Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2513)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2513 advisory. - wakeupprocess should be never used to wakeup a TASKSTOPPED/TRACED task Oleg Nesterov Orabug: 16405869 CVE-2013-0871 - ptrace: ensure...

CentOS 4 : php (CESA-2012:0071)

Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-1743-1)

Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator. Note that Tenable Network Security has extracted the preceding description...

CentOS 5 / 6 : thunderbird (CESA-2012:1483)

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox regression (USN-1548-2)

USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John...

Scientific Linux Security Update : samba on SL5.x, SL4.x, SL3.x i386/x86_64

A stack-based buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server. CVE-2007-6015 This update also fixes a regression...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8114)

This update fixes several security issues in PHP5 : - A directory traversal bug has been fixed in php5. CVE-2012-1172 - A command injection was possible when PHP5 was operated in CGI mode using commandline options. This problem does not affect PHP5 in the normal Apache module mode setup...

RHEL 5 : php53 (RHSA-2012:0547)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0547 advisory. - php: command line arguments injection when run in CGI mode VU520827 CVE-2012-1823 Note that Nessus has not tested for this issue but has instead...

Debian DSA-2356-1 : openjdk-6 - several vulnerabilities (BEAST)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform : - CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. - CVE-2011-3521 The CORBA implementation contains a...

Mandriva Linux Security Advisory : php (MDVSA-2011:165)

Multiple vulnerabilities has been identified and fixed in php : Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variabl...

FreeBSD : mozilla -- multiple vulnerabilities (45f102cd-4456-11e0-9580-4061862b8c22)

The Mozilla Project reports : MFSA 2011-01 Miscellaneous memory safety hazards rv:1.9.2.14/ 1.9.1.17 MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true MFSA 2011-03 Use-after-free error in JSON.stringify MFSA 2011-04 Buffer overflow in JavaScript upvarMap MFSA 2011-05...

SuSE 11 / 11.1 Security Update : OpenOffice_org (SAT Patch Numbers 3087 / 3089)

Specially crafted ppt files could cause a heap-based buffer overflow in OpenOfficeorg Impress. Attackers could exploit that to crash OpenOfficeorg or potentially even execute arbitrary code. CVE-2010-2935 / CVE-2010-2936 This update also fixes numerous non-security bugs. Please refer to the packa...

Mozilla Firefox < 3.0.16 / 3.5.6 Multiple Vulnerabilities

Binary data 5264.prm...

FreeBSD : apache22 -- several vulnerabilities (e15f2356-9139-11de-8f42-001aa0166822)

Apache ChangeLog reports : CVE-2009-1891: Fix a potential Denial-of-Service attack against moddeflate or other modules. CVE-2009-1195: Prevent the 'Includes' Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it. CVE-2009-1890: Fix a potential...

RHEL 5 : poppler (RHSA-2009:0480)

Updated poppler packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a Portable Document Format PDF rendering library, used by applications such...

Web Server UPnP Detection

Nessus was able to extract some information about the UPnP-enabled device by querying this web server. Services may also be reachable through SOAP requests. TRUSTED...

IBM Java 7.0 < 7.0.10.40 / 7.1 < 7.1.4.40 / 8.0 < 8.0.5.30 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.40 / 7.1 7.1.4.40 / 8.0 8.0.5.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle January 15 2019 CPU advisory. - An issue was discovered in libjpeg 9a and 9d. The allocsarray function i...

AlmaLinux 8 : GNOME (ALSA-2020:4451)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4451 advisory. - A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud...

Drupal 8.9.x < 8.9.20 Cross-Site Scripting

According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.20, 9.1.x prior to 9.1.14, or 9.2.x prior to 9.2.9. It is, therefore, affected by multiple cross-site scripting vulnerabilities due to its usage of a third party component,...

SUSE SLES15: kernel-azure / kernel-azure-devel / kernel-devel-azure / etc (SUSE-SU-2021:2409-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2409-1 advisory. The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

RHEL 8 : kpatch-patch (RHSA-2021:1173)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1173 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

OpenSSL 1.1.1 < 1.1.1j Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1j. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1j advisory. - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial numb...

EulerOS 2.0 SP8 : nss-softokn (EulerOS-SA-2021-1155)

According to the versions of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the application...

Amazon Linux AMI : mysql56 (ALAS-2021-1464)

The version of mysql56 installed on the remote host is prior to 5.6.50-1.38. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1464 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that...

FreeBSD : chromium -- multiple vulnerabilities (f4722927-1375-11eb-8711-3065ec8fd3ec)

Chrome Releases reports : This release includes 5 security fixes : - 1125337 High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebijp on 2020-09-06 - 1135018 High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05 - 1137630 High CVE-2020-16002:...

RHEL 7 : kernel (RHSA-2020:3226)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3226 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: kernel: DAX hugepages not...

Oracle Linux 8 : kernel (ELSA-2020-2102)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2102 advisory. - net netlabel: cope with NULL catmap Paolo Abeni 1827249 1827251 CVE-2020-10711 - mm s390/mm: fix page table upgrade vs 2ndary address mode accesses...

Photon OS 1.0: Python2 PHSA-2020-1.0-0288

An update of the python2 package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0288. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-2637)

According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by...

openSUSE Security Update : xen (openSUSE-2019-2508)

This update for xen fixes the following issues : - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. bsc1155945 -...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)

OpenJDK: Insufficient restriction of privileges in AccessController Security, 8216381 CVE-2019-2786 OpenJDK: Unbounded memory allocation during deserialization in Collections Utilities, 8213432 CVE-2019-2769 libpng: pngimagefree in png.c in libpng has a use-after-free because pngimagefreefunction...

Mozilla Firefox ESR < 60.6

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-08 advisory. - A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with th...

Mozilla Firefox ESR < 60.5.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-05 advisory. - A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a...

Photon OS 1.0: Linux PHSA-2017-0001

An update of the linux package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0001. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121664;...

Oracle Business Intelligence Publisher Multiple Vulnerabilities (January 2018 CPU)

The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.180116 or 12.2.1.2.x prior to 12.2.1.2.180116 or 12.2.1.3.x prior to 12.2.1.3.180116. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch...

RHEL 6 : firefox (RHSA-2018:3831)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:3831 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1179)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms...

SUSE SLES11 Security Update : xen (SUSE-SU-2017:2450-1)

This update for xen fixes several issues. These security issues were fixed : - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates...

RHEL 6 : kernel (RHSA-2017:2428)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2428 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: The NFSv2 and NFSv3 server implementations in t...

RHEL 7 : kernel-rt (RHSA-2016:1051)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1051 advisory. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstrea...

Fedora 23 : glibc-2.22-15.fc23 (2016-68abc0be35)

This update contains minor security fixes for CVE-2016-3075, CVE-2016-1234, CVE-2015-8778, CVE-2015-8776, CVE-2014-9761, CVE-2015-8779 and collects fixes for bugs encountered by Fedora users. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

CentOS 7 : java-1.8.0-openjdk (CESA-2016:0650)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Fedora 21 : ntp (2015-77bfbc1bcd)

The remote Fedora 21 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2015-77bfbc1bcd advisory. Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701 ---- Securit...

Fedora 23 : icu-54.1-5.fc23 (2015-16315)

Security fix for CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926 CVE-2014-9654 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible withou...

CentOS 6 : kernel (CESA-2013:1645)

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update. The Red Hat Security Response Team has...

Amazon Linux AMI : kernel (ALAS-2014-363)

The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification. C Tenable Network Security, Inc...

openSUSE Security Update : kernel (openSUSE-SU-2014:0985-1)

The Linux kernel was updated to fix security issues and bugs : Security issues fixed: CVE-2014-4699: The Linux kernel on Intel processors did not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allowed local users...

openSUSE Security Update : seamonkey (seamonkey-4113)

Mozilla SeaMonkey was updated to version 2.0.12, fixing various security issues. Following security issues were fixed: MFSA 2011-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

RHEL 6 : java-1.7.0-openjdk (RHSA-2014:0026)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0026 advisory. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An input validation flaw was...

Ubuntu 12.10 : linux vulnerabilities (USN-2071-1)

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. CVE-2013-2930 Stephan Mueller reported an erro...