338622 matches found
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3674-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3674-1 advisory. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3621)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3621 advisory. - Bluetooth: Properly check L2CAP config option output buffer length Ben Seri Orabug: 26796364 CVE-2017-1000251 - xen: fix bio vec merging Roger Pa...
HP Data Protector 8.x < 8.17 / 9.x < 9.09 Multiple Vulnerabilities (HPSBGN03732)
The version of HP Data Protector installed on the remote host is 8.x prior to 8.17, or 9.x prior to 9.09. It is, therefore, affected by the following vulnerabilities : - HPE Data Protector contains an unspecified overflow condition that is triggered as certain input is not properly validated. Thi...
EulerOS 2.0 SP1 : graphite2 (EulerOS-SA-2017-1152)
According to the versions of the graphite2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font...
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1853-1) (Stack Clash)
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMINFINITY 1/4 o...
SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)
The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended...
MS16-155: Security Update for .NET Framework (3205640)
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the .NET Framework Data Provider for SQL Server due to improper handling of developer-supplied keys. An unauthenticated, remote attacker can exploit this to disclose...
MUICache Program Execution History
Nessus was able to query the MUIcache registry key to find evidence of program execution. C Tenable Network Security, Inc. include"compat.inc"; if !definedfunc"nasllevel" || nasllevel 5200 exit0, "Not Nessus 5.2+"; if description scriptid92424; scriptversion"1.5"; scriptcvsdate"Date: 2018/05/16...
RHEL 6 : kernel (RHSA-2015:1221)
Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
RHEL 7 : httpd (RHSA-2014:0921)
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
openSUSE Security Update : mozilla-js192 (openSUSE-SU-2011:1076-1)
Mozilla XULRunner was updated to version 1.9.2.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory...
Fedora 19 : libjpeg-turbo-1.2.90-3.fc19 (2013-23722)
Apply fixes CVE-2013-6629, CVE-2013-6630 1031737 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
PHP 5.5.x < 5.5.7 OpenSSL openssl_x509_parse() Memory Corruption
According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.7. It is, therefore, potentially affected by a memory corruption flaw in the way the opensslx509parse function of the PHP OpenSSL extension parsed X.509 certificates. A remote attacker could u...
Oracle Linux 6 : thunderbird (ELSA-2012-1089)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2012-1089 advisory. 10.0.6-1.0.1.el63 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball 10.0.6-1 -...
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120717)
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2012-1948,...
SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7261)
This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. The following security issues were fixed : - Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to...
PostgreSQL LDAP Anonymous Bind Authentication Bypass
The version of PostgreSQL running on the remote host has an authentication bypass vulnerability. If PostgreSQL is using LDAP authentication, and the LDAP server is configured to allow anonymous binds, it may be possible to log into the PostgreSQL server using a blank password. A remote attacker...
Trend Micro Apex One Server Authentication Bypass (CVE-2022-40144)
Binary data trendmicroapexonecve-2022-40144.nbin...
RHEL 8 : ruby:3.0 (RHSA-2022:6450)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6450 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
Debian DSA-5207-1 : linux - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5207 advisory. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2022-2585 A...
Oracle Linux 8 : virt:ol / and / virt-devel:ol (ELSA-2022-1759)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1759 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289,...
WordPress 5.2.x < 5.2.15 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists via wpfilterglobalstylespost. - A prototype pollution exists via the Gutenberg wordpress/url package. Note that the...
AlmaLinux 8 : qt5-qtbase and qt5-qtwebsockets (ALSA-2020:4690)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4690 advisory. - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to...
SSH Host Keys < 2048 Bits Considered Weak
Brute force setting must be enabled to use this plugin. The remote SSH server has a host key size that is smaller than 2048 bits. NIST Special Publication 800-57 Part 3 Recommendation for Key Management recommends RSA keys greater or equal to 2048 bits in length. TRUSTED...
openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3338-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3338-1 advisory. - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect...
Debian DLA-2653-1 : libxml2 security update
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files, which could cause denial of service via application crash when parsing specially crafted files. For Debian 9 stretch, these problems have been fixed in version...
CentOS 7 : kernel (RHSA-2020:3220)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3220 advisory. - Insufficient access control in the IntelR PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially...
Microsoft OneDrive Elevation of Privilege (CVE-2020-1465)
The version of Microsoft OneDrive installed on the remote Windows host is prior to 20.084.0426.0007. It is, therefore, affected by an elevation of privilege vulnerability that allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the...
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200311)
Security Fixes : - kernel: buffer overflow in cfg80211mgdwextgiwessid in net/wireless /wext-sme.c CVE-2019-17133 - kernel: unprivileged users able to create RAW sockets in AFISDN network protocol. CVE-2019-17055 Bug Fixes : - LACP bond does not function because bonding driver sees slave speed &...
RHEL 7 : kernel-alt (RHSA-2020:0740)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0740 advisory. The kernel-alt packages provide the Linux kernel version 4.x. Security Fixes: kernel: rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps...
Debian DLA-1829-1 : firefox-esr security update
Samuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website. For Debian 8 'Jessie', this problem has been fixed in version 60.7.1esr-1deb8u1. We recommend that you...
EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1229)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic...
Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3575-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3575-1 advisory. It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash...
SUSE SLES11 Security Update : kvm (SUSE-SU-2018:0019-1) (Spectre)
This update for kvm fixes the following issues: Also a mitigation for a security flaw has been applied : - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU...
Debian DSA-4037-1 : jackson-databind - security update
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization. %NASLMINLEVEL 70300 C Tenab...
EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in the diskseqfstop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privilege...
CentOS 7 : firefox (CESA-2017:1106)
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
SUSE SLES11 Security Update : libtcnative-1-0 (SUSE-SU-2016:2385-1) (Logjam)
This update for libtcnative-1-0 fixes the following issues : - CVE-2015-4000: Disable 512-bit export-grade cryptography to prevent Logjam vulnerability bsc938945 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.24. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance wi...
VMSA-2016-0002 : VMware product updates address a critical glibc security vulnerability
a. glibc update for multiple products. The glibc library has been updated in multiple products to resolve a stack-based buffer overflow present in the glibc getaddrinfo function. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifier CVE-2015-7547. VMware...
openSUSE Security Update : polarssl (openSUSE-2016-60) (SLOTH)
This update for polarssl fixes the following issues : - CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication boo961284 - boo961290: potential double free during certificate generation %NASLMINLEVEL 70300 C Tenable...
openSUSE Security Update : OpenSSL (openSUSE-2015-908)
OpenSSL was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2015-3194: Certificate verify crash with missing PSS parameter bsc957815 - CVE-2015-3195: X509ATTRIBUTE memory leak bsc957812 - CVE-2015-3196: Race condition handling PSK identify hint bsc957813...
Slackware 14.0 / 14.1 / current : php (SSA:2015-111-10)
New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2015-111-10. The text itself is copyright C...
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:1877)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1877 advisory. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several...
CUCM IM and Presence Service GNU Bash Environment Variable Handling Command Injection (CSCur05454) (Shellshock)
According to its self-reported version, the CUCM IM and Presence Service installed on the remote host contains a version of GNU Bash that is affected by a command injection vulnerability known as Shellshock, which is due to the processing of trailing strings after function definitions in the valu...
CentOS 5 / 6 : php / php53 (CESA-2013:1813)
Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
CentOS 4 : httpd (CESA-2009:1580)
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL...
Mozilla Thunderbird < 12.0 Multiple Vulnerabilities
Binary data 6792.prm...
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
This update fixes the following security issues : - a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. pciunmapsingle presented a memory leak that could lead to IOMMU space exhaustion and a system crash. An attacker on the local network could trigger this flaw by using jum...
Mozilla Thunderbird 10.0.x < 10.0.6 Multiple Vulnerabilities
The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Several memory safety issues exist, some of which could potentially allow arbitrary code execution. CVE-2012-1948 - Several memory safety issues exist related to the Gecko layout engine...