337866 matches found
Oracle WebLogic Server (Jan 2022 CPU)
The 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Cor...
Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5152-1)
The remote Ubuntu 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5152-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...
RHEL 8 : gcc-toolset-10-gcc (RHSA-2021:4585)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4585 advisory. The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes:...
CentOS 8 : GNOME (CESA-2021:4381)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4381 advisory. - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution CVE-2020-13558 - LibRaw: Stack buffer overflow in...
RHEL 8 : firefox (RHSA-2021:4605)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4605 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9406)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9406 advisory. - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33135632 CVE-2021-33909 - Bluetooth: fix the erroneous flushwork...
Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x i686/x86_64 (2021:2845)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:2845-1 advisory. - OpenJDK: Incorrect comparison during range check elimination Hotspot, 8264066 CVE-2021-2388 - OpenJDK: FTP PASV command response can cause...
Photon OS 3.0: Linux PHSA-2021-3.0-0259
An update of the linux package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0259. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...
SUSE SLES15 Security Update : grub2 (SUSE-SU-2021:0684-1)
This update for grub2 fixes the following issues : grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. bsc1182057 Following security issues are fixed that can violate secure boot constraints : CVE-2020-25632: Fixed a use-after-free in rmmod command bsc1176711...
IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.5 Multiple Vulnerabilities (563615)
The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache HTTP Server, as follows: - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a malicious Content-Type...
RHEL 8 : mariadb-connector-c (RHSA-2020:5655)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5655 advisory. The MariaDB Native Client library C driver is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5914)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5914 advisory. - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040802 CVE-2020-8694 CVE-2020-8695 - KVM: ioapic: break infinite recursio...
RHEL 8 : java-1.8.0-ibm (RHSA-2020:3386)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3386 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...
RHEL 6 : kernel-rt (RHSA-2020:2777)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2777 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Securi...
openSUSE Security Update : chromium (openSUSE-2020-620)
This update for chromium fixes the following issues : Update to 81.0.4044.138 boo1171247 : - CVE-2020-6831: Stack-based buffer overflow in SCTP - CVE-2020-6464: Type Confusion in Blink C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Mozilla Thunderbird < 68.0
The version of Thunderbird installed on the remote Windows host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-28 advisory. - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code...
Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2019-1816)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1816 advisory. 1:1.8.0.222.b10-0 - Update to aarch64-shenandoah-jdk8u222-b10. - Resolves: rhbz1724452 1:1.8.0.222.b09-0 - Update to aarch64-shenandoah-jdk8u222-b09. -...
RHEL 7 : firefox (RHSA-2019:1763)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1763 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1487)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I...
openSUSE Security Update : apache2 (openSUSE-2019-305)
This update for apache2 fixes the following issues : Security issues fixed : - CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 - CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed : -...
SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0498-1)
This update for apache2 fixes the following issues : Security issues fixed : CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed:...
SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2477-1)
This update for php5 fixes the following security issues : - CVE-2016-7411: php5: Memory corruption when destructing deserialized object - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field - CVE-2016-7413: Use after free in wddxdeserialize - CVE-2016-7414: Out o...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4244)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4244 advisory. - mm: get rid of vmacacheflushall entirely Linus Torvalds Orabug: 28701016 CVE-2018-17182 Tenable has extracted the preceding description block directly fro...
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170807)
Security Fixes : - It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. CVE-2017-10102 - Multiple...
Security and Quality Rollup for .NET Framework (April 2017)
The version of Microsoft .NET Framework installed on the remote Windows host is missing a security update. It is, therefore, affected by an arbitrary code execution vulnerability due to a failure to properly validate input before loading libraries. A local attacker can exploit this to execute...
FreeBSD : Apache Commons FileUpload -- denial of service (DoS) vulnerability (cbceeb49-3bc7-11e6-8e82-002590263bf5)
Mark Thomas reports : CVE-2016-3092 is a denial of service vulnerability that has been corrected in the Apache Commons FileUpload component. It occurred when the length of the multipart boundary was just below the size of the buffer 4096 bytes used to read the uploaded file. This caused the file...
Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerability (USN-2805-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2805-1 advisory. Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtu...
Ubuntu 14.04 LTS : NTP vulnerabilities (USN-2783-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2783-1 advisory. Aleksis Kauppinen discovered that NTP incorrectly handled certain remote config packets. In a non-default configuration, a remote authenticated attacker...
CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:1228) (Bar Mitzvah) (Logjam)
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Firefox ESR < 38.1 Multiple Vulnerabilities (Mac OS X) (Logjam)
The version of Firefox ESR installed on the remote Mac OS X host is\ prior to 38.1. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services NSS. When a client allows for a ECDHEECDSA exchange, but the server...
FreeBSD : apache22 -- several vulnerabilities (f927e06c-1109-11e4-b090-20cf30e32f6d)
Apache HTTP SERVER PROJECT reports : moddeflate: The DEFLATE input filter inflates request bodies now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit...
openSUSE Security Update : seamonkey (seamonkey-4462)
Mozilla SeaMonkey was updated to the 2.0.14 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstance...
RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412)
Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...
MediaWiki < 1.19.11 / 1.21.5 / 1.22.2 Multiple Remote Code Execution Vulnerabilities
According to its version number, the instance of MediaWiki running on the remote host is affected by the following remote code execution vulnerabilities : - A user-input validation error exists during thumbnail generation in the 'thumb.php' script that allows the execution of arbitrary shell...
Fedora 19 : kernel-3.9.9-302.fc19 (2013-12901)
This update contains a number of fixes for vhost-net, bridging, and other bits of the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
RHEL 5 : kernel (RHSA-2012:1347)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1347 advisory. - kernel: Buffer overflow in the HFS plus filesystem different issue than CVE-2009-4020 CVE-2012-2319 - kernel: sfc: potential remote denial...
Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
CVE-2005-4881 kernel: netlink: fix numerous padding memleaks CVE-2009-3228 kernel: tc: uninitialised kernel memory leak This update fixes the following security issues : - multiple, missing initialization flaws were found in the Linux kernel. Padding data in several core network structures was no...
USN-1460-1 : linux-ti-omap4 vulnerabilities
A flaw was found in the Linux kernel's KVM Kernel Virtual Machine virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. CVE-2012-1601 Steve Grubb reported a flaw with Linux fscaps file system base capabilities when used to increa...
CentOS 4 : seamonkey (CESA-2010:0967)
Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...
Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : xorg-server (SSA:2010-240-06)
New xorg-server packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2010-240-06. The tex...
AIX 530011 : U832265
The remote host is missing AIX PTF U832265 which is related to the security of the package devices.pci.2b102725.rte You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'...
FreeBSD : opera -- multiple vulnerabilities (6431c4db-deb4-11de-9078-0030843d3802)
Opera Team reports : - Fixed a heap buffer overflow in string to number conversion - Fixed an issue where error messages could leak onto unrelated sites - Fixed a moderately severe issue, as reported by Chris Evans of the Google Security Team; details will be disclosed at a later date...
RHEL 4 : kernel (RHSA-2009:1211)
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...
openSUSE Security Update : kdegraphics3 (kdegraphics3-819)
This update fixes security problems while decoding JBIG2. CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...
Conficker Worm Detection (uncredentialed check)
The remote host seems to be infected by the Conficker worm. This worm has several capabilities which allow an attacker to execute arbitrary code on the remote operating system. The remote host might also be attempting to propagate the worm to third party hosts. C Tenable Network Security, Inc...
Fedora 8 : thunderbird-2.0.0.16-1.fc8 (2008-6706)
Updated thunderbird packages that fix several security issues are now available for Fedora 8. Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user runnin...
Debian DSA-1534-1 : iceape - several vulnerabilities
This shares a lot of text with dsa-1532.wml, dsa-1535.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : -...
openSUSE 10 Security Update : kernel (kernel-4970)
This kernel update is a respin of a previous one that broke CPUFREQ support bug 357598. Previous changes : This kernel update fixes the following security problems : CVE-2008-0007: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write...
RHEL 4 : kernel (RHSA-2007:0488)
Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the...