RHEL 4 / 5 : thunderbird (RHSA-2008:0976)

The remote Redhat Enterprise Linux 4 / 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2008:0976 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content...

Eudora WorldMail Mail Management Server (MAILMA.exe) Remote Overflow

The remote host is running Eudora WorldMail, a commercial mail server for Windows. According to its banner, the version of Eudora Worldmail installed on the remote host contains a heap-based buffer overflow flaw in its Mail Management Agent. Using a specially crafted request, an unauthenticated,...

Slackware Linux 15.0 / current mariadb Multiple Vulnerabilities (SSA:2022-228-01)

The version of mariadb installed on the remote host is prior to 10.5.17 / 10.6.9. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-228-01 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant...

Debian DSA-5207-1 : linux - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5207 advisory. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2022-2585 A...

RHEL 7 : kernel (RHSA-2022:5157)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5157 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: cgroups v1 releaseagent featur...

CentOS 7 : bind (RHSA-2021:1469)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1469 advisory. - In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5804)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5804 advisory. - fs/binfmtelf.c: allocate initialized memory in fillthreadcoreinfo Alexander Potapenko Orabug: 31350638 CVE-2020-10732 - net-sysfs: call devhold if...

EulerOS 2.0 SP3 : python (EulerOS-SA-2020-1427)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Waveread.readfmtchunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cau...

RHEL 8 : thunderbird (RHSA-2020:0919)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0919 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fixes: Mozilla:...

Arista Networks EOS/vEOS SegmentSmack TCP DoS (SA0036)

The version of Arista Networks EOS or vEOS running on the remote device is affected by a denial of servics DoS vulnerability. A flaw named SegmentSmack was found in the way the Linux kernel handles specially crafted TCP packets. An unauthenticated, remote attacker can use this flaw to trigger tim...

EulerOS 2.0 SP5 : libtiff (EulerOS-SA-2019-2209)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service divide-by-zero error and application...

SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2019:1773-1)

This update for ImageMagick fixes the following issues : Security issues fixed : CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage bsc1138464. Fixed a file content disclosure via SVG and WMF decoding bsc1138425. Note that Tenable Network Security has extracted the precedin...

Debian DLA-1813-1 : php5 security update

Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language. CVE-2019-11039 An integer underflow in the iconv module could be exploited to trigger an out of bounds read. CVE-2019-11040 A heap buffer overflow was discovered in the EXIF parsing code. For Debi...

CentOS 6 : java-1.8.0-openjdk (CESA-2019:0416)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Debian DLA-1633-1 : sqlite3 security update

Several flaws were corrected in SQLite, a SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. CVE-2017-2519 Insufficient size of the reference count on Table objects could lead to a denial of...

Amazon Linux 2 : binutils (ALAS-2019-1138)

An integer wraparound has been discovered in the Binary File Descriptor BFD library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.CVE-2018-7568 The ignoresectionsym function in elf.c in the Binary Fi...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20181105)

This update upgrades Thunderbird to version 60.2.1. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 CVE-2018-12376 - Mozilla: Use-after-free in driver timers CVE-2018-12377 - Mozilla: Use-after-free in IndexedDB CVE-2018-12378 - Mozilla: Proxy bypass using...

RHEL 7 : kernel (RHSA-2018:3590)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3590 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A flaw named FragmentSmack was found i...

F5 Networks BIG-IP : Oracle Java SE vulnerability (K15217245)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attack...

RHEL 6 : kernel (RHSA-2018:2645)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2645 advisory. - kernel: TCP segments with random offsets allow a remote denial of service SegmentSmack CVE-2018-5390 Note that Nessus has not tested for this issue...

SUSE SLES11 Security Update : gcc43 (SUSE-SU-2018:1498-1) (Spectre)

This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. bsc1086069 The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpoline...

CentOS 6 : firefox (CESA-2018:1414)

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

KB4074590: Windows 10 Version 1607 and Windows Server 2016 February 2018 Security Update (Meltdown)(Spectre)

The remote Windows host is missing security update 4074590. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose...

Exim < 4.89.1 Use-After-Free BDAT Remote Code Execution

According to its banner and supported extensions, the remote installation of Exim is affected by a code execution flaw. The implementation of the BDAT SMTP verb for sending large binary messages introduced in Exim 4.88 can incorrectly free an in-use region of memory, leading to memory corruption...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2436-1)

This update for the Linux Kernel 3.12.74-606440 fixes several issues. The following security bugs were fixed : - CVE-2017-1000112: Prevent a race condition in net-packet code that could have been exploited by unprivileged users to gain root access bsc1052368. Note that Tenable Network Security ha...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2437-1)

This update for the Linux Kernel 3.12.69-606429 fixes several issues. The following security bugs were fixed : - CVE-2017-1000112: Prevent a race condition in net-packet code that could have been exploited by unprivileged users to gain root access bsc1052368. Note that Tenable Network Security ha...

Scientific Linux Security Update : mariadb on SL7.x x86_64 (20170801)

The following packages have been upgraded to a later upstream version: mariadb 5.5.56. Security Fixes : - It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or...

Security Update for Microsoft SharePoint Server (June 2017)

The Microsoft SharePoint Server installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in Microsoft Office due to improper handling of objects in memory. An unauthenticated,...

openSUSE Security Update : libxml2 (openSUSE-2017-663)

This update for libxml2 fixes the following issues : - CVE-2017-9047, CVE-2017-9048: The function xmlSnprintfElementContent in valid.c was vulnerable to a stack-based buffer overflow bsc1039063, bsc1039064 - CVE-2017-9049: The function xmlDictComputeFastKey in dict.c was vulnerable to a heap-base...

macOS 10.12.x < 10.12.5 Multiple Vulnerabilities

The remote host is running a version of macOS that is 10.12.x prior to 10.12.5. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist in the Kernel component that allow a local attacker to gain kernel-level privileges. CVE-2017-2494, CVE-2017-2546 - A...

EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1074)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to...

Oracle Linux 6 / 7 : nss / and / nss-util (ELSA-2017-1100)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-1100 advisory. nss 3.28.4-1.0.1 - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed 3.28.4-1 - Rebase to 3.28...

Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20170315)

Security Fixes : - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By...

OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0038)

The remote OracleVM system is missing necessary patches to address critical security updates : - add disable monitor to default ntp.conf CVE-2013-5211 - don't limit rate of packets from sources CVE-2016-7426 - don't change interface from received packets CVE-2016-7429 - fix calculation of root...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0133)

The remote OracleVM system is missing necessary patches to address critical security updates : - Btrfs: fix truncation of compressed and inlined extents Ashish Samant Orabug: 22307285 CVE-2015-8374 - Btrfs: fix file corruption and data loss after cloning inline extents Divya Indi Orabug: 22307285...

Ubuntu 12.04 LTS : linux vulnerability (USN-2928-1)

Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges. Note that Tenable Network Security has...

openSUSE Security Update : polarssl (openSUSE-2016-60) (SLOTH)

This update for polarssl fixes the following issues : - CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication boo961284 - boo961290: potential double free during certificate generation %NASLMINLEVEL 70300 C Tenable...

Ubuntu 15.04 : linux vulnerabilities (USN-2691-1)

Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs non-maskable interrupts. An unprivileged local user could exploit this flaw to cause a denial of service system crash or potentially escalate their privileges. CVE-2015-3290 Colin King discovered a flaw in the addkey...

RHEL 5 : java-1.7.0-ibm (RHSA-2015:0134)

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3074)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-3074 advisory. - auditsc: auditkrule mask accesses need bounds checking Andy Lutomirski Orabug: 19590597 CVE-2014-3917 Tenable has extracted the preceding description bloc...

Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2238-1)

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 A flaw was discovered in the Linux kernel's IPC reference counting. An unprivileged loc...

ScMM DSL Modem/Router Backdoor Detection

The remote device is a DSL Modem/Router with a backdoor running on port 32764. It is possible for an attacker to run arbitrary commands or access configuration details including passwords on the device. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid71807;...

Oracle Linux 6 : kernel (ELSA-2012-1426)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-1426 advisory. - mm hugetlb: do not use vmahugecacheoffset for vmapriotreeforeach Frederic Weisbecker 843034 843035 CVE-2012-2133 - mm hugepages: fix use after free b...

Oracle Linux 4 : mysql (ELSA-2010-0110)

From Red Hat Security Advisory 2010:0110 : Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1791-1)

Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic and Joe Drew discovered multiple memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1724-1)

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. CVE-2012-1541, CVE-2012-3342, CVE-2013-0351, CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425,...

RHEL 5 / 6 : firefox (RHSA-2012:1210)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1210 advisory. - Mozilla: Miscellaneous memory safety hazards rv:15.0/ rv:10.0.7 MFSA 2012-57 CVE-2012-1970 - Mozilla: Multiple Use-after-free issues...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019,...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,...