multiple Vulnerabilities (January 2015 CPU)

The remote Oracle OpenSSO component in the Oracle Fusion Middleware install is missing a vendor-supplied security update. It is, therefore, affected by multiple unspecified vulnerabilities in the SAML subcomponent. Note that these vulnerabilities are unspecified by Oracle but appear to be...

Jeecg Rapid Development Platform Arbitrary File Upload Vulnerability

JEECG J2EE Code Generation is a code generator based on the free open source rapid development platform . Use JEECG can be simple and rapid development of enterprise-class Web applications . jeecg rapid development platform arbitrary file upload vulnerability , due to Jeecg rapid development...

Amazon Linux AMI : php-ZendFramework (ALAS-2014-460)

The 1 ZendLdap class in Zend before 1.12.9 and 2 Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. CVE-2014-8088 The 1.12.9, 2.2.8, and 2.3.3 releas...

Fedora 21 : xorg-x11-server-1.16.2.901-1.fc21 (2014-16623)

upstream security release. 1.16.2.901 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 21 : java-1.8.0-openjdk-1.8.0.25-0.b18.fc21 (2014-12935)

Updated to security u25. Security bugs are same as for http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-2-5-3-f or-openjdk-7-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted t...

Microsoft Office Word Remote Code Execution Vulnerability (3000434) - Mac OS X

This host is missing an important security update according to Microsoft Bulletin MS14-061. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Amazon Linux AMI : nss-softokn (ALAS-2014-423)

A flaw was found in the way NSS parsed ASN.1 Abstract Syntax Notation One input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. C Tenable Network Security, Inc. The descriptive tex...