337660 matches found
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5443-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5443-2 advisory. Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations...
RHEL 7 : java-1.8.0-openjdk (RHSA-2022:1487)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1487 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...
KB5010351: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2022)
The remote Windows host is missing security update 5010351. It is, therefore, affected by multiple vulnerabilities %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid157432; scriptversion"1.17";...
RHEL 7 : binutils (RHSA-2021:4035)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4035 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar...
Citrix ADC and Citrix NetScaler Gateway Multiple Vulnerabilities (CTX276688)
The remote Citrix ADC or Citrix NetScaler Gateway device is version 10.5.x prior to 10.5-70.18, 11.1.x prior to 11.1-64.14, 12.0.x prior to 12.0-63.21, 12.1.x prior to 12.1-57.18, 12.1-FIPS prior to 12.1-55.179 or 13.0.x prior to 13.0-58.30. It is, therefore, affected by multiple vulnerabilities:...
Apple iCloud 10.x < 10.9 Multiple Vulnerabilities
According to its version, the iCloud application installed on the remote Windows host is 10.x prior to 10.9. It is, therefore, affected by multiple vulnerabilities: - An arbitrary code execution vulnerability exist with in the WebKit due to configuration issue issues. An attacker in privileged...
KB4528760: Windows 10 Version 1903 and Windows 10 Version 1909 January 2020 Security Update
The remote Windows host is missing security update 4528760. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files. An attacker who successfully exploited the vulnerability could execu...
Solaris 10 (x86) : 119060-73
X11 6.6.2x86: Xsun patch. Date this patch was last updated by Sun : Nov/04/19 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid130510; scriptversion"1.3"; scriptcvsdate"Date:...
KB4512489: Windows 8.1 and Windows Server 2012 R2 August 2019 Security Update
The remote Windows host is missing security update 4512489 or cumulative update 4512488. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who...
EulerOS Virtualization 2.5.3 : glibc (EulerOS-SA-2019-1260)
According to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an...
F5 Networks BIG-IP : Kernel vulnerability (K62442245)
The tcpchecksendhead function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service tcpxmitretransmitqueue use-after-free and system crash via a crafted SACK option...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2087-1)
This update for the Linux Kernel 3.12.74-606493 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data fr...
RHEL 7 : microcode_ctl (RHSA-2018:0035) (Spectre)
An update for microcodectl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...
SUSE SLES11 Security Update : kernel (SUSE-SU-2017:3265-1) (KRACK)
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-16649: The usbnetgenericcdcbind function in drivers/net/usb/cdcether.c in the Linux kernel allowed local users to cause a denial of service...
Virtuozzo 7 : java-1.7.0-openjdk / etc (VZLSA-2017-3392)
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
F5 Networks BIG-IP : Linux kernel vulnerability (K74413297)
The reportfixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service out-of-bounds write via a crafted device that provides a small report descriptor, related to 1 drivers/hid/hid-cherry.c, 2 drivers/hid/hid-kye.c...
Virtuozzo 7 : readykernel-patch (VZA-2017-077)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - The ip6appenddata function in net/ipv6/ip6output.c in the Linux kernel through 4.11.3 is too late in checking whethe...
RHEL 7 : kernel-rt (RHSA-2017:2585)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2585 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Securi...
Firefox < 39.0 Multiple Vulnerabilities (Logjam)
The version of Firefox installed on the remote Windows host is prior to 39.0. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services NSS. When a client allows for a ECDHEECDSA exchange, but the server does no...
RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0858)
Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...
Debian DSA-2923-1 : openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...
Oracle Linux 5 : php (ELSA-2013-1814)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1814 advisory. 5.1.6-43 - drop unneeded patch 5.1.6-42 - add security fixes for CVE-2012-2688, CVE-2011-1398, CVE-2013-1643, CVE-2013-6420 Tenable has extracted the...
Debian DSA-2406-1 : icedove - several vulnerabilities
Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base. - CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls throu...
Fedora 14 : firefox-3.6.12-1.fc14 / galeon-2.0.7-35.fc14.1 / gnome-python2-extras-2.25.3-25.fc14.1 / etc (2010-16897)
Update to new upstream Firefox version 3.6.12, fixing multiple security issues detailed in the upstream advisories : - http://www.mozilla.org/security/known-vulnerabilities/fi refox36.htmlfirefox3.6.11 - http://www.mozilla.org/security/known-vulnerabilities/ firefox36.htmlfirefox3.6.12 Update als...
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5668)
This kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and some security problems : - When creating a file, open/creat allowed the setgid bit to be set via the mode argument even when, due to the bsdgroups mount option or the file being created in a setgid directory, th...
SuSE9 Security Update : PHP4 (YOU Patch Number 12382)
Specially crafted strings could trigger a heap-based buffer overflow in the php mbstring extension. Attackers could potenially exploit that to execute arbitrary code. CVE-2008-5557 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1199)
Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5...
Debian DSA-1751-1 : xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0771 Martijn Wargers, Jesse Ruderman and Josh Soref...
openSUSE 10 Security Update : kernel (kernel-4503)
This kernel update fixes the following security problems : - CVE-2007-4571: An information disclosure vulnerability in the ALSA driver can be exploited by local users to read sensitive data from the kernel memory. - CVE-2007-4573: It was possible for local user to become root by exploitable a bug...
Mandrake Linux Security Advisory : koffice (MDKSA-2006:008)
Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code Stream.cc in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service heap corruption and possibly execute arbitrary code via...
Apache 2.4.x < 2.4.60 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.60. It is, therefore, affected by multiple vulnerabilities: - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server...
RHEL 8 : nodejs:16 (RHSA-2022:6964)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6964 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5443-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5443-1 advisory. Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform...
RHEL 7 / 8 : Red Hat JBoss Web Server 5.6.2 Security Update (Important) (RHSA-2022:1519)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1519 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache...
EulerOS Virtualization 3.0.6.0 : openssl (EulerOS-SA-2022-1088)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an...
RHEL 8 : thunderbird (RHSA-2022:0123)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0123 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.5.0. Security Fixes: Mozilla:...
openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2415-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2415-1 advisory. - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain...
openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:2353-1)
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2353-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...
SUSE SLES12: kernel-livepatch-4_12_14-197_83-default / etc (SUSE-SU-2021:2332-1)
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2332-1 advisory. This update for the Linux Kernel 4.12.14-12263 fixes several issues. The following security issues were fixed: - CVE-2021-0512: Fixed ...
OracleVM 3.4 : kernel-uek (OVMSA-2021-0005)
The remote OracleVM system is missing necessary patches to address security updates: - An issue was found in Linux kernel before 5.5.4. The mwifiexcmdappendvsietlv function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of...
EulerOS 2.0 SP3 : curl (EulerOS-SA-2020-2061)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets...
Adobe Flash Player <= 32.0.0.371 (APSB20-30)
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 32.0.0.371. It is, therefore, affected by an use after free vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to execute arbitrary code within the...
Fedora 32 : python3 (2020-98e0f0f11b)
Python 3.8.3 This is the third maintenance release of Python 3.8. See the changelog for details. Contains the security fix for CVE-2020-8492. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
Slackware 14.2 / current : mozilla-firefox (SSA:2020-094-01)
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-094-01. The text itself is copyright C Slackware Linux,...
Mozilla Firefox ESR < 68.2
The version of Firefox ESR installed on the remote Windows host is prior to 68.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-33 advisory. - Mozilla developers and community members Bob Clary, Jason Kratzer, Aaron Klotz, Iain Ireland, Tyson Smith, Christia...
KB4516115: Security update for Adobe Flash Player (September 2019)
The remote Windows host is missing security update KB4516115. It is, therefore, affected by multiple arbitrary code execution vulnerabilities in Adobe Flash Player. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid128646; scriptversion"1.7";...
Security Updates for Internet Explorer (January 2019)
The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input. An attacker could execute arbitrary code in...
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4270)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4270 advisory. - scsi: sg: mitigate read/write abuse Jann Horn Orabug: 28824731 CVE-2017-13168 - infiniband: fix a possible use-after-free bug Cong Wang Orabug:...
Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerability (USN-3732-2)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3732-2 advisory. USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE...
SSL Root Certification Authority Certificate Information
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain. C Tenable Network Security, Inc. if NASLLEVEL 3208 exit0; include"compat.inc"; if description scriptid94761; scriptversion"1.2"; scriptcvsdate"Date:...