Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5569)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5569 advisory. - mwifiex: fix unbalanced locking in mwifiexprocesscountryie Brian Norris Orabug: 30781858 CVE-2019-14895 - mwifiex: fix possible heap overflow in...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerability and regression (USN-4185-3)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4185-3 advisory. USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 i915 missing Blitter Command Streamer...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1316)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 bsc1119105 CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20170815)

Security Fixes : - It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause htt...

RHEL 6 : firefox (RHSA-2017:1104)

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Cisco IOS XE IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN)

According to its self-reported version and configuration, the Cisco IOS XE software running on the remote device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 IKEv1 subsystem due to improper handling of IKEv1 security...

SUSE SLES12 Security Update : kernel (SUSE-SU-2016:1999-1)

This update for the Linux Kernel 3.12.60-5249 fixes several issues. The following security bugs were fixed : - CVE-2016-4470: The keyrejectandlink function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a...

Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3017-2)

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

Cisco IOS XR GNU C Library (glibc) Buffer Overflow (GHOST)

The remote Cisco device is running a version of Cisco IOS XR software that is potentially affected by a heap-based buffer overflow vulnerability in the GNU C Library glibc due to improperly validated user-supplied input to the nsshostnamedigitsdots, gethostbyname, and gethostbyname2 functions. Th...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3086)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3086 advisory. - USB: whiteheat: Added bounds checking for bulk command response James Forshaw Orabug: 19849336 CVE-2014-3185 - HID: fix a couple of off-by-ones...

RHEL 6 : kernel-rt (RHSA-2013:0566)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0566 advisory. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A...

Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0325)

From Red Hat Security Advisory 2009:0325 : Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser...

RHEL 5 : kernel (RHSA-2010:0839)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0839 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A NUL...

KB5041578: Windows 10 version 1809 / Windows Server 2019 Security Update (August 2024)

The remote Windows host is missing security update 5041578. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...

CentOS 7 : kernel (RHSA-2023:0399)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0399 advisory. - LFENCE/JMP mitigation V2-2 may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. CVE-2021-26401 - A flaw was found in the Linux kernel's driv...

AlmaLinux 8 : httpd:2.4 (ALSA-2022:7647)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7647 advisory. httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core: Possible...

Ubuntu 16.04 ESM : OpenJDK 8 vulnerabilities (USN-5546-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5546-2 advisory. USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding...

SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2022:1270-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1270-1 advisory. The SUSE Linux Enterprise 12 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1016: Fixed a vulnerability...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0764-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0764-1 advisory. - Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially...

RHEL 8 : kernel (RHSA-2022:0820)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0820 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later...

CentOS 8 : binutils (CESA-2021:4595)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4595 advisory. - Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 Note that Nessus has not tested for thi...

Debian DLA-1599-1 : qemu security update

Several vulnerabilities were found in QEMU, a fast processor emulator : CVE-2016-2391 Zuozhi Fzz discovered that eoftimes in USB OHCI emulation support could be used to cause a denial of service, via a NULL pointer dereference. CVE-2016-2392 / CVE-2016-2538 Qinghao Tang found a NULL pointer...

Oracle Linux 6 : qemu-kvm (ELSA-2018-1660)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1660 advisory. - qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch bz1574067 Tenable has extracted the preceding description block directly from the Oracle...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20180306)

Security Fixes : - Kernel: KVM: MMU potential stack buffer overrun during page walks CVE-2017-12188, Important - Kernel: KVM: debug exception via syscall emulation CVE-2017-7518, Moderate C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if...

ESXi 6.0 < Build 5485776 Multiple Vulnerabilities (VMSA-2017-0015) (remote check)

The version of the remote VMware ESXi 6.0 host is prior to build 5224529. It is, therefore, affected by multiple vulnerabilities in VMWare Tools and the bundled OpenSSL and Python packages, as well as a NULL pointer dereference vulnerability related to handling RPC requests that could allow an...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox regression (USN-3260-2)

USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Multiple security issues were discovered in Firefox. If a user were tricked in to...

Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170412)

Security Fixes : - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By...

Amazon Linux AMI : tomcat6 (ALAS-2017-810)

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

F5 Networks BIG-IP : Oracle Java SE vulnerability (K73112451)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. CVE-2016-3427 C Tenable Network Security, Inc. The descriptive text and package...

Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the getclientmasterkey function within file s2srvr.c, due ...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-723)

Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-3606 , CVE-2016-3587 , CVE-2016-3598 , CVE-2016-3610 Multiple denial of service flaws were foun...

Debian DSA-3433-1 : samba - security update

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-3223 Thilo Uttendorfer of Linux Information Systems AG discovered that a malicious request can...

RHEL 7 : file (RHSA-2015:2155)

Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3064)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-3064 advisory. - KVM: x86: SYSENTER emulation is broken Nadav Amit Orabug: 21502729 CVE-2015-0239 CVE-2015-0239 - fs: take imutex during preparebinprm for setugid...

OracleVM 2.2 : openssl (OVMSA-2014-0040) (POODLE)

The remote OracleVM system is missing necessary patches to address critical security updates : - add support for fallback SCSV to partially mitigate CVE-2014-3566 padding attack on SSL3 - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet...

HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)

The RPM installation of HP Version Control Agent VCA on the remote Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions...

Oracle Linux 5 : libxml / and / libxml2 (ELSA-2009-1206)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1206 advisory. - Fix a couple of crash CVE-2009-2414 and CVE-2009-2416 Tenable has extracted the preceding description block directly from the Oracle Linux security...

X Server Unauthenticated Access: Screenshot

Binary data xserverscreenshot.nbin...

Ubuntu 8.04 LTS : linux vulnerabilities (USN-1291-1)

A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. CVE-2011-4077 A flaw was found in the Journaling Block Device JBD. A local attacker able to mount ext3 or ext4 file...

openSUSE 10 Security Update : tomcat55 (tomcat55-6369)

This update of tomcat fixes several vulnerabilities : - CVE-2008-5515: RequestDispatcher usage can lead to information leakage - CVE-2009-0033: denial of service via AJP connection - CVE-2009-0580: some authentication classes allow user enumeration - CVE-2009-0781: XSS bug in example application...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5329)

Various MozillaThunderbird fixes were backported to the 10.2 version 1.5.0.x. + MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with evidence of memory corruption rv:1.8.1.13 + MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235: JavaScript privilege escalation and arbitrary code...

Default Password (informix) for 'informix' Account

The password for the account 'informix' on the remote host is 'informix'. An attacker may leverage this issue to gain access to the affected system and launch further attacks against it. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "informix"; password = "informix";...

Hydra: MySQL

This plugin runs Hydra to find MySQL accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

BSD Based telnetd telrcv Function Remote Command Execution

The Telnet server does not return an expected number of replies when it receives a long sequence of 'Are You There' commands. This probably means it overflows one of its internal buffers and crashes. This could likely lead to arbitrary code execution. Test TESO in.telnetd buffer overflow Copyrigh...

Oracle Database Server (January 2024 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easi...

SUSE SLES12: kernel-default / kernel-default-base / kernel-default-devel / etc (SUSE-SU-2022:2721-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2721-1 advisory. The SUSE Linux Enterprise 12 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-36946:...

Oracle Linux 8 : microcode_ctl (ELSA-2022-9508)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-9508 advisory. 4:20220207-1.0.4 - ensure UEK also rebuilds initramfs Orabug: 34280058 Tenable has extracted the preceding description block directly from the Oracle...

EulerOS 2.0 SP3 : expat (EulerOS-SA-2022-1716)

According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9037)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9037 advisory. - netfilter: add and use nfhookslowlist Florian Westphal Orabug: 32372530 CVE-2021-20177 - target: fix XCOPY NAA identifier lookup David Disseldorp...