RHEL 5 / 6 : php53 and php (RHSA-2013:1813)

Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Fedora 20 : kernel-3.11.10-301.fc20 (2013-22818)

Fixes for SELinux issues and crashes related to bigkey krb functionality. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

MySQL Server COM_CHANGE_USER Command Security Bypass

The installed version of MySQL may be affected by a security bypass vulnerability because the salt used during password validation does not change when switching users with the 'COMCHANGEUSER' command. Additionally, the connection is not reset when invalid credentials are submitted. Normally, whe...

Mac OS X : Java for Mac OS X 10.6 Update 17

The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 17, which updates the Java version to 1.6.065. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2025)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2025 advisory. - Apply new fix for CVE-2011-1576. - net: Fix memory leak/corruption on VLAN GRODROP CVE-2011-1576 - iommu-api: Extension to check for interrupt...

Oracle Linux 4 : tetex (ELSA-2007-1027)

From Red Hat Security Advisory 2007:1027 : Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX...

Solaris 10 (sparc) : 150383-19 (deprecated)

SunOS 5.10: wanboot patch. Date this patch was last updated by Sun : Aug/13/17 This plugin has been deprecated and either replaced with individual 150383 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2018/03/1...

CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0696)

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0904-1)

The Mozilla NSS Library was updated to version 3.12.8 and the Mozilla NSPR Library was updated to 4.8.6 to fix various bugs and one security issue. CVE-2010-3170: Disallow wildcard matching in X509 certificate Common Names. This update also has preparations for Firefox 4 support, and a updated Ro...

Debian DSA-2018-1 : php5 - DoS (crash)

Auke van Slooten discovered that PHP 5, an hypertext preprocessor, crashes because of a NULL pointer dereference when processing invalid XML-RPC requests. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securit...

Safari < 3.1.2 Multiple Vulnerabilities

The version of Safari installed on the remote host reportedly is affected by several issues : - An out-of-bounds memory read while handling BMP and GIF images may lead to information disclosure CVE-2008-1573. - Safari will automatically launch executable files downloaded from a site if that site ...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libheif vulnerabilities (USN-6847-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6847-1 advisory. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0)

The version of AOS installed on the remote host is prior to 6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0 advisory. - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and application...

Oracle Linux 9 : openssl (ELSA-2022-6224)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6224 advisory. - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - CVE-2022-2068: the crehash script allows command injection...

SUSE SLES15 Security Update : kernel (Live Patch 26 for SLE 15 SP2) (SUSE-SU-2022:2779-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2779-1 advisory. This update for the Linux Kernel 5.3.18-15020024112 fixes several issues. The following security issues were fixed: - CVE-2022-1679: Fixed a...

RHEL 7 : kernel (RHSA-2022:5802)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5802 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: a use-after-free write in the netfilter...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 17 for SLE 15 SP3) (SUSE-SU-2022:1988-1)

The remote SUSE Linux SLES12 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1988-1 advisory. - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACESEIZE code path allows attackers to bypass intended...

RHEL 7 : kernel (RHSA-2022:1324)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1324 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Use After Free in unixgc which...

openSUSE 15 Security Update : kernel (openSUSE-SU-2022:1039-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1039-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

CentOS 7 : firefox (RHSA-2022:0824)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0824 advisory. - xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5302-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5302-1 advisory. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent...

H2 Database JNDI Lookup RCE (CVE-2021-42392)

Binary data h2databasecve-2021-42392.nbin...

AlmaLinux 8 : pcs (ALSA-2021:4142)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4142 advisory. - jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove HTML tags that contain a...

CentOS 8 : nodejs:14 (CESA-2022:0350)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:0350 advisory. - nodejs-glob-parent: Regular expression denial of service CVE-2020-28469 - nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 -...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0246)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0246 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:3053-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.4.0 ESR - Fixed: Various stability, functionality, and security fixes MFSA 2020-46 bsc1177872, bsc1176756 - CVE-2020-15969 Use-after-free in usersctp - CVE-2020-15683 Memory safety bugs fixed in Firefo...

Oracle Linux 8 : qt5-qtbase / and / qt5-qtwebsockets (ELSA-2020-4690)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4690 advisory. qt5-qtbase 5.12.5-6 - OpenSSL: handle SSLshutdowns errors properly Resolves: bz1851538 5.12.5-5 - Fix: Files placed by attacker can influence the worki...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Intel Microcode vulnerabilities (USN-4628-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4628-1 advisory. Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that t...

RHEL 7 / 8 : OpenShift Container Platform 4.6.1 (RHSA-2020:4297)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4297 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...

Fedora 32 : 1:java-1.8.0-openjdk (2020-e418151dc3)

July 2020 OpenJDK security update for OpenJDK 8. Full release notes: https://bitly.com/oj8u262 New features - JDK-8223147: JFR Backport Security fixes - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equalsDerValue - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:1146-1)

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack...

Xen Information Disclosure Vulnerability (XSA-305)

According to its self-reported version number, the Xen Hypervisor installed on the remote host is affected by an information disclosure vulnerability. A TSX Asynchronous Abort condition exists on some CPUs utilizing speculative execution. An authenticated, local attacker can exploit this to...

RHEL 6 : kernel (RHSA-2019:4256)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4256 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: Kernel: KVM: OOB memory access via mmio ring...

EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-2509)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared...

Mozilla Firefox ESR < 68.1

The version of Firefox ESR installed on the remote Windows host is prior to 68.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-26 advisory. - Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbo...

Security Updates for Microsoft Office Products (August 2019)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the...

MySQL 5.6.x < 5.6.43 Multiple Vulnerabilities (Jan 2019 CPU)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.43. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2019 Critical Patch Update advisory: - An unspecified vulnerability in MySQL in the 'Server:...

SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:2036-1)

This update for openssl-11 fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating ...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3674-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3674-1 advisory. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3621)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3621 advisory. - Bluetooth: Properly check L2CAP config option output buffer length Ben Seri Orabug: 26796364 CVE-2017-1000251 - xen: fix bio vec merging Roger Pa...

HP Data Protector 8.x < 8.17 / 9.x < 9.09 Multiple Vulnerabilities (HPSBGN03732)

The version of HP Data Protector installed on the remote host is 8.x prior to 8.17, or 9.x prior to 9.09. It is, therefore, affected by the following vulnerabilities : - HPE Data Protector contains an unspecified overflow condition that is triggered as certain input is not properly validated. Thi...

EulerOS 2.0 SP1 : graphite2 (EulerOS-SA-2017-1152)

According to the versions of the graphite2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1853-1) (Stack Clash)

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMINFINITY 1/4 o...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended...

MS16-155: Security Update for .NET Framework (3205640)

The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the .NET Framework Data Provider for SQL Server due to improper handling of developer-supplied keys. An unauthenticated, remote attacker can exploit this to disclose...

MUICache Program Execution History

Nessus was able to query the MUIcache registry key to find evidence of program execution. C Tenable Network Security, Inc. include"compat.inc"; if !definedfunc"nasllevel" || nasllevel 5200 exit0, "Not Nessus 5.2+"; if description scriptid92424; scriptversion"1.5"; scriptcvsdate"Date: 2018/05/16...

openSUSE Security Update : openssl (openSUSE-2016-289) (DROWN)

This update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

RHEL 6 : kernel (RHSA-2015:1221)

Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

RHEL 7 : httpd (RHSA-2014:0921)

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

openSUSE Security Update : mozilla-js192 (openSUSE-SU-2011:1076-1)

Mozilla XULRunner was updated to version 1.9.2.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory...