337660 matches found
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2022:1955-1)
The remote SUSE Linux SLES12 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1955-1 advisory. - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM...
NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0040)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities: - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocatetracebuffer in the file...
openSUSE 15 Security Update : rpm (openSUSE-SU-2021:2682-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2682-1 advisory. - A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds...
KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017 (CVE-2017-8529) (deprecated)
This plugin was depredated as it was referencing a CVE which wasn't properly fixed until September 2017. The replacement plugin addresses all Windows 10 / Server 2016 registry requirements for CVE-2017-8 deprecais plugin was depredated as it was referencing a CVE which wasn't properly fixed until...
LibreOffice < 6.2.5 Multiple Vulnerabilities (Windows)
The version of LibreOffice installed on the remote Windows host is prior to 6.2.5. It is, therefore, affected by multiple vulnerabilities : - An arbitrary script execution vulnerability exists due to a flaw allowing event-based execution of python scripts within a document. Note, LibreLogo must b...
Photon OS 1.0: Linux PHSA-2018-1.0-0132
An update of the linux package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0132. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121837...
Oracle Java SE Multiple Vulnerabilities (July 2018 CPU) (Unix)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 10 Update 2, 8 Update 181, 7 Update 191, or 6 Update 201. It is, therefore, affected by multiple vulnerabilities related to the following components : - Concurrency. A difficult to exploit...
Amazon Linux 2 : kernel (ALAS-2018-1023)
A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. CVE-2018-1108 A flaw was found in the way the Linux kernel handled exceptions delivered after a stac...
RHEL 6 / 7 : JBoss EAP (RHSA-2017:1658)
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
Tenable SecurityCenter PHP < 5.6.30 Multiple Vulnerabilities (TNS-2017-04)
The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - A seg fault when loading hostile phar could be used to crash the PHP interpreter or potentially disclose...
AIX 7.1 TL 4 : ntp (IV87420) (deprecated)
NTPv3 and NTPv4 are vulnerable to : https://vulners.com/cve/CVE-2015-7974 NTP could allow a remote authenticated attacker to conduct spoofing attacks, caused by a missing key check. An attacker could exploit this vulnerability to impersonate a peer. NTP could allow a local attacker to bypass...
Samba 4.x < 4.2.14 / 4.3.x < 4.3.11 / 4.4.x < 4.4.5 SMB2/3 Client Connection Required Signing Downgrade
The version of Samba running on the remote host is 4.x prior to 4.2.14, 4.3.x prior to 4.3.11, or 4.4.x prior to 4.4.5. It is, therefore, affected by a flaw in libcli/smb/smbXclibase.c that is triggered when handling SMB2 and SMB3 client connections. A man-in-the-middle attacker can exploit this,...
SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:1300-1)
This IBM Java 1.7.1 SR3 FP40 relese fixes the following issues : Security issues fixed : - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM bsc977648 - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix bsc977650 - CVE-2016-0376: insecure...
RHEL 7 : glibc (RHSA-2016:0176)
Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
OpenVPN 2.3.x Heartbeat Information Disclosure (Heartbleed)
According to its self-reported version number, the version of OpenVPN installed on the remote host is affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat extensions that could allow an attacker to...
Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:183)
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java...
SeaMonkey 2.x < 2.10 Multiple Vulnerabilities
Binary data 6496.prm...
SuSE 11.1 Security Update : icu (SAT Patch Number 5653)
The following bugs have been fixed : - Specially crafted strings could cause a buffer overflow in icu. CVE-2011-4599 - An integer overflow in the getSymbol function could crash applications using icu CVE-2010-4409 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...
HP Power Manager Default Credentials
The remote host is running HP Power Manager, a web-based user definable UPS management and monitoring utility. The installed version has a default password 'admin' set. An attacker may connect to it to reconfigure the application and control remote UPSs. %NASLMINLEVEL 70300 C Tenable Network...
Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse)
An information disclosure vulnerability exists in Windows Snip & Sketch Windows 10 and Snipping Tool Windows 11 where parts of a cropped image that were to be removed are not completely deleted and can be restored if saved to the cropped image file. Note that Nessus has not tested for this issue...
KB5025228: Windows 10 Version 1607 and Windows Server 2016 Security Update (April 2023)
The remote Windows host is missing security update 5025228. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2023-28275 - Windows Pragmatic General Multicast PGM Remote Code Execution Vulnerability...
Apache 2.4.49 < 2.4.51 Path Traversal
According to its banner, the version of Apache running on the remote host is 2.4.49 or 2.4.50. It is, therefore, affected by a path traversal vulnerability. The fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files...
openSUSE Security Update : java-11-openjdk (openSUSE-2020-1994)
"This update for java-11-openjdk fixes the following issues : - Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 - New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling ...
NewStart CGSL MAIN 4.05 : openssl Vulnerability (NS-SA-2020-0019)
The remote NewStart CGSL host, running version MAIN 4.05, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond...
RHEL 7 : kernel-alt (RHSA-2018:0654)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0654 advisory. The kernel-alt packages provide the Linux kernel version 4.x. The following packages have been upgraded to a later upstream version:...
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0416-1) (Spectre)
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of...
Oracle Java SE 7 < Update 77 Multiple Vulnerabilities
Binary data 8749.prm...
Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)
The remote Mac OS X host has a version of OS X Server installed that is prior to version 4.0. It is, therefore, affected by the following vulnerabilities : - There are multiple vulnerabilities within the included BIND, the most serious of which can lead to a denial of service. CVE-2013-3919,...
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2385-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2385-1 advisory. It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause...
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140115)
An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. CVE-2010-3176, CVE-2010-3180 A flaw was found in the way the Gophe...
Wireless Access Point Detection
Nessus has determined that the remote host is a wireless access point AP. Ensure that proper physical and logical controls are in place for its use. A misconfigured access point may allow an attacker to gain access to an internal network without being physically present on the premises. If the...
Apache mod_info /server-info Information Disclosure
A remote unauthenticated attacker can obtain an overview of the remote Apache web server's configuration by requesting the URL '/server-info'. This overview includes information such as installed modules, their configuration, and assorted run-time settings. C Tenable Network Security, Inc...
WordPress 5.4.x < 5.4.16 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...
KB5031354: Windows 11 version 22H2 Security Update (October 2023)
The remote Windows host is missing security update 5031354. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...
CentOS 8 : mariadb:10.5 (CESA-2022:1557)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:1557 advisory. - mysql: Server: DML unspecified vulnerability CPU Apr 2021 CVE-2021-2154, CVE-2021-2166 - mysql: InnoDB unspecified vulnerability CPU Jul 2021...
PHP 7.4.x < 7.4.24 Arbitrary File Write
The version of PHP installed on the remote host is 7.4.x prior to 7.4.25. It is, therefore, affected by a vulnerability as referenced in the version 7.4.24 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...
KB4556843: Windows 7 and Windows Server 2008 R2 May 2020 Security Update
The remote Windows host is missing security update 4556843 or cumulative update 4556836. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited thi...
KB4550971: Windows Server 2012 April 2020 Security Update
The remote Windows host is missing security update 4550971 or cumulative update 4550917. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully...
NewStart CGSL CORE 5.05 / MAIN 5.05 : python-requests Vulnerability (NS-SA-2019-0230)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-requests packages installed that are affected by a vulnerability: - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirec...
NewStart CGSL MAIN 4.06 : openssl Vulnerability (NS-SA-2019-0176)
The remote NewStart CGSL host, running version MAIN 4.06, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond...
Wind River VxWorks Multiple Vulnerabilities (URGENT/11)
According to its self-reported version, the remote device is potentially affected by multiple Wind River VxWorks remote code execution and denial-of-service vulnerabilities in the IPnet TCP/IP stack. An unauthenticated, remote, attacker could leverage these vulnerabilities to gain full access to...
OpenSSL 1.1.1 < 1.1.1c Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.1.1c. It is, therefore, affected by a vulnerability as referenced in the 1.1.1c advisory. - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce...
KB4093110: Security update for Adobe Flash Player (April 2018)
The remote Windows host is missing security update KB4093110. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108962; scriptversion"1.8";...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3265-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3265-1 advisory. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause...
RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock)
An updated rhev-hypervisor6 package that fixes several security issues is now available. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...
Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1324-1)
Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. CVE-2011-2203 A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. CVE-2011-4110. Note that...
HP Power Manager < 4.2.10
The installed version of HP Power Manager is less than 4.2.10, and as such has the following vulnerabilities : - Adequate bounds checking is not performed on the 'Login' parameter of the login page, which could lead to a buffer overflow. A remote, unauthenticated attacker could exploit this to...
SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1542)
The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : - The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute...
KB5036909: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (April 2024)
The remote Windows host is missing security update 5036909. It is, therefore, affected by multiple vulnerabilities - SmartScreen Prompt Security Feature Bypass Vulnerability CVE-2024-29988 - Secure Boot Security Feature Bypass Vulnerability CVE-2024-20669, CVE-2024-26168, CVE-2024-26171,...