337960 matches found
CentOS 5 : kernel (CESA-2010:0147)
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Web Server UPnP Detection
Nessus was able to extract some information about the UPnP-enabled device by querying this web server. Services may also be reachable through SOAP requests. TRUSTED...
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4935)
This kernel update fixes the following security problems : - Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. CVE-2008-0007 - Incorrect access mode checks could be used by local attackers to corrupt directory contents...
Mandrake Linux Security Advisory : kernel (MDKSA-2006:151)
A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Prior to and including 2.6.16-rc2, when running on x8664 systems with preemption enabled, local users can cause a DoS oops via multiple ptrace tasks that perform single steps CVE-2006-1066. Prior to 2.6.16, a...
phpMyAdmin Detection
The remote host is running phpMyAdmin, a web-based MySQL administration tool written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17219; scriptversion"1.29"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...
Git for Windows < 2.45.1 Multiple Vulnerabilities
The version of Git for Windows installed on the remote host is prior to 2.45.1, and therefore is affected by multiple vulnerabilities: - Recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion that can be exploited to execute just-cloned code...
Scientific Linux Security Update : java-11-openjdk on SL7.x i686/x86_64 (2022:1440)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:1440-1 advisory. - OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 - OpenJDK: Unbounded memory allocation when compilin...
Oracle Java SE Multiple Vulnerabilities (April 2022 CPU) deprecated
This plugin has been deprecated and will be replaced by oraclejavacpu2022apr.nasl. This will cover both windows and unix support for Java Oracle April 2022 CPU C Tenable, Inc. @DEPRECATED@ Disabled on 2022/05/04. Deprecated by oraclejavacpu2022apr.nasl. include'deprecatednasllevel.inc';...
SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:0615-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0615-1 advisory. - In unixscmtoskb of afunix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation ...
Oracle Linux 7 : qemu (ELSA-2022-9123)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9123 advisory. - Document CVE-2021-4158 and CVE-2021-3947 as fixed Mark Kanda Orabug: 33719302 Orabug: 33754145 CVE-2021-3947 CVE-2021-4158 - hw/block/fdc: Kludge...
Drupal 8.9.x < 8.9.20 Cross-Site Scripting
According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.20, 9.1.x prior to 9.1.14, or 9.2.x prior to 9.2.9. It is, therefore, affected by multiple cross-site scripting vulnerabilities due to its usage of a third party component,...
Oracle Linux 8 : kernel (ELSA-2021-4056)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4056 advisory. - RDMA/ucma: Rework ucmamigrateid to avoid races with destroy Kamal Heib 1982040 1931846 CVE-2020-36385 - RDMA/ucma: Fix locking for ctx-eventsreported...
SUSE SLES12: java-11-openjdk / java-11-openjdk-demo / java-11-openjdk-devel / etc (SUSE-SU-2021:2613-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2613-1 advisory. - Update to jdk-11.0.12+7 - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files. bsc1188565 -...
openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2409-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2409-1 advisory. - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain...
RHEL 8 : nodejs:12 (RHSA-2021:0549)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0549 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
pfSense 2.4.x < 2.4.5-p1 Multiple Vulnerabilities
According to its self-reported version number, the remote pfSense install is a version 2.4.x prior to 2.4.5-p1. It is, therefore, affected by the following vulnerabilities in its subcomponents: - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an 'NXNSAttack' issue...
openSUSE Security Update : python3 (openSUSE-2020-2333)
This update for python3 fixes the following issues : - Fixed CVE-2020-27619 bsc1178009, where Lib/test/multibytecodecsupport calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 an...
IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.17 / 9.0.0.0 < 9.0.5.1 Multiple Vulnerabilities (964768)
The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities as follows: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while...
NewStart CGSL CORE 5.05 / MAIN 5.05 : qt Multiple Vulnerabilities (NS-SA-2020-0092)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. CVE-2018-19872 - An issue was...
RHEL 8 : kernel (RHSA-2020:4286)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4286 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: bluetooth: type confusion...
RHEL 8 : firefox (RHSA-2020:3241)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3241 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Oracle Linux 8 : java-11-openjdk (ELSA-2020-1514)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1514 advisory. 1:11.0.7.10-1 - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz1810557 1:11.0.7.10-1 - Amend release notes, removing...
SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3232-1)
This update for the Linux Kernel 4.4.121-92101 fixes several issues. The following security issues were fixed : CVE-2018-20856: Fixed a use-after-free in blkdrainqueue due to an improper error handling bsc1156331. CVE-2019-13272: Fixed a privilege escalation from user to root due to improper...
NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0187)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of servic...
KB4520011: Windows 10 October 2019 Security Update
The remote Windows host is missing security update 4520011. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt...
NewStart CGSL MAIN 5.04 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0016)
The remote NewStart CGSL host, running version MAIN 5.04, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Jav...
NewStart CGSL MAIN 4.05 : samba4 Multiple Vulnerabilities (NS-SA-2019-0115)
The remote NewStart CGSL host, running version MAIN 4.05, has samba4 packages installed that are affected by multiple vulnerabilities: - An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a...
Ubuntu 16.04 LTS / 18.04 LTS : LibreOffice vulnerabilities (USN-4063-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4063-1 advisory. Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted...
Oracle Linux 6 : thunderbird (ELSA-2019-0159)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-0159 advisory. 60.4.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.4.0-1 - Update to 60.4.0 60.3.0-1 - Update to...
Security Updates for Microsoft Visual Studio Products (December 2018)
The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the following vulnerability : - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who...
Fedora 27 : community-mysql (2018-3a3c660bfa)
MySQL 5.7.23 Release notes https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html CVEs fixed CVE-2018-2767 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 CVE-2018-3071 CVE-2018-3077 CVE-2018-3081 Note that...
Oracle Database Server CVE-2018-3110
The remote Oracle Database Server is missing patches. It is, therefore, affected by CVE-2018-3110. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
RHEL 5 : kernel (RHSA-2018:0292)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0292 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: An industry-wide issue was found in th...
MySQL 5.6.x < 5.6.39 Multiple Vulnerabilities (January 2018 CPU)
The version of MySQL running on the remote host is 5.6.x prior to 5.6.39. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has no...
RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2018:0005)
"The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0005 advisory. The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AW...
openSUSE Security Update : the Linux Kernel (openSUSE-2017-1224) (KRACK)
The openSUSE Leap 42.2 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-13080: Wi-Fi Protected Access WPA and WPA2 allowed reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker...
Oracle Linux 6 : wpa_supplicant (ELSA-2017-2911)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2017-2911 advisory. - Fix backport errors CVE-2017-13077, CVE-2017-13080 Tenable has extracted the preceding description block directly from the Oracle Linux security...
SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2510-1)
This update for the Linux Kernel 3.12.61-5266 fixes several issues. The following security bugs were fixed : - CVE-2017-1000112: Prevent a race condition in net-packet code that could have been exploited by unprivileged users to gain root access bsc1052368. Note that Tenable Network Security has...
CentOS 7 : graphite2 (CESA-2017:1793)
An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-759)
It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. CVE-2016-558...
Oracle Java SE Multiple Vulnerabilities (October 2016 CPU) (Unix)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 8 Update 111, 7 Update 121, or 6 Update 131. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated,...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3055-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3055-1 advisory. Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could u...
Amazon Linux AMI : ntp (ALAS-2016-649)
It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements...
RHEL 6 : kernel (RHSA-2015:2645)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2645 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA Instruction Set...
Debian DSA-3362-1 : qemu-kvm - security update
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. - CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service QEMU process...
PHP 5.5.x < 5.5.22 Multiple Vulnerabilities (GHOST)
According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.22. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchantbrokerrequestdict function in ext/enchant/enchant.c could allow a remote attacker to cause ...
RHEL 5 : java-1.7.0-openjdk (RHSA-2015:0068)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0068 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3105)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3105 advisory. - HID: fix a couple of off-by-ones Jiri Kosina Orabug: 19849320 CVE-2014-3184 - ALSA: control: Protect user controls against concurrent access...
OracleVM 2.1 : kernel (OVMSA-2008-2005)
The remote OracleVM system is missing necessary patches to address critical security updates : - fix utrace deadengine ops race - fix ptraceattach leak - CVE-2007-5093: kernel PWC driver DoS - CVE-2007-6282: IPSec ESP kernel panics - CVE-2007-6712: kernel: infinite loop in highres timers kernel...
Mandriva Linux Security Advisory : file (MDVSA-2014:146)
A vulnerability has been found and corrected in file : file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk...