VMSA-2014-0004 : VMware product updates address OpenSSL security vulnerabilities

a. Information Disclosure vulnerability in OpenSSL third-party library The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issues. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issue...

Juniper Junos XNM Command Remote DoS (JSA10607)

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability related to the XNM command processor. A remote attacker can exploit this to cause a denial of service by sending a specially crafted XNM command. Note that this issue on...

SSL Null Cipher Suites Supported

The remote host supports the use of SSL ciphers that offer no encryption at all. Note: This is considerably easier to exploit if the attacker is on the same physical network. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66848; scriptversion"1.4";...

Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : samba vulnerability (USN-1423-1)

Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls RPC over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user. CVE-2012-1182. Note that Tenable Network Security has extracted the...

MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution (958644) (ECLIPSEDWING)

The remote Windows host is affected by a remote code execution vulnerability in the 'Server' service due to improper handling of RPC requests. An unauthenticated, remote attacker can exploit this, via a specially crafted RPC request, to execute arbitrary code with 'System' privileges. ECLIPSEDWIN...

SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2022:2321-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2321-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so...

Tenable Log Correlation Engine (LCE) < 6.0.9 (TNS-2021-10)

The version of Tenable Log Correlation Engine LCE installed on the remote host is prior to 6.0.9. It is, therefore, affected by multiple vulnerabilities: - Multiple denial of service vulnerabilities in the included OpenSSL component. CVE-2019-1551, CVE-2020-1967, CVE-2020-1971, CVE-2021-3449,...

MariaDB 10.4.0 < 10.4.19 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.4.19. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.4.19 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.3...

Oracle Reports Servlet Parsequery Function Remote Database Credentials Exposure

Nessus was able to exploit a flaw in the Oracle Reports servlet parsequery function, and was able to retrieve the plaintext database credentials for one or more users. A remote attacker can exploit this vulnerability to gain unauthorized database access. %NASLMINLEVEL 70300 C Tenable Network...

Atlassian JIRA ConfigureReport.jspa 'reportKey' Information Disclosure

The Atlassian JIRA installation hosted on the remote web server is affected by an information disclosure vulnerability, which an unauthenticated attacker can exploit, by setting the 'reportKey' parameter in ConfigureReport.jspa to an invalid value, to gain access to sensitive information, such as...

Oracle HTTP Server (April 2024 CPU)

The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Plugins BSAFE Crypto-J. Supported versions that are affected are...

OpenSSL 1.0.2 < 1.0.2zj Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2zj. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2zj advisory. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service...

WordPress 5.4.x < 5.4.13 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

SUSE SLES12 Security Update : kernel (Live Patch 23 for SLE 12 SP4) (SUSE-SU-2022:3342-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3342-1 advisory. - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the...

Amazon Linux AMI : kernel (ALAS-2021-1503)

The version of kernel installed on the remote host is prior to 4.14.232-123.381. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1503 advisory. kernel: refcount leak in llcpsockbind CVE-2020-25670 kernel: refcount leak in llcpsockconnect CVE-2020-25671 kernel...

ESXi 5.5 < Build 2352327 Multiple Vulnerabilities (remote check) (POODLE)

The remote VMware ESXi host is version 5.5 prior to build 2352327. It is, therefore, affected by the following vulnerabilities : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks...

Solaris 10 (sparc) : 126546-10 (deprecated)

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Bash. The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful...

Zyxel Command Injection (CVE-2023-28771) (Direct Check)

Binary data zyxelCVE-2023-28771direct.nbin...

Amazon Linux 2 : openssl11 (ALAS-2022-1815)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1815 advisory. The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by...

Oracle Linux 7 : qemu (ELSA-2021-9425)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9425 advisory. - pvrdma: Fix the ring init error flow CVE-2021-3608 Marcel Apfelbaum Orabug: 33120142 CVE-2021-3608 - pvrdma: Ensure correct input on ring init...

Security Update for Forefront Endpoint Protection (June 2021)

The Malware Protection Engine version of Forefront Endpoint Protection installed on the remote Windows host is equal or prior to 1.1.17800.5. It is, therefore, affected by multiple vulnerabilities. - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and...

Scientific Linux Security Update : thunderbird on SL7.x i686/x86_64 (2020:5235)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:5235-1 advisory. - Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code CVE-2020-26951 - Mozilla: Memory safety bugs...

McAfee VirusScan Enterprise < 8.8 Patch 15 Multiple Vulnerabilities (SB10302)

The version of McAfee VirusScan Enterprise VSE installed on the remote Windows host is prior to 8.8 Patch 15. It is, therefore, affected by multiple vulnerabilites: - Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 14...

Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)

New kernel packages are available for Slackware 14.2 to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-226-01. The text itself is copyright C Slackware Linux, Inc. include'compat.inc...

Drupal 7.x < 7.56 / 8.x < 8.3.4 Multiple Vulnerabilities (SA-CORE-2017-003)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.56 or 8.x prior to 8.3.4. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the PECL YAML parser due to unsafe handling of PHP objects during certain...

openSUSE Security Update : apache2 (openSUSE-2017-417)

This update for apache2 provides the following fixes : Security issues fixed : - CVE-2016-0736: Protect modsessioncrypto data with a MAC to prevent padding oracle attacks bsc1016712. - CVE-2016-2161: Malicious input to modauthdigest could have caused the server to crash, resulting in DoS...

RealVNC VNC Viewer < 4.1.3/4.4.3 Arbitrary Command Execution

The version of RealVNC's VNC Viewer installed on the remote Windows host is affected by multiple issues : - An error in the 'CMsgReader::readRect' function in 'common/rfb/CMsgReader.cxx' that comes into play when processing encoding types, may allow arbitrary code execution on the remote system. ...

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2022-2075)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev-buf release. CVE-2022-24958 - A flaw was foun...

Amazon Linux 2 : nspr, nss-softokn, nss-util, nss (ALAS-2020-1559)

The version of nspr installed on the remote host is prior to 4.25.0-2. The version of nss installed on the remote host is prior to 3.53.1-3. The version of nss-softokn installed on the remote host is prior to 3.53.1-6. The version of nss- util installed on the remote host is prior to 3.53.1-1. It...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 (RHSA-2019:4020)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:4020 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

PHP 5.6.x < 5.6.26 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.26. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in ext/standard/varunserializer.re when destroying deserialized objects due to improper validation of user-supplied input...

rsh Unauthenticated Access (via finger Information)

Using common usernames as well as the usernames reported by 'finger', Nessus was able to log in through rsh. Either the accounts are not protected by passwords or the /.rhosts files are not configured properly. This vulnerability is confirmed to exist in Cisco Prime LAN Management Solution, but...

Oracle MySQL Server (Jul 2022 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 5.7.38 and...

Apache Log4j < 2.15.0 Remote Code Execution (Windows)

The version of Apache Log4j on the remote host is 2.x 2.15.0. It is, therefore, affected by a remote code execution vulnerability in the JNDI parser due to improper log validation. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Log4j...

Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391) (remote check)

The Intel Management Engine on the remote host has Active Management Technology AMT enabled, and, according to its self-reported, is a version containing multiple vulnerabilities, including the following: - Out-of-bounds write in IPv6 subsystem for IntelR AMT, IntelR ISM versions before 11.8.80,...

Citrix XenServer Information Disclosure Vulnerability (CTX235225)

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by an information disclosure vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid110779; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/04";...

KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update

The remote Windows host is missing security update 4103721. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability...

Security Update for Microsoft Office Online Server and Office Web Apps (October 2017)

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

OpenSSL 1.0.2 < 1.0.2c Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2c. It is, therefore, affected by a vulnerability as referenced in the 1.0.2c advisory. - The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a deni...

PHP 5.4.x < 5.4.42 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.42. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression PCRE library due to improper validatio...

Ubuntu 14.10 : linux vulnerabilities (USN-2590-1)

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service host crash. CVE-2015-2150 A stack overflow was discovered in the the microcode loader for...

Samba 3.0.0 'SamrChangePassword' RCE

The version of Samba running on the remote host is affected by a remote code execution vulnerability due to improper validation of user-supplied input when passing RPC messages from external scripts to a shell. A remote, authenticated attacker can exploit this via the use of shell metacharacters...

Debian DSA-2928-1 : linux-2.6 - privilege escalation/denial of service/information leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-0196 Jiri Slaby discovered a race condition in the pty...

McAfee Web Gateway User Interface Default Credentials

The remote McAfee Web Gateway user interface uses a known set of default credentials. Knowing these, an attacker with access to service can gain administrative access to the device. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

PCI DSS Compliance : Insecure Communication Has Been Detected

Applications that fail to adequately encrypt network traffic using strong cryptography are at increased risk of being compromised and exposing cardholder data. An attacker who is able to exploit weak cryptographic processes can gain control of an application or even gain cleartext access to...

Default Password (password) for 'admin' Account

The account 'admin' on the remote host has the password 'password'. An attacker may leverage this issue to gain access, likely as an administrator, to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "admin"; password = "password";...

ping.asp CGI Arbitrary Command Execution

The 'ping.asp' CGI is installed. Some versions allow an attacker to launch a ping flood against the targeted machine or another by entering '127.0.0.1 -l 65000 -t' in the Address field. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Er...

Oracle Linux 8 : kvm_utils3 (ELSA-2023-12855)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12855 advisory. - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' Peter Krempa Orabug: 35644221 CVE-2023-3750 - virpci: Resolve leak in...

Amazon Linux 2 : kernel (ALAS-2021-1712)

The version of kernel installed on the remote host is prior to 4.14.248-189.473. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1712 advisory. A flaw was found in the Linux kernel. A race condition was discovered in the ext4 subsystem. The highest threat from this...

KB4471322: Windows 8.1 and Windows Server 2012 R2 December 2018 Security Update

The remote Windows host is missing security update 4471322 or cumulative update 4471320. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific...