CBL Mariner 2.0 Security Update: kernel (CVE-2024-44985)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44985 advisory. - In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6xmit If...

AlmaLinux 9 : ruby:3.1 (ALSA-2024:3668)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3668 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-base (SUSE-SU-2024:1893-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1893-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata bsc1224806 Tenable ha...

RHEL 5 : transfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - An array index error ...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K000139764)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2.2 / 17.5.0. It is, therefore, affected by a vulnerability as referenced in the K000139764 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators t...

RHEL 6 : nodejs-handlebars (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true opti...

RHEL 5 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spamassassin: command injection via crafted configuration file CVE-2020-1931 - A denial of service...

Fedora 38 : webkitgtk (2024-f1ae7b7ac5)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f1ae7b7ac5 advisory. Upgrade to 2.44.0: Make the DOM accessibility tree reachable from UI process with GTK4. Removed the X11 and WPE renderers in favor of DMA-BUF...

Fedora 38 : chromium (2024-01f4c93547)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-01f4c93547 advisory. Update to 123.0.6312.58 High CVE-2024-2625: Object lifecycle issue in V8 Medium CVE-2024-2626: Out of bounds read in Swiftshader Medium CVE-2024-262...

CentOS 9 : libxml2-2.9.12-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libxml2-2.9.12-4.el9 build changelog. - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVE-2019-20388 - GNOME project libxml2...

SUSE SLES15 / openSUSE 15 Security Update : dpdk (SUSE-SU-2024:0529-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0529-1 advisory. - A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service...

Debian dla-3727 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3727 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3727-1 [email protected]...

Zyxel USG / ATP < 5.37 Buffer Overflow

Firmware version of the Zyxel USG or ATP device is less than 5.37. This means the Zyxel device is vulnerable to the following buffer overflow vulnerability: - A buffer overflow vulnerability could allow an authenticated local attacker with administrator privileges to cause denial-of-service DoS...

Rocky Linux 8 : nodejs:14 (RLSA-2021:0744)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0744 advisory. - Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an...

Rocky Linux 8 : cyrus-sasl (RLSA-2020:4497)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:4497 advisory. - cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of- service in OpenLDAP via a malformed LDAP packet. The...

F5 Networks BIG-IP : IPsec IKEv1 vulnerability (K42378447)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K42378447 advisory. - The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair...

Security Update for Microsoft .NET 7 Core (October 2023)

The version of Microsoft .NET 7 Core installed on the remote host is prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023Oct10 advisory. - A vulnerability exists in the ASP.NET Core Kestrel web server where a malicious client may flood the server with...

openSUSE 15 Security Update : opera (openSUSE-SU-2023:0297-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0297-1 advisory. - Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2023-273-02)

The version of mozilla-thunderbird installed on the remote host is prior to 115.3.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-273-02 advisory. - Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2023-004)

The version of postgresql installed on the remote host is prior to 13.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL13-2023-004 advisory. IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or...