SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3312-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.4.1 ESR - Fixed: Security fix MFSA 2020-49 bsc1178588 - CVE-2020-26950 bmo1675905 Write side effects in MCallGetProperty opcode not accounted for Note that Tenable Network Security has extracted the...

RHEL 8 : kernel (RHSA-2020:4685)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4685 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: bluetooth: heap buffer...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4389-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4389-1 advisory. It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2020-5709)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5709 advisory. - HID: hiddev: do cleanup in failure of opening a device Hillf Danton Orabug: 31206362 CVE-2019-19527 - HID: hiddev: avoid opening a disconnected...

jQuery 1.2.0 < 3.5.0 Cross-Site Scripting

According to its self-reported version number, jQuery is at least 1.2.0 and prior to 3.5.0. Therefore, it may be affected by a cross-site scripting vulnerability via the regex operation in jQuery.htmlPrefilter. Note that the scanner has not tested for these issues but has instead relied only on t...

RHEL 7 : buildah (RHSA-2020:2116)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2116 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

Ubuntu 18.04 LTS : WebKitGTK+ vulnerabilities (USN-4281-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4281-1 advisory. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, ...

KB4532693: Windows 10 Version 1903 and Windows 10 Version 1909 February 2020 Security Update

The remote Windows host is missing security update 4532693. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this...

Oracle Linux 7 : kernel (ELSA-2019-3834)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3834 advisory. - drm drm/i915: Lower RM timeout to avoid DSI hard hangs Dave Airlie 1756815 1756816 CVE-2019-0154 - drm drm/i915/gen8+: Add RC6 CTX corruption WA Dave...

macOS : Apple Safari < 12.1.2 Multiple Vulnerabilities

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12.1.2 It is, therefore, affected by multiple vulnerabilities in the following components : - Safari - WebKit C Tenable Network Security, Inc. include'compat.inc'; if description scriptid128178;...

Photon OS 3.0: Linux PHSA-2019-3.0-0015

An update of the linux package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0015. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid126115;...

EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)

According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability CPU Jul 2017 CVE-2017-3636 - mysql: Server: DML unspecified vulnerability CPU Jul 2017...

CentOS 7 : firefox (CESA-2018:1415)

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-1191)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-1191 advisory. 1:1.8.0.171-7.b10 - Bump release number to be greater than RHEL 7.6 package to allow build with .el7 suffix - Resolves: rhbz1559766 1:1.8.0.171-4.b10 -...

KB4093112: Windows 10 Version 1709 and Windows Server Version 1709 April 2018 Security Update (Meltdown)(Spectre)

The remote Windows host is missing security update 4093112. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0012) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : - Revert 'kernel.spec: Require the new microcodectl.' Brian Maly - xen-blkback: add pendingreq allocation stats Ankur Arora Orabug: 27386890 - xen-blkback: move indirect req allocation out-of-line Ankur...

GLSA-201801-15 : PolarSSL: Multiple vulnerabilities (SLOTH)

The remote host is affected by the vulnerability described in GLSA-201801-15 PolarSSL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might be able to execute arbitrary...

Veritas NetBackup 7.7.x / 8.0.x Multiple Vulnerabilities (VTS17-004)

The Veritas NetBackup application installed on the remote Windows host is 7.7.x or 8.0.x and may be missing a vendor-supplied security hotfix. It is, therefore, affected by multiple vulnerabilities : - A remote command execution vulnerability exists in the bprd process due to improper directory...

Fedora 24 : kernel (2017-8e7549fb91)

The 4.10.10 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3539)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3539 advisory. - KVM: x86: fix emulation of 'MOV SS, null selector' Paolo Bonzini Orabug: 25719659 CVE-2017-2583 CVE-2017-2583 - ext4: store checksum seed in...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170223)

Security Fixes : - When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. CVE-2016-6136, Moderate - A flaw w...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170120)

Security Fixes : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

MS16-097: Security Update for Microsoft Graphics Component (3177393)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Graphics component due to improper handling of embedded fonts by the Windows font library. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a use...

OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)

The remote OracleVM system is missing necessary patches to address critical security updates : - don't allow spoofed packets to demobilize associations CVE-2015-7979, CVE-2016-1547 - don't allow spoofed packet to enable symmetric interleaved mode CVE-2016-1548 - check mode of new source in config...

Fedora 21 : xen-4.4.3-8.fc21 (2015-f150b2a8c8)

x86: CPU lockup during exception delivery XSA-156, CVE-2015-5307, CVE-2015-8104 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

F5 Networks BIG-IP : Linux kernel KVM subsystem vulnerability (K13145361)

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service guest OS crash via a crafted application.CVE-2014-3647 C Tenable Network Security, Inc. The descriptive text and package...

OracleVM 3.3 : libxml2 (OVMSA-2015-0097)

The remote OracleVM system is missing necessary patches to address critical security updates : - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball - CVE-2015-1819 Enforce the reader to run in constant memoryrhbz1214163 - Stop parsing on entities...

RHEL 6 : kernel (RHSA-2014:1101)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

RHEL 6 : kernel (RHSA-2014:1668)

Updated kernel packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS bas...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2226-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2226-1 advisory. Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain...

Fedora 18 : kernel-3.11.10-100.fc18 (2013-22695)

The 3.11.10 stable update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Oracle Linux 5 : php53 (ELSA-2013-1307)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1307 advisory. - add security fix for CVE-2013-4248 - add security fix for CVE-2013-4113 - add security fixes for CVE-2006-7243 - add security fixes for CVE-2012-2688...

Oracle TNS Listener Remote Poisoning

Binary data oracletnslistenermitm.nbin...

Oracle Linux 5 : kernel (ELSA-2010-0661)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2010-0661 advisory. - mm accept an abutting stack segment Jiri Pirko 607857 607858 CVE-2010-2240 - mm pass correct mm when growing stack Jiri Pirko 607857 607858 CVE-2010-2240 - mm...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2507)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2507 advisory. - vhost: fix length for cross region descriptor Michael S. Tsirkin Orabug: 16387183 CVE-2013-0311 - x86/xen: don't assume %ds is usable in xeniret...

Fedora 18 : kernel-3.9.5-201.fc18 (2013-10695)

Update to the latest upstream stable release, Linux v3.9.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 (20120613)

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandb...

RHEL 5 : php53 (RHSA-2012:1047)

Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CentOS 5 : kernel (CESA-2012:0107)

Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

FreeBSD : linux-flashplugin -- remote code execution vulnerability (32b05547-6913-11e0-bdc4-001b2134ef46)

Adobe Product Security Incident Response Team reports : A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions Adobe Flash Player 10.2.154.25 and earlier for Chrome users for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for...

Reverse NAT/Intercepting Proxy Detection

Reverse NAT is a technology which lets multiple computers offer public services on different ports via the same IP address. Based on OS fingerprinting results, it seems that different operating systems are listening on different remote ports. Note that this behavior may also indicate the presence...

OpenSSH w/ PAM Multiple Timing Attack Weaknesses

The remote host seems to be running an SSH server that could allow an attacker to determine the existence of a given login by comparing the time the remote sshd daemon takes to refuse a bad password for a nonexistent login compared to the time it takes to refuse a bad password for a valid login. ...

Apache UserDir Directive Username Enumeration

When configured with the 'UserDir' option, requests to URLs containing a tilde followed by a username will redirect the user to a given subdirectory in the user home. For instance, by default, requesting /root/ displays the HTML contents from /root/publichtml/. If the username requested does not...

RHEL 9 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: the crehash script allows command injection CVE-2022-2068 - The crehash script does not properly...

Security Updates for Microsoft SQL Server ODBC Driver (April 2024)

The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

RHEL 8 : java-1.8.0-openjdk (RHSA-2022:5697)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5697 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2022:2000-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2000-1 advisory. - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hwparams...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9412)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9412 advisory. 4.14.35-2047.513.2.1.el7 - perf: Fix sysperfeventopen race against self Peter Zijlstra Orabug: 34175592 CVE-2022-1729 Tenable has extracted the preceding...

Amazon Corretto Java 8.x < 8.332.08.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.332.08.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2022-Apr-19 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has...

Rocky Linux 8 : kernel-rt (RLSA-2021:4088)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4088 advisory. - An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after- free because the ctx is reached via the ctxli...