Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4270)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4270 advisory. - scsi: sg: mitigate read/write abuse Jann Horn Orabug: 28824731 CVE-2017-13168 - infiniband: fix a possible use-after-free bug Cong Wang Orabug:...

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerability (USN-3732-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3732-2 advisory. USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE...

Oracle Linux 7 : kernel (ELSA-2015-1534)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1534 advisory. - net ipv4: Missing sknullsnodeinit in pingunhash Denys Vlasenko 1218104 1218105 CVE-2015-3636 - net nfconntrack: reserve two bytes for nfctext-len...

RHEL 6 : kernel-rt (RHSA-2015:0694)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0694 advisory. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's XFS...

Oracle Linux 4 : glibc (ELSA-2015-0101) (GHOST)

From Red Hat Security Advisory 2015:0101 : Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS...

Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1122-1)

It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. CVE-2011-0081 It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If...

Debian DSA-1578-1 : php4 - several vulnerabilities

Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3799 The sessionstart function allows remote attackers to insert arbitrary attributes int...

Debian DSA-1428-2 : linux-2.6 - several vulnerabilities

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : This is an update to DSA 1428-1 which omitted a reference...

openSUSE 15 Security Update : kernel (openSUSE-SU-2022:1037-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1037-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9215)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9215 advisory. - btrfs: fix race when cloning extent buffer during rewind of an old root Filipe Manana Orabug: 32669454 CVE-2021-28964 - xen-blkback: don't leak...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9024)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9024 advisory. 4.14.35-2025.404.1.2.el7 - Revert 'rds: Deregister all FRWR mr with freemr' aru kolappan Orabug: 32426280 Tenable has extracted the preceding descripti...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerability (USN-4683-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4683-1 advisory. Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to...

RHEL 7 : kernel (RHSA-2020:1465)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1465 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: rtlp2pnoaie in...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20190524)

This update upgrades Firefox to version 60.7.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 CVE-2019-9800 - Mozilla: Cross-origin theft of images with createImageBitmap CVE-2019-9797 - Mozilla: Type confusion with object groups and UnboxedObjects...

RHEL 7 : rhvm-appliance (RHSA-2019:1208)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1208 advisory. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is availab...

Oracle Linux 6 : firefox (ELSA-2019-0373)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-0373 advisory. 60.5.1-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 60.5.1-1 - Update to 60.5.1 ESR 60.5.0-...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3032-1)

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive a security fix. The following security bug was fixed : CVE-2018-17182: The vmacacheflushall function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free and possibly gain privileges via...

Amazon Linux AMI : kernel (ALAS-2018-1086)

A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta...

OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0248 for details. C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory OVMSA-2018-0248...

openSUSE Security Update : openssl-1_1 (openSUSE-2018-777)

This update for openssl-11 fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating ...

Kernel vulnerabilities detected in banner reporting (PCI-DSS check)

A service banner response from the remote host indicates a Linux kernel install at a level that may be vulnerable to one or more non-denial-of-service vulnerabilities. This plugin only runs when 'Check for PCI-DSS compliance' is enabled in the scan policy. It does not run if local security checks...

pfSense < 2.1.5 Multiple Vulnerabilities ( SA-14_14 )

According to its self-reported version number, the remote pfSense install is a version prior to 2.1.5 It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108516; scriptversion"1.4";...

Fedora 26 : kernel (2017-ba6b6e71f7)

The 4.14.6 update contains various fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2859-1) (httpoxy)

This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTPPROXY environment variable based on user-supplied Proxy request header. bsc989523 - CVE-2016-0772: A...

MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)

The version of MySQL running on the remote host is 5.5.x prior to 5.5.53. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. CVE-2016-3492 - An...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-1076)

The openSUSE Leap 42.1 kernel was updated to 4.1.31 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service memory...

RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:1458)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p6 Multiple Vulnerabilities

The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p6. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the receive function due to the use of authenticated broadcast mode. A man-in-the-middle attacker can exploit this to conduct a replay attack...

FreeBSD : Several vulnerabilities found in PHP (1e232a0c-eb57-11e4-b595-4061861086c1)

The PHP project reports : The PHP development team announces the immediate availability of PHP 5.4.40. 14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version. The PHP...

RHEL 6 : kernel (RHSA-2015:0864)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

ManageEngine NetFlow Analyzer Default Credentials

The remote ManageEngine NetFlow Analyzer web administration interface uses a known set of default credentials. An attacker can use these to gain access to the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566)

IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11...

Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0882)

From Red Hat Security Advisory 2008:0882 : Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security...

Oracle Linux 5 : Unbreakable enterprise kernel (ELSA-2010-2008)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-2008 advisory. - fs xfs: always use iget in bulkstat Dave Chinner CVE-2010-2943 - net net sched: fix some kernel memory leaks Eric Dumazet CVE-2010-2942 Tenable has...

Ubuntu 11.10 : linux vulnerabilities (USN-1472-1)

Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server attacker could exploit this flaw to cause a denial of service. CVE-2011-4131 A flaw was discovered in the Linux kernel's KVM kernel virtual machine. An administrative user in the guest OS could leverage...

SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7304)

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. The following security issues were fixed : - A local attacker could use a Oops kernel crash caused by other flaws to write a 0 byte to a attacker controlled address in the kernel. This could lea...

OpenSSH < 4.9 'ForceCommand' Directive Bypass

According to its banner, the version of OpenSSH installed on the remote host is earlier than 4.9. It may allow a remote, authenticated user to bypass the 'sshdconfig' 'ForceCommand' directive by modifying the '.ssh/rc' session file. C Tenable, Inc. include"compat.inc"; if description scriptid4407...

MS10-026: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)

The Microsoft MPEG Layer-3 MP3 codecs have a buffer overflow vulnerability that is triggered by opening a specially crafted AVI file with an MP3 audio stream. A remote attacker could exploit this by tricking a user into opening a malicious AVI file, which would lead to arbitrary code execution. C...

SuSE 11 Security Update : PHP5 (SAT Patch Number 1978)

This update of PHP5 fixes : - CVE-2008-5624: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P : Permissions, Privileges, and Access Control CWE-264 - CVE-2008-5625: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P : Permissions, Privileges, and Access Control CWE-264 - Cross-Site...

Firefox < 3.0.18 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.0.18. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. MFSA 2010-01 - The implementation of 'Web Workers' contained an error in its handling of array data types...

openSUSE 10 Security Update : libxml (libxml-6477)

This update of libxml does not use pointers after they were freed anymore. CVE-2009-2416 Additionally a stack-based buffer overflow was fixed while parsing the root XML document. CVE-2009-2414 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Solaris 9 (sparc) : 128640-30

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful...

PHProjekt setup.php Authentication Bypass Arbitrary Code Execution

The remote host is running PHProjekt, an open source PHP Groupware package. It runs on most Linux and Unix variants, in addition to Microsoft Windows operating systems. An unspecified authentication bypass vulnerability is present in the 'setup.php' source file and may be exploited by a remote...

Microsoft Windows SMB Service Enumeration

This plugin implements the SvcOpenSCManager and SvcEnumServices calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. An attacker may use this feature to gain better knowledge of the remote host. C Tenable Network Security, Inc. include"compat.inc";...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libheif vulnerabilities (USN-6847-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6847-1 advisory. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash...

Security Updates for Microsoft SQL Server ODBC Driver (April 2024)

The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.11.2)

The version of AOS installed on the remote host is prior to 5.11.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.11.2 advisory. - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get...

RHEL 6 : polkit (RHSA-2022:0269)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0269 advisory. The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privilege...

VMware Horizon Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)

Binary data vmwarehorizonlog4shell.nbin...

CentOS 8 : kernel-rt (CESA-2021:4646)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4646 advisory. - kernel: timer tree corruption leads to missing wakeup and system freeze CVE-2021-20317 - kernel: Insufficient validation of user-supplied sizes for t...