Thunderbird < 13.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Multiple memory corruption errors exist...

FreeBSD : php -- multiple vulnerabilities (d3921810-3c80-11e1-97e8-00215c6a37bb)

php development team reports : Security Enhancements and Fixes in PHP 5.3.9 : - Added maxinputvars directive to prevent attacks based on hash collisions. CVE-2011-4885 - Fixed bug 60150 Integer overflow during the parsing of invalid exif header. CVE-2011-4566 %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-2099-1 : openoffice.org - buffer overflows

Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code. - An integer truncation error when parsing certain content can be exploited to cause a heap-based buffer overflow via a...

Fedora 9 : kernel-2.6.27.12-78.2.8.fc9 (2009-0816)

Update to kernel 2.6.27.12: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.10 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.11 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.12 Includes security fixes: CVE-2009-0029 Linux Kernel insecure 64 bit system ca...

RHEL 3 / 4 : php (RHSA-2007:0155)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

alya.cgi CGI Backdoor Detection

alya.cgi was found on the remote system. This script is likely a CGI based backdoor distributed with multiple rootkits. This script was written by Jason Lidow Changes by Tenable: - Overhauled description, added Synopsis/Reference/Solution 12/8/2008 include"compat.inc"; if description scriptid1111...

MySQL Server Detection

The remote host is running MySQL, an open source database server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10719; scriptversion"1.45"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/09/24"; scriptxrefname:"IAVT", value:"0001-T-0802";...

Oracle Linux 8 : kernel (ELSA-2024-4211)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4211 advisory. - udf: Fix NULL pointer dereference in udfsymlink function Pavel Reichl RHEL-37769 CVE-2021-47353 - net: ti: fix UAF in tlanremoveone Jose Ignacio Torn...

KB5039211: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (June 2024)

The remote Windows host is missing security update 5039211. It is, therefore, affected by multiple vulnerabilities - Microsoft Speech Application Programming Interface SAPI Remote Code Execution Vulnerability CVE-2024-30097 - Windows Remote Access Connection Manager Information Disclosure...

CentOS 7 : openssh (RHSA-2023:4382)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4382 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forward...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5466-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5466-1 advisory. It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-1812)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally...

nginx R8 < R18-P1 Multiple Vulnerabilities

According to it's self reported version, the installed version of Nginx Plus is R8 built on Open Source version 1.9.9 prior to R18-P1 built on Open Source version 1.15.10. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the...

IBM Java 6.0 < 6.0.16.55 / 6.1 < 6.1.8.55 / 7.0 < 7.0.15.5 / 7.1 < 7.1.5.5 / 8.0 < 8.0.5.5 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 6.0 6.0.16.55 / 6.1 6.1.8.55 / 7.0 7.0.15.5 / 7.1 7.1.5.5 / 8.0 8.0.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle October 17 2017 CPU advisory. - inffast.c in zlib 1.2.8 might allow...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-096-01)

The version of mozilla-thunderbird installed on the remote host is prior to 91.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-096-01 advisory. - regex is an implementation of regular expressions for the Rust language. The regex crate features built-in...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2021:1762)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1762 advisory. libvirt: double free in qemuAgentGetInterfaces in qemuagent.c CVE-2020-25637 QEMU: heap buffer overflow in msixtablemmiowrite in hw/pci/msix.c...

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2021:3211-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3211-1 advisory. - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22931: Fixed improper handling of untypical characters in...

SUSE SLED15 / SLES15 Security Update : bluez (SUSE-SU-2021:2291-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2291-1 advisory. - CVE-2021-0129,CVE-2020-26558: Check bluetooth security flags bsc1186463. Tenable has extracted the preceding description block...

SUSE SLES12 Security Update : kernel (Live Patch 39 for SLE 12 SP3) (SUSE-SU-2021:2026-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2026-1 advisory. This update for the Linux Kernel 4.4.180-94144 fixes several issues. The following issues were fixed: - CVE-2021-33034: Fixed a...

Amazon Linux 2 : perl (ALAS-2021-1610)

The version of perl installed on the remote host is prior to 5.16.3-299. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1610 advisory. Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers...

Oracle Linux 6 : thunderbird (ELSA-2020-4947)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4947 advisory. 78.4.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.4.0-1 - Update to 78.4.0 build1 - Disabled...

RHEL 7 : microcode_ctl (RHSA-2020:2842)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2842 advisory. Security Fixes: hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543 hw: L1D Cache Eviction Sampling CVE-2020-0549 hw: Vector...

Debian DLA-2221-1 : sqlite3

An integer overflow vulnerability was found in the sqlite3strvappendf function of the src/printf.c file of sqlite3 from version 3.8.3. For Debian 8 'Jessie', this problem has been fixed in version 3.8.7.1-1+deb8u6. We recommend that you upgrade your sqlite3 packages. NOTE: Tenable Network Securit...

EulerOS Virtualization for ARM 64 3.0.6.0 : binutils (EulerOS-SA-2020-1363)

According to the versions of the binutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simpleobjectelfmatch in...

RHEL 7 : python (RHSA-2020:1268)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1268 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

ManageEngine Desktop Central 10 < Build 100479 Remote Code Execution

The ManageEngine Desktop Central application running on the remote host is version 10 prior to build 100479. It is, therefore, affected by a remote code execution vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid134677; scriptversion"1.8";...

Amazon Linux 2 : php (ALAS-2019-1344)

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code...

openSUSE Security Update : python (openSUSE-2019-1989)

This update for python fixes the following issues : - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation bsc1141853. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc...

FreeBSD : Mozilla -- multiple vulnerabilities (49beb00f-a6e1-4a42-93df-9cb14b4c2bee)

Mozilla Foundation reports : CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-1170...

Amazon Linux AMI : kernel (ALAS-2019-1212)

A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rdstcp kernel module loaded either through autoload via local process running listen, or manual loading could possibly cause a use after free UAF in which an attacker who is able to manipulate socket stat...

RHEL 6 : ntp (RHSA-2018:3854)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3854 advisory. - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution CVE-2018-12327 Note that Nessus has not tested for th...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3631-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3631-1 advisory. It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to...

Fedora 27 : webkitgtk4 (2018-0590e4af13) (Spectre)

This update includes improvements to mitigate the effects of Spectre CVE-2017-5753 and CVE-2017-5715 : - Disable SharedArrayBuffers from Web API. - Reduce the precision of high resolution time to 1ms. Additional fixes : - Fix API documentation generation with newer gtk-doc. Note that Tenable...

F5 Networks BIG-IP : Linux kernel vulnerability (K82508682)

The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service double free via an application that makes an IPV6RECVPKTINF...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2790-1) (BlueBorne)

This update for the Linux Kernel 3.12.69-606435 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denia...

EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2017-1028)

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrust...

Ubuntu 16.10 : linux, linux-raspi2 vulnerability (USN-3251-1)

It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service system crash or execute arbitrary code with administrative privileges. Note that Tenable...

Oracle Linux 5 : openssl (ELSA-2016-1137)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-1137 advisory. - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1getrecord - fix CVE-2014-3572 - ECDHE...

SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0372-1)

The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen hypervisor and toolset has been updated to fix various security issues and several bugs. The following security issues have been addressed : XSA-88: CVE-2014-1950: Use-after-free vulnerability in the xccpupoolgetinfo function in Xen 4.1....

RHEL 6 : kernel (RHSA-2014:1843)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1843 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the way the Linux...

RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1793)

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4, 5.5 and 5.6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3054)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3054 advisory. - filter: prevent nla extensions to peek beyond the end of the message Mathias Krause Orabug: 19315783 CVE-2014-3144 CVE-2014-3145 - futex: Forbid...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-2064-1)

Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. CVE-2013-4345 A flaw was discovered in the Linux kernel's IP Virtual Server IPVS support. A local user with the CAPNETADMI...

CentOS 5 : kernel (CESA-2010:0661)

Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Scientific Linux Security Update : kernel on SL3.x i386/x86_64

A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. CVE-2007-3848, Important A flaw wa...

RHEL 6 : java-1.7.0-oracle (RHSA-2012:1019)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1019 advisory. The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes...

SeaMonkey < 2.8.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.8.0. Such versions are potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the...

USN-1164-1 : linux-fsl-imx51 vulnerabilities

Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. CVE-2010-3865 Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly...

RHEL 4 / 5 : firefox (RHSA-2010:0332)

The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0332 advisory. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-fre...

MS10-031: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)

A stack memory corruption vulnerability exists in the way that the installed version of Visual Basic for Applications VBA searches for ActiveX controls embedded in documents. If an attacker can trick a user on the affected system into opening a specially crafted document that supports VBA, this...