339710 matches found
openSUSE Security Update : java-11-openjdk (openSUSE-2019-1916)
This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues : Security issues fixed : - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769:...
Linux Kernel Detection of MDS vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
According to the remote Linux kernel, this system is vulnerable to the following information disclosure vulnerabilities: - MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a dependent load store-to-load forwarding as an optimization. The forward can also happen to a faulti...
CentOS 7 : perl (CESA-2019:0109)
An update for perl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Apache Tomcat 7.0.23 < 7.0.91
The version of Tomcat installed on the remote host is prior to 7.0.91. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.91security-7 advisory. - When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90...
RHEL 7 : kernel (RHSA-2018:1129)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1129 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: An industry-wide issue was found in th...
ONVIF Device Services
Nessus was able to map the enabled ONVIF services on the remote device by sending a GetCapabilities SOAP request. include"compat.inc"; if description scriptid103866; scriptversion"$Revision: 1.2 $"; scriptcvsdate"$Date: 2017/10/31 18:41:24 $"; scriptnameenglish:"ONVIF Device Services";...
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170509)
Security Fixes : - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 - It was found that the...
Microsoft DNS Server Inverse Query Buffer Over-Read
The Microsoft DNS server running on the remote host has inverse query functionality enabled. It is, therefore, affected by a buffer over-read error in the dns.exe!answerIQuery function due to a failure to correctly parse the Resource Record in an inverse query packet. An unauthenticated, remote...
Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)
According to its self-reported version number, remote Cisco TelePresence Conductor device is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment...
Ubuntu 12.04 LTS : linux vulnerabilities (USN-2109-1)
Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw...
MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
The versions of Office SharePoint Server, SharePoint Server, Windows SharePoint Services, SharePoint Foundation, or Office Web Apps installed on the remote host are affected by multiple vulnerabilities : - A denial of service vulnerability exits that could cause the W3WP process to stop respondin...
Fedora 16 : libguestfs-1.14.8-1.fc16 (2011-17372)
Fixes Security: Mitigate possible privilege escalation via SGIO ioctl CVE-2011-4127, RHBZ757071. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
KB5034768: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2024)
The remote Windows host is missing security update 5034768. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361,...
Security Updates for Outlook C2R Elevation of Privilege (March 2023)
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...
Security Updates for Exchange (October 2022)
The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2022-21979,CVE-2022-30134,...
Security Updates for Microsoft Visio Products C2R (September 2022)
The Microsoft Visio Products are missing a security update. It is, therefore, affected by the following vulnerabilities: - Remote code execution vulnerabilities. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-27963, CVE-2022-38010 Note...
Adobe Acrobat < 17.012.30249 / 20.005.30362 / 22.001.20169 Multiple Vulnerabilities (APSB22-32)
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 17.012.30249, 20.005.30362, or 22.001.20169. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat Reader versions 22.001.20142 and earlier, 20.005.30334 and earlier and 17.012.30229 and...
Xen Speculative Side Channel Information Disclosure (XSA-320)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue. Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via loca...
CentOS 8 : nginx:1.14 (CESA-2019:2799)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2799 advisory. - HTTP/2: large amount of data requests leads to denial of service CVE-2019-9511 - HTTP/2: flood using PRIORITY frames results in excessive resource...
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1606)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free i...
RHEL 8 : mysql:8.0 (RHSA-2019:2511)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2511 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...
Amazon Linux 2 : systemd (ALAS-2019-1160)
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate...
F5 Networks BIG-IP : Side-channel processor vulnerabilities (K91229003)
The following three side-channel attacks were publicly disclosed on January 3, 2018 : CVE-2017-5715 Spectre-BTB previously known as Spectre Variant 2 Branch target injection Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosu...
EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1262)
According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the...
EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1234)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function...
KB4343892: Windows 10 August 2018 Security Update (Foreshadow)
The remote Windows host is missing security update 4343892. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an...
EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1196)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the Linux kernel's kernel/events/core.c:perfcputimemaxpercenthandler function. Local privileged users could exploit...
OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0035) (Dirty COW) (Meltdown) (Spectre)
The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0035 for details. C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory OVMSA-2018-0035...
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-002)
The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - ATS - CFNetwork Session - CoreFoundation - CoreTypes - curl - Disk Images - iCloud Drive - Kernel - kext...
KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update
The remote Windows host is missing security update 4038782. It is, therefore, affected by multiple vulnerabilities : - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements...
Synology DiskStation Manager (DSM) Web Administration Interface Default Credentials
The web administration interface for the Synology DiskStation Manager DSM application running on the remote host uses a default blank password for the administrator account. A remote attacker can exploit this to gain administrative access to the web interface. C Tenable Network Security, Inc...
Debian DLA-579-1 : openjdk-7 security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure. For Debian 7 'Wheezy', these problems have been fixed in version 7u111-2.6.7-1deb7u1. We recommend that...
MS16-032: Security Update for Secondary Logon to Address Elevation of Privilege (3143141)
The remote Windows host is affected by an elevation of privilege vulnerability in the Windows Secondary Logon Service due to improper management of request handles in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to elevate privileges, allowing t...
RHEL 7 : kernel (RHSA-2015:2552)
Updated kernel packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...
RHEL 5 : java-1.7.0-openjdk (RHSA-2015:1230) (Bar Mitzvah) (Logjam)
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
RHEL 5 : openssl (RHSA-2014:1053)
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
FreeBSD : OpenSSL -- Remote Information Disclosure (5631ae98-be9e-11e3-b5e3-c80aa9043978)
OpenSSL Reports : A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with...
Amazon Linux AMI : php (ALAS-2013-262)
The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service memory...
GLSA-201309-11 : Subversion: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201309-11 Subversion: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Subversion. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service...
RHEL 6 : thunderbird (RHSA-2012:1211)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2012:1211 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious...
SuSE9 Security Update : Tomcat (YOU Patch Number 12585)
This update of tomcat5/6 fixes : - CVSS v2 Base Score: 5.8. CVE-2009-2693 - CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. CVE-2009-2902 - CVSS v2 Base Score: 4.3 When autoDeploy is...
Debian DSA-1996-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3939 Joseph Malicki reported that the dbglvl sysfs...
Fedora 10 : java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 (2009-11490)
Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Microsoft Windows SMB svcctl MSRPC Interface SCM Service Enumeration
It is possible to anonymously read the event logs of the remote Windows 2000 host by connecting to the \srvsvc pipe and binding to the event log service, OpenEventLog. An attacker may use this flaw to anonymously read the system logs of the remote host. As system logs typically include valuable...
Hydra: SMB
This plugin runs Hydra to find SMB accounts and passwords by brute force, using the smb2 module. To use this plugin, Hydra must be installed in the same machine as your scanner. To configure the a scan policy to use Hydra, go to 'Assessment Brute Force' and check the 'Always enable Hydra slow'...
OpenJDK 8 <= 8u362 / 11.0.0 <= 11.0.18 / 17.0.0 <= 17.0.6 / 20.0.0 <= 20.0.0 Multiple Vulnerabilities (2023-04-18
The version of OpenJDK installed on the remote host is prior to 8 = 8u362 / 11.0.0 = 11.0.18 / 17.0.0 = 17.0.6 / 20.0.0 = 20.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023-04-18 advisory. Please Note: Java CVEs do not always include OpenJDK versions, but are...
Fortra GoAnywhere Managed File Transfer (MFT) < 7.1.2 Pre-Authentication Command Injection (CVE-2023-0669)
According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote web server is 7.1.2. It is, therefore, affected by a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary...
PHP 7.4.x < 7.4.10 Memory Leak Vulnerability
According to its self-reported version number, the version of PHP running on the remote web server is 7.4.x prior to 7.4.10. It is, therefore affected by a memory leak vulnerability in the LDAP component. An unauthenticated, remote attacker could exploit this issue to cause a denial-of-service...
Joomla 3.0.x < 3.9.12 Joomla 3.9.12 Release (5776-joomla-3-9-12)
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.9.12. It is, therefore, affected by a vulnerability. - Inadequate escaping allowed XSS attacks using the logo parameter of the default templates. CVE-2019-16725 Note that Nessus ha...
SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3746-1)
The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-108.81 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-18281: An issue was discovered in the Linux kernel, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscal...