337866 matches found
Hydra: Cisco enable
This plugin runs Hydra to find Cisco 'enable' passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...
Hydra (NASL wrappers options)
This plugin sets options for the Hydra tests. Hydra finds passwords by brute force. To use the Hydra plugins, enter the 'Logins file' and the 'Passwords file under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.1)
The version of AOS installed on the remote host is prior to 5.20.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.1 advisory. - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and...
AlmaLinux 8 : gcc-toolset-10-gcc (ALSA-2021:4585)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4585 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...
CentOS 7 : java-11-openjdk (RHSA-2022:0204)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0204 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that ar...
Oracle MySQL Workbench < 8.0.23 Multiple Vulnerabilities (Jan 2021)
The version of Oracle MySQL Workbench installed on the remote Windows host is prior to 8.0.23. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window...
Oracle Database Server Multiple Vulnerabilities (Apr 2021 CPU)
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2021 CPU advisory. - Vulnerability in the Oracle Database - Enterprise Edition Security Dell BSAFE Micro Edition Suite component of Oracle Database Server...
CentOS 8 : java-11-openjdk (CESA-2019:1817)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1817 advisory. - OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 - OpenJDK: Insufficient checks of suppressed...
GLSA-202012-10 : WebkitGTK+: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202012-10 WebkitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact : An attacker, by enticing a user to visit...
RHEL 6 : java-1.8.0-openjdk (RHSA-2020:4348)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4348 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...
Mozilla Thunderbird < 78.4
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-47 advisory. - Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler...
Fedora 31 : kernel (2020-1b2dae6219)
The 5.6.19 stable kernel updates contain a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...
EulerOS Virtualization for ARM 64 3.0.2.0 : binutils (EulerOS-SA-2020-1548)
According to the versions of the binutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using...
Oracle Linux 6 : kernel (ELSA-2020-1524)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1524 advisory. - wireless rtlwifi: Fix potential overflow on P2P code Jarod Wilson 1775226 CVE-2019-17666 Tenable has extracted the preceding description block direct...
openSUSE Security Update : chromium (openSUSE-2020-365)
This update for chromium to version 80.0.3987.149 fixes the following issues : Chromium was update to 80.0.3987.149 bsc1167090 : - CVE-2020-6422: Fixed a use after free in WebGL. - CVE-2020-6424: Fixed a use after free in media. - CVE-2020-6425: Fixed an insufficient policy enforcement in...
Virtuozzo 7 : readykernel-patch (VZA-2019-085)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - 3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21 Page cache side channel attacks via mincore. It was discovered...
Apple iOS < 13.2 Multiple Vulnerabilities
Binary data appleios132check.nbin...
Oracle Linux 8 : kernel (ELSA-2019-2703)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2703 advisory. - wireless mwifiex: fix 802.11n/WPA detection Jarod Wilson 1714475 1714476 CVE-2019-3846 - x86 x86/entry/64: Use JMP instead of JMPQ Josh Poimboeuf...
EulerOS 2.0 SP5 : python (EulerOS-SA-2019-1797)
According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an...
Oracle Linux 6 : kernel (ELSA-2019-2473)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2473 advisory. - x86 x86/speculation: Enable Spectre v1 swapgs mitigations Waiman Long 1724512 CVE-2019-1125 - x86 x86/speculation: Prepare entry code for Spectre v1...
openSUSE Security Update : webkit2gtk3 (openSUSE-2019-1374)
This update for webkit2gtk3 to version 2.24.1 fixes the following issues : Security issues fixed : - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544,...
Fedora 28 : 3:mariadb (2018-2513b888a4)
MariaDB 10.2.15 Release notes : https://mariadb.com/kb/en/library/mariadb-10215-release-notes/ CVEs fixed : CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-2786 CVE-2018-2759...
Fedora 27 : python-requests (2018-41320b315a)
Update to v2.20.0 - Includes fix for CVE-2018-18074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
openSUSE Security Update : the Linux Kernel (openSUSE-2018-1184)
The openSUSE Leap 42.3 kernel was updated to 4.4.159 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-13096: A denial of service out-of-bounds memory access and BUG can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image...
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:3191-1)
This update for ImageMagick fixes the following issues : Security issues fixed : CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. bsc1111069...
Virtuozzo 7 : readykernel-patch (VZA-2018-050)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - The implementation of timercreate system call in the Linux kernel before 4.14.8 doesn't properly validate the...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1233-1)
This update for the Linux Kernel 3.12.61-5280 fixes several issues. The following security issues were fixed : - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. - CVE-2017-0861:...
Pivotal Software Redis 3.2.x < 3.2.4 RCE
The version of Redis installed on the remote host is affected by a remote code execution vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid109325; scriptversion"1.6";...
PHP 7.2.x < 7.2.3 Stack Buffer Overflow
According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.3. It is, therefore, affected by a stack buffer overflow vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0171-1) (Meltdown) (Spectre)
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes...
EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1001)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The recent speculative execution CVEs address three potential attacks across a wide variety of architectures and hardware platforms. - Note: Thi...
SUSE SLES12 Security Update : openssl (SUSE-SU-2017:2981-1)
This update for openssl fixes the following issues: Security issues fixed : - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read bsc1056058 - adjust DEFAULTSUSE to meet 1.0.2 and current state bsc1027908 - out of bounds read+crash in DESfcrypt bsc1065363 - DEFAULTSUSE cipher list ...
CentOS 7 : tomcat (CESA-2017:0935)
An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
PHP 7.0.x < 7.0.11 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities : - An heap buffer overflow condition exists in the phpmysqlndrowpreadtextprotocolaux function within file ext/mysqlnd/mysqlndwireprotocol....
F5 Networks BIG-IP : OpenSSL vulnerability (K22334603)
The fmtstr function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service overflow and out-of-bounds read or possibly have unspecified other impact via a long string, as...
IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)
According to its self-reported version number, the IBM Storwize server running on the remote host is affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A...
openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-704)
This update to Mozilla Firefox 47 fixes the following issues boo983549 : Security fixes : - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free...
CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2016:0067)
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Debian DLA-50-1 : file security update
CVE-2014-3538 file does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption. CVE-2014-3587 Integer overflow in the cdfreadpropertyinfo function in cdf.c allows remote attackers to cause a denial of service...
Fedora 20 : php-5.5.22-1.fc20 (2015-2328)
19 Feb 2015, PHP 5.5.22 Core : - Fixed bug 67068 getClosure returns somethings that's not a closure. Danack at basereality dot com - Fixed bug 68925 Mitigation for CVE-2015-0235 ' GHOST: glibc gethostbyname buffer overflow. Stas - Fixed bug 68942 Use after free vulnerability in unserialize with...
OracleVM 3.2 : kernel-uek (OVMSA-2013-0003)
The remote OracleVM system is missing necessary patches to address critical security updates : - bonding: fixup typo in rlb mode of bond and bridge fix Guru Anbalagane Orabug: 16069448 - bonding: rlb mode of bond should not alter ARP originating via bridge zheng.li Orabug: 14650975 - compilation...
OracleVM 3.2 : ovs-agent (OVMSA-2014-0037) (POODLE)
The remote OracleVM system is missing necessary patches to address critical security updates : - disable sslv3 due to CVE-2014-3566 - Allow to create more than 6 bonds Singed-off-by: Adnan Misherfi %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extract...
Fedora 21 : openssl-1.0.1j-1.fc21 (2014-12951) (POODLE)
Update fixing three moderate security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Cisco ACE30 and ACE4710 OpenSSL 'ChangeCipherSpec' MiTM Vulnerability
The remote device is running a software version known to be affected by an OpenSSL related vulnerability. The flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable...
Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0547)
From Red Hat Security Advisory 2008:0547 : Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security...
Oracle Linux 5 : kernel (ELSA-2010-0839)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0839 advisory. - net rds: fix local privilege escalation Eugene Teo 642897 642898 CVE-2010-3904 - misc futex: replace LOCKPREFIX in futex.h Peter Zijlstra 633175 6331...
SuSE 11.2 / 11.3 Security Update : IBM Java 1.7.0 / IBM Java (SAT Patch Numbers 7794 / 7921)
IBM Java 1.7.0 has been updated to SR4-FP2 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text...
CentOS 6 : php (CESA-2013:0514)
Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...
Fedora 15 : libguestfs-1.10.12-1.fc15 (2011-17388)
Fixes Security: Mitigate possible privilege escalation via SGIO ioctl CVE-2011-4127, RHBZ757071. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7649)
IBM Java 1.5.0 SR12 FP5 has been released fixing bugs and security issues. The following security issues were fixed : - Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remo...