Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / current : openssl (SSA:2009-320-01)

New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2009-320-01. The text...

Mandriva Linux Security Advisory : python (MDVSA-2008:163)

Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows CVE-2008-1679. This was due to an incomplete fix for...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5680)

This patch backports security fixes found in MozillaThunderbird 2.0.0.17 back to the 1.5 Thunderbird used in openSUSE 10.2. MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5644)

This update brings MozillaFirefox to version 2.0.0.17 to fix bugs and security issues : - XBM image uninitialized memory reading. MFSA 2008-45 / CVE-2008-4069 - resource: traversal vulnerabilities. MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068 - BOM characters stripped from JavaScript before...

Debian DSA-1617-1 : refpolicy - incompatible policy

In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447 . The fix, while correct, was incompatibl...

FreeBSD : php -- multiple vulnerabilities (71d903fc-602d-11dc-898c-001921ab2fa4)

The PHP development team reports : Security Enhancements and Fixes in PHP 5.2.4 : - Fixed a floating point exception inside wordwrap Reported by Mattias Bengtsson - Fixed several integer overflows inside the GD extension Reported by Mattias Bengtsson - Fixed size calculation in chunksplit Reporte...

MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (uncredentialed check)

The remote host is vulnerable to heap overflow in the 'Server' service that may allow an attacker to execute arbitrary code on the remote host with 'SYSTEM' privileges. In addition to this, the remote host is also affected by an information disclosure vulnerability in SMB that may allow an attack...

Sophos Anti-Virus Detection and Status

Sophos Anti-Virus, a commercial antivirus software package for Windows, is installed on the remote host. However, there is a problem with the installation; either its services are not running or its engine and/or virus definitions are out of date. C Tenable Network Security, Inc...

Security Updates for Microsoft SQL Server ODBC Driver (June 2023)

The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for...

SUSE SLES15 Security Update : libcontainers-common (SUSE-SU-2022:3312-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3312-1 advisory. libcontainers-common was updated: - common component was updated to 0.44.0. - storage component was updated to 1.36.0. - image...

KB5012592: Windows 11 Security Update (April 2022)

The remote Windows host is missing security update 5012592. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. CVE-2022-26831 CVE-2022-26915,...

AlmaLinux 8 : binutils (ALSA-2021:4595)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4595 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

Mozilla Firefox ESR < 91.5

The version of Firefox ESR installed on the remote Windows host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-02 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith,...

Apache Log4j Installed (Linux / Unix)

Binary data apachelog4jnixinstalled.nbin...

Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)

Binary data apachelog4jjdnildapgeneric.nbin...

KB5006729: Windows 8.1 and Windows Server 2012 R2 Security Update (October 2021)

The remote Windows host is missing security update 5006729. It is, therefore, affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Microsoft Security Updates API. The text itself i...

Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4894-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4894-1 advisory. A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a maliciou...

RHEL 6 : microcode_ctl (RHSA-2020:2707)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2707 advisory. Security Fixes: hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543 hw: L1D Cache Eviction Sampling CVE-2020-0549 hw: Vector...

Oracle WebLogic Server RCE (CVE-2020-14882)

Binary data oracleweblogicserverCVE-2020-14882.nbin...

CentOS 7 : libxml2 (RHSA-2020:1190)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1190 advisory. - The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a...

Oracle Linux 6 : kernel (ELSA-2019-3836)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3836 advisory. - documentation Documentation: Add ITLBMULTIHIT documentation Paolo Bonzini 1692385 CVE-2018-12207 - kvm KVM: introduce nohugepages module parameter...

Fedora 30 : kernel / kernel-headers / kernel-tools (2019-7aecfe1c4b)

The 5.2.5 stable kernel update contains a number of important fixes across the tree. This should also fix the black screen issue that several i915 users were hitting with 5.2.4. ---- The 5.2.4 kernel rebase contains new features and hardware support, and a number of important fixes across the tre...

FreeBSD : curl -- multiple vulnerabilities (dd343a2b-7ee7-11e9-a290-8ddc52868fa9)

curl security problems : CVE-2019-5435: Integer overflows in curlurlset libcurl contains two integer overflows in the curlurlset function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32 bit architectures and require...

EulerOS Virtualization 3.0.1.0 : libxml2 (EulerOS-SA-2019-1559)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs...

Amazon Linux AMI : kernel (ALAS-2019-1205) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12126 - Microarchitectural Fill Buffer Data Sampling MFBDS CVE-2018-12130 - Microarchitectural Load Port Data Sampling MLPDS CVE-2018-12127 - Microarchitectural Data Sampling Uncacheable Memory MDSUM CVE-2019-11091 MSBDS leaks Store...

openSUSE Security Update : ImageMagick (openSUSE-2019-758)

This update for ImageMagick fixes the following security issues : - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS bsc1106989 - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS bsc1106858. -...

Fedora 29 : kernel / kernel-headers / kernel-tools (2019-b0f7a7b74b)

The v4.19.14 stable update contains important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

KB4467106: Windows 7 and Windows Server 2008 R2 November 2018 Security Update

The remote Windows host is missing security update 4467106 or cumulative update 4467107. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability...

Debian DLA-954-1 : openjdk-7 security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of service, newline injection in SMTP or use of insecure cryptography. For Debian 7 'Wheezy', these problems have been fixed in version...

RHEL 7 : kernel (RHSA-2017:1125)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1125 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A race condition flaw was found in the NHLDC...

PHP 5.6.x < 5.6.25 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.25. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the objectcommon2 function in varunserializer.c that occurs when handling objects during deserialization...

Amazon Linux AMI : kernel (ALAS-2016-703)

The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service guest OS crash by attempting to access a hugetlbfs mapped area. CVE-2016-3961 / XSA-174 A flaw was found in the way the Linux kernel's ASN.1 DER decod...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2688-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2688-1 advisory. Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs non-maskable interrupts. An unprivileged local user could exploit this fl...

AIX 7.1 TL 3 : nettcp (IV73975) (POODLE)

A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 2...

Scientific Linux Security Update : samba on SL7.x x86_64 (20150223)

An uninitialized pointer use flaw was found in the Samba daemon smbd. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd by default, the root user...

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(5187) (POODLE)

The remote host has a version of Cisco AnyConnect prior to 3.15187. It is, therefore, affected by an information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block...

Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3043)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3043 advisory. - fix autofs/afs/etc. magic mountpoint breakage Al Viro Orabug: 19028505 CVE-2014-0203 - SELinux: Fix kernel BUG on empty security contexts. Stephe...

CentOS 5 : java-1.7.0-openjdk (CESA-2014:0027)

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

RHEL 6 : libjpeg-turbo (RHSA-2013:1803)

Updated libjpeg-turbo packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

ProFTPD TELNET IAC Escape Sequence Remote Buffer Overflow

The remote ProFTP daemon is susceptible to an overflow condition. The TELNETIAC escape sequence handling fails to properly sanitize user- supplied input resulting in a stack overflow. With a specially crafted request, an unauthenticated, remote attacker could potentially execute arbitrary code. C...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-167)

An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. CVE-2013-0809 It was...

MS KB2862973: Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program

The remote host is missing Microsoft KB2862973, an update that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. This update increases the difficulty of some spoofing, phishing, and...

Firefox < 15.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 15.0 and thus, is potentially affected by the following security issues : - An error exists related to 'Object.defineProperty' and the location object that could allow cross-site scripting attacks. CVE-2012-1956 - Unspecified memory safety issues...

Fedora 14 : ecryptfs-utils-90-1.fc14 (2011-10718)

privilege escalation via mountpoint race conditions CVE-2011-1831, CVE-2011-1832 - race condition when checking source during mount CVE-2011-1833 - mtab corruption via improper handling CVE-2011-1834 - key poisoning via insecure temp directory handling CVE-2011-1835 - information disclosure via...

RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2011:0938)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0938 advisory. - Oracle/IBM JDK: unspecified vulnerabilities fixed in 6u26 Sound CVE-2011-0802, CVE-2011-0814 - OpenJDK: integer overflows in...

Mandriva Linux Security Advisory : firefox (MDVSA-2011:041)

Cross-site request forgery CSRF vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a...

SuSE 11.1 Security Update : Mozilla XULrunner (SAT Patch Number 3694)

Mozilla XULRunner 1.9.1 was updated to update 1.9.1.16 fixing several security issues. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...

SuSE 11 / 11.1 Security Update : libpng (SAT Patch Numbers 3045 / 3046)

Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. CVE-2010-1205 / CVE-2010-2249 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuS...

Firefox 3.6 < 3.6.12 Buffer Overflow

The installed version of Firefox 3.6 is earlier than 3.6.12. Such versions are potentially affected by a heap-based buffer overflow vulnerability. The combination of DOM insertions and the handling of the JavaScript function 'document.write' exposes an error that can lead to a heap-based buffer...

openSUSE Security Update : firefox35upgrade (firefox35upgrade-2262)

This patch updates Mozilla Firefox from the 3.0 stable branch to the 3.5.9 release. It includes also following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes...