337863 matches found
Oracle Primavera Unifier Multiple Vulnerabilities (Jul 2020 CPU)
According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.16.2, or 17.7.x through 17.12.x prior to 17.12.11.4, or 18.8.x prior to 18.8.17, or 19.12.x prior to 19.12.7. It is, therefore, affected by...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2020-5532)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5532 advisory. 2.6.39-400.319.1 - net-sysfs: Fix mem leak in netdevregisterkobject YueHaibing Orabug: 30350265 CVE-2019-15916 Tenable has extracted the preceding descripti...
Mozilla Thunderbird < 68.3
The version of Thunderbird installed on the remote Windows host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-38 advisory. - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4186-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4186-1 advisory. Stephan van Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp,...
Pulse Connect Secure Arbitrary File Read Vulnerability (CVE-2019-11510)
According to its self-reported version, the version of Pulse Connect Secure running on the remote host is prior to 8.1R15.1, 8.2.x 8.2R12.1, 8.3.x 8.3R7.1 or 9.x prior to 9.0R3.4. It is, therefore, affected by an arbitrary file read vulnerability due to insufficient user input validation. An...
Fedora 29 : kernel / kernel-headers / kernel-tools (2019-164946aa7f)
The 4.20.8 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...
Security Updates for Microsoft Visual Studio Products (February 2019)
The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully...
Photon OS 2.0: Linux PHSA-2018-2.0-0015
An update of the linux package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0015. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121914...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3849-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3849-1 advisory. It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial...
Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2018-1097)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Ubuntu 14.04 LTS / 16.04 LTS : libxml2 vulnerabilities (USN-3235-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3235-1 advisory. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafte...
Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3161-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3161-2 advisory. USN-3161-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...
openSUSE Security Update : the openSUSE Leap 42.1 kernel. (openSUSE-2016-1439)
The openSUSE Leap 42.1 kernel has been updated to fix a security issue : - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg or /dev/bsg to elevate their privileges bsc1013604. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...
CentOS 7 : ntp (CESA-2016:2583)
An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Debian DLA-177-1 : openssl security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-0209 It was discovered that a malformed EC private key might result in memory corruption. CVE-2015-0286 Stephen...
Oracle Linux 7 : kernel (ELSA-2014-0678)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-0678 advisory. 3.10.0-123.1.2 - Oracle Linux certificates Alexey Petrenko 3.10.0-123.1.2 - tty ntty: Fix nttywrite crash when echoing in raw mode Aristeu Rozanski 1094241...
Fedora 20 : stunnel-5.01-1.fc20 (2014-5321)
New upstream release Supports OpenSSL DLLs 1.0.1g. Fixes to take care of OpenSSL,s TLS heartbeat read overrun CVE-2014-0160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean an...
IBM Lotus Symphony < 3.0.1 Fix Pack 2 Multiple Vulnerabilities
The version of IBM Lotus Symphony is a version prior to 3.0.1 Fix Pack 2. Such versions are affected by multiple vulnerabilities : - Flaws exist in the way certain XML components are processed for external entities in ODF documents. These flaws can be utilized to access and inject the content of...
Oracle GlassFish HTTP Server Version
The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to read the version number from the HTTP response headers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55930; scriptversion"1.13";...
Mozilla Thunderbird 3.1 < 3.1.8 Multiple Vulnerabilities
The installed version of Thunderbird 3.1 is earlier than 3.1.8. Such versions are potentially affected by multiple vulnerabilities : - Multiple memory corruption errors exist and may lead to arbitrary code execution. MFSA 2011-01 - An input validation error exists in the class,...
Mac OS X 10.5.x < 10.5.2 Multiple Vulnerabilities
The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.2. Mac OS X 10.5.2 contains several security fixes for a number of programs. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include"compat.inc"; ifdescription scriptid30255; scriptversion"1.17"; if...
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6534-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6534-3 advisory. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading ...
KB5026363: Windows 10 Version 1607 and Windows Server 2016 Security Update (May 2023)
The remote Windows host is missing security update 5026363. It is, therefore, affected by multiple vulnerabilities - Windows Pragmatic General Multicast PGM Remote Code Execution Vulnerability CVE-2023-24943 - Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...
KB5015811: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2022)
The remote Windows host is missing security update 5015811. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-22024, CVE-2022-22027,...
SUSE SLES12: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2022:0690-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0690-1 advisory. Update to version 2.34.5 bsc1195735: - CVE-2022-22589: A validation issue was addressed with improved input sanitization. -...
KB5007255: Windows 8.1 and Windows Server 2012 R2 Security Update (November 2021)
The remote Windows host is missing security update 5007255 or cumulative update 5007247. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services...
Ubuntu 18.04 LTS / 20.04 LTS : curl vulnerabilities (USN-5021-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5021-1 advisory. Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line...
openSUSE Security Update : qemu (openSUSE-2021-363)
This update for qemu fixes the following issues : - Fixed potential privilege escalation in virtfs CVE-2021-20181 bsc1182137 - Fixed out-of-bound access in iscsi CVE-2020-11947 bsc1180523 - Fixed out-of-bound access in vmxnet3 emulation CVE-2021-20203 bsc1181639 - Fixed out-of-bound access in ARM...
Oracle Linux 8 : mariadb:10.3 (ELSA-2020-5500)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5500 advisory. asio 1.10.8-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 1.10.8-6 - Rebuilt for...
RHEL 7 : grub2 (RHSA-2020:3274)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3274 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...
RHEL 7 : kernel (RHSA-2020:1984)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1984 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: powerpc: incomplete Spectre-RSB...
EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1359)
According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the...
Security Updates for Microsoft SQL Server (Uncredentialed Check) (February 2020)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who...
KB4537794: Windows Server 2012 February 2020 Security Update
The remote Windows host is missing security update 4537794 or cumulative update 4537814. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who...
SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2947-1)
The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exceptio...
SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1242-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12127:...
RHEL 7 : JBoss Core Services (RHSA-2017:1413)
An update is now available for Red Hat JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Debian DLA-1355-1 : mysql-5.5 security update
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :...
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2936-1)
This update for qemu fixes several issues. These security issues were fixed : - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c bsc1062942. - CVE-2017-9524: The qemu-nbd server when built with th...
Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D Little CMS 2 - Deployment - Hotspot -...
Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-076)
According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - An integer overflow vulnerability in ip6find1stfragopt function was found. A local attacker that has...
RHEL 7 : JBoss Core Services (RHSA-2017:0194)
An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
F5 Networks BIG-IP : Linux kernel vulnerability (K41739114)
A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format UDF file system implementation processed indirect Information Control Blocks ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the...
Debian DSA-3548-1 : samba - security update (Badlock)
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to...
FreeBSD : php -- multiple vulnerabilities (85eb4e46-cf16-11e5-840f-485d605f4717)
PHP reports : - Core : - Fixed bug 71039 exec functions ignore length but look for NULL termination. - Fixed bug 71323 Output of streamgetmetadata can be falsified by its input. - Fixed bug 71459 Integer overflow in iptcembed. - PCRE : - Upgraded bundled PCRE library to 8.38.CVE-2015-8383,...
RHEL 7 : samba (RHSA-2016:0006)
Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...
RHEL 6 : kernel (RHSA-2015:1583)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1583 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ping socket implementation...
RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0413)
Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Oracle Linux 6 / 7 : openssl (ELSA-2014-1652)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1652 advisory. - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV t...
FreeBSD : PHP multiple vulnerabilities (d2a892b9-2605-11e4-9da0-00a0986f28c4)
The PHP Team reports : insecure temporary file use in the configure script unserialize SPL ArrayObject / SPLObjectStorage Type Confusion Heap buffer over-read in DateInterval fileinfo: cdfreadshortsector insufficient boundary check fileinfo: CDF infinite loop in nelements DoS fileinfo: fileinfo:...