337960 matches found
Mozilla Firefox < 66.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. - A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some...
Apache 2.4.17 / 2.4.18 DoS
According to its banner, the version of Apache running on the remote host is either 2.4.17 or 2.4.18. A denial of service DoS vulnerability exists in server threads due to a lengthy thread-block time. An unauthenticated, remote attacker can exploit this issue, to block server threads, and causing...
Photon OS 1.0: Zlib PHSA-2017-0021
An update of the zlib package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0021. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121704;...
Dell iDRAC Products Multiple Vulnerabilities (June 2018)
The remote host is running iDRAC6 with a firmware version prior to 2.91, iDRAC7 or iDRAC8 with a firmware version prior to 2.60.60.60, or iDRAC9 with a firmware version prior to 3.21.21.21 and is therefore affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CentOS 7 : firefox (CESA-2018:2113)
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
KB4284880: Windows 10 Version 1607 and Windows Server 2016 June 2018 Security Update
The remote Windows host is missing security update 4284880. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Human Interface Device HID Parser Library driver improperly handles objects in memory. An attacker who successfully...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2018-1007)
Unbounded memory allocation during deserialization in NamedNodeMapImpl JAXP, 8189993 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit:...
Debian DSA-4075-1 : thunderbird - security update
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender's email addresses. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...
OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0164)
The remote OracleVM system is missing necessary patches to address critical security updates : - mqueue: fix a use-after-free in sysmqnotify Cong Wang Orabug: 26643556 CVE-2017-11176 - ipv6: avoid overflow of offset in ip6find1stfragopt Sabrina Dubroca Orabug: 27011273 CVE-2017-7542 - packet: fix...
Mozilla Thunderbird < 45.8 Multiple Vulnerabilities (macOS)
The version of Mozilla Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.8. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru...
SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:0412-1)
This mariadb version update to 10.0.29 fixes the following issues : - CVE-2017-3318: unspecified vulnerability affecting Error Handling bsc1020896 - CVE-2017-3317: unspecified vulnerability affecting Logging bsc1020894 - CVE-2017-3312: insecure error log file handling in mysqldsafe, incomplete...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-771)
It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. CVE-2016-5542 A flaw was found in the way the JMX...
RHEL 6 : kernel (RHSA-2016:2105)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2105 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A race condition was found in the way the Linux...
RHEL 7 : samba (RHSA-2016:0618)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0618 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
PHP 5.6.x < 5.6.20 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.20. It is, therefore, affected by multiple vulnerabilities : - A buffer over-write condition exists in the finfoopen function due to improper validation of magic files. An unauthenticated, remote...
Fedora 22 : glibc-2.21-11.fc22 (2016-0480defc94)
This updates addresses a critical security vulnerability in the DNS resolver related to AFUNSPEC queries with getaddrinfo CVE-2015-7547. It also includes security fixes for CVE-2015-8777 and CVE-2015-1781. It improves malloc scalability for applications which start and terminate many threads. The...
openSUSE Security Update : xen (openSUSE-2015-893)
This update fixes the following security issues : - bsc947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen xsa-142 - bsc954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via DB exception - bsc954018 - CVE-2015-5307: xen:...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-2696-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2696-1 advisory. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit...
RHEL 5 : kernel (RHSA-2015:1120)
Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5.9 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
RHEL 5 : java-1.7.0-ibm (RHSA-2015:1007) (Bar Mitzvah)
Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-517)
An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...
GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)
The remote host is affected by the vulnerability described in GLSA-201503-04 GNU C Library: Multiple vulnerabilities Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute...
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : glibc (SSA:2015-028-01) (GHOST)
New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2015-028-01. The text itself is...
ManageEngine Password Manager Pro Default Credentials
The remote ManageEngine Password Manager Pro web administration interface uses a known set of default credentials. An attacker can use these to gain access to the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...
Mac OS X : Java for OS X 2014-001
The remote Mac OS X 10.7, 10.8, 10.9, or 10.10 host has a Java runtime that is missing the Java for OS X 2014-001 update, which updates the Java version to 1.6.065. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to...
Ipswitch IMail Server 11.x / 12.x < 12.4.1.15 Multiple Vulnerabilities (Heartbleed)
The remote host appears to be running Ipswitch IMail Server 11.x or 12.x older than version 12.4.1.15 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow...
Oracle Linux 5 : kernel (ELSA-2014-0433)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0433 advisory. - virt HID: memory corruption flaw drivers/usb/input/hid-core.c Jacob Tanenbaum 1032996 1032999 CVE-2013-2888 - virt HID: memory corruption flaw in...
RHEL 5 : kvm (RHSA-2014:0163)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0163 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module bui...
Alcatel OmniSwitch Default Credentials (ftp)
It is possible to log into the remote Alcatel OmniSwitch by providing the default credentials via FTP. A remote attacker could exploit this to gain administrative control of the remote device. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70210;...
Cisco Wireless LAN Controller (WLC) Version
The remote host is running Cisco Wireless LAN Controller WLC, an operating system for Cisco switches. It is possible to read the WLC version by connecting to the switch using SSH, SNMP, and/or CAPWAP. TRUSTED...
Oracle Linux 5 : firefox (ELSA-2008-0207)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0207 advisory. 1.5.0.12-14.0.1 - Add firefox-oracle-default-bookmarks.html and firefox-oracle-default-prefs.js 1.5.0.12-14 - Fix assertions from script 1.5.0.12-13 -...
Oracle Linux 5 : kernel (ELSA-2008-0612)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0612 advisory. - tty add NULL pointer checks Aristeu Rozanski 453425 453154 CVE-2008-2812 - net sctp: make sure sctpaddr does not overflow David S. Miller 452482 4524...
RHEL 6 : kernel (RHSA-2012:1580)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1580 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: It wa...
RHEL 6 : kernel (RHSA-2012:0743)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0743 advisory. - kernel: drm: integer overflow in drmmodedirtyfbioctl CVE-2012-0044 - kernel: thp:splithugepage mapcount != pagemapcount BUGON CVE-2012-117...
CentOS 5 : java-1.6.0-openjdk (CESA-2012:0730)
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Ubuntu 11.04 : linux vulnerabilities (USN-1432-1)
A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. CVE-2011-4086 A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to...
RHEL 6 : kernel (RHSA-2011:1849)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1849 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: Using the SGIO IOCTL to issue SCSI...
MS11-027: Cumulative Security Update of ActiveX Kill Bits (2508272)
The remote Windows host has one or more ActiveX controls installed that could be abused to execute arbitrary code remotely if a user can be tricked into viewing a malicious web page using Internet Explorer. Three of these controls are from Microsoft itself while the others are from third-party...
openSUSE Security Update : kdelibs3 (kdelibs3-1648)
KDE KDELibs Remote Array Overrun Arbitrary code execution, CVE-2009-0689 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update kdelibs3-1648. The text description of this plugin is C SUSE LLC...
SuSE9 Security Update : Apache 2 (YOU Patch Number 12526)
This update of the Apache webserver fixes various security issues : - modproxy could run into an infinite loop when used as reverse proxy. CVE-2009-1890 - moddeflate continued to compress large files even after a network connection was closed, causing moddeflate to consume large amounts of CPU...
RHEL 5 : kernel (RHSA-2009:0264)
Updated kernel packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system...
Fedora 8 : kernel-2.6.26.6-49.fc8 (2008-8980)
Update kernel from version 2.6.26.5 to 2.6.26.6: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.6 CVE-2008-3831 An IOCTL in the i915 driver was not properly restricted to users with the proper capabilities to use it. CVE-2008-4410 The vmiwriteldtentry function in...
GLSA-200808-03 : Mozilla products: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200808-03 Mozilla products: Multiple vulnerabilities The following vulnerabilities were reported in all mentioned Mozilla products: TippingPoint's Zero Day Initiative reported that an incorrect integer data type is used as a CSS...
Mozilla Thunderbird < 2.0.0.16 Multiple Vulnerabilities
The installed version of Thunderbird is affected by various security issues : - Several stability bugs exist leading to crashes which, in some cases, show traces of memory corruption MFSA 2008-21. - By taking advantage of the privilege level stored in the pre-compiled 'fastload' file, an attacker...
Mambo / Joomla! Multiple Components 'mosConfig_live_site' Parameter Remote File Include
A third-party component for Mambo or Joomla! is running on the remote host. At least one such component is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfiglivesite' parameter before using it to include PHP code. Provided the PHP...
Multiple Linux rpc.mountd Remote Overflow
The remote mount daemon seems to have a buffer overflow vulnerability. A remote attacker could exploit this to execute arbitrary code as root. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11337; scriptversion"1.18"; scriptcvsdate"Date: 2018/07/16 14:09:13";...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-20100)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20100 advisory. - xen/netfront: fix crash when removing device Juergen Gross Orabug: 37427542 CVE-2024-53240 - net: lapb: increase LAPBHEADERLEN Eric Dumazet...
Oracle E-Business Suite (Jul 2022 CPU)
The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the Oracle E-Business Suite Information Discovery product of Oracle E-Business Suite component: Packaging issues Apache...
NewStart CGSL MAIN 6.02 : glib2 Multiple Vulnerabilities (NS-SA-2022-0053)
The remote NewStart CGSL host, running version MAIN 6.02, has glib2 packages installed that are affected by multiple vulnerabilities: - The keyfile settings backend in GNOME GLib aka glib2.0 before 2.60.0 creates directories using gfilemakedirectorywithparents kfsb-dir, NULL, NULL and files using...
EulerOS 2.0 SP8 : compat-openssl10 (EulerOS-SA-2022-1559)
According to the versions of the compat-openssl10 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli...