Amazon Linux 2 : kernel, --advisory ALAS2-2022-1768 (ALAS-2022-1768)

The version of kernel installed on the remote host is prior to 4.14.273-207.502. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1768 advisory. A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw...

Security Updates for Exchange (January 2022)

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary code. %NASLMINLEVEL 70300 C Tenable, Inc...

Apache Log4Shell RCE detection via callback correlation (Direct Check SSH)

Binary data apachelog4shellssh.nbin...

CentOS 8 : gcc-toolset-10-gcc (CESA-2021:4585)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4585 advisory. - Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 Note that Nessus has not tested for thi...

CentOS 7 : firefox (RHSA-2021:4116)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4116 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

RHEL 8 : postgresql:9.6 (RHSA-2021:2360)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2360 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

SUSE SLES11 Security Update : openssl (SUSE-SU-2019:14249-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2019:14249-1 advisory. - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very...

Microsoft Windows 10 Version 1809 Unsupported Version Detection

Microsoft Windows 10 version 1809 is running on the remote host. Microsoft ended support for Windows 10 version 1809 Home/Pro on November 10, 2020 and Windows 10 version 1809 Enterprise/Educational on May 11, 2021. Lack of support implies that no new security patches for the product will be...

RHEL 8 : kernel-rt (RHSA-2021:0136)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0136 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Securi...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9005)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9005 advisory. - target: fix XCOPY NAA identifier lookup David Disseldorp Orabug: 32248040 CVE-2020-28374 - xenbus/xenbusbackend: Disallow pending watch messages...

SUSE SLES12 Security Update : samba (SUSE-SU-2020:2720-1)

This update for samba fixes the following issues : Update to 4.10.18 ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NR...

openSUSE Security Update : mariadb (openSUSE-2020-2149)

This update for mariadb and mariadb-connector-c fixes the following issues : - Update mariadb to 10.2.36 GA bsc1177472, bsc1178428 fixing for the following security vulnerabilities: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180 - Update mariadb-connector-c to 3.1.1...

Oracle Linux 6 : firefox (ELSA-2020-3233)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-3233 advisory. 68.11.0-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one Thu Jul 23 2020 Jan Horak - Update to...

openSUSE Security Update : apache2 (openSUSE-2019-2051) (Internal Data Buffering)

This update for apache2 fixes the following issues : Security issues fixed : - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering bsc1145575. - CVE-2019-10081: Fixed modhttp2 that is vulnerable to memory corruption on early pushes bsc1145742. -...

EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1795)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The filecheckmem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x befo...

Oracle Linux 7 : java-11-openjdk (ELSA-2019-0778)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0778 advisory. 1:11.0.3.7-0.0.1 - link atomic for ix86 build 1:11.0.3.7-0 - Add -mstackrealign workaround to build flags to avoid SSE issues on x86 - Resolves:...

EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1258)

According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receiv...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-664)

This update for MozillaThunderbird to version 60.0 fixes the following issues : These security issues were fixed : - CVE-2018-12359: Prevent buffer overflow using computed size of canvas element bsc1098998. - CVE-2018-12360: Prevent use-after-free when using focus bsc1098998. - CVE-2018-12361:...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-597)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-5390 aka 'SegmentSmack': A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP...

Fedora 28 : kernel / kernel-headers / kernel-tools (2018-1621b2204a)

This is a rebase to the v4.19.x kernel and includes new features and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

MySQL 5.6.x < 5.6.42 Multiple Vulnerabilities (October 2018 CPU)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.42. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has no...

GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201810-01 Mozilla Firefox: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to view...

Amazon Linux 2 : qemu-kvm (ALAS-2018-1073)

A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1944-1)

This update for the Linux Kernel 4.4.103-9256 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4114)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4114 advisory. - KVM: SVM: Move spec control call after restore of GS Thomas Gleixner CVE-2018-3639 - x86/bugs: Fix the parameters alignment and missing void Konr...

RHEL 6 : kernel-rt (RHSA-2018:1354)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1354 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

GLSA-201804-08 : QEMU: Multiple vulnerabilities (Spectre)

The remote host is affected by the vulnerability described in GLSA-201804-08 QEMU: Multiple vulnerabilities Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : An attacker could execute arbitrary code, cause a Denial of...

RHEL 6 : MRG (RHSA-2018:0470)

Updated Red Hat Enterprise Messaging, Realtime, and Grid MRG Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scorin...

Fedora 26 : hostapd (2017-45044b6b33) (KRACK)

Latest hostapd release with KRACK patches applied. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

PHP 7.1.x < 7.1.11 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.11. It is, therefore, affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid104633;...

Windows 8.1 and Windows Server 2012 R2 June 2017 Security Updates

The remote Windows host is missing security update 4022717 or cumulative update 4022726. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows Hyper-V instruction emulation due to a failure to properly enforce privilege levels. An...

Windows Server 2012 May 2017 Security Updates

The remote Windows host is missing security update 4019214 or cumulative update 4019216. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this,...

EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1011)

According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when...

EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1015)

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could...

Ubuntu 16.04 LTS : Linux kernel (Raspberry Pi 2) vulnerabilities (USN-3161-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3161-3 advisory. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to...

Fedora 25 : kernel (2016-c8a0c7eece) (Dirty COW)

The 4.8.3 stable update contains a number of important fixes across the tree. In particular, it includes a fix for CVE-2016-5195. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically...

Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)

The version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.11. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsaameth.c due to improper handling of ASN.1 signatures that are...

Debian DLA-439-1 : linux-2.6 security update

This update fixes the CVEs described below. CVE-2015-8812 A flaw was found in the iwcxgb3 Infiniband driver. Whenever it could not send a packet because the network was congested, it would free the packet buffer but later attempt to send the packet again. This use-after-free could result in a...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20160216)

It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. CVE-2015-7872, Important - A flaw was found in the way the Linux kernel...

openSUSE Security Update : mozilla-nss (openSUSE-2015-978) (SLOTH)

This update to mozilla-nss 3.20.2 fixes the following issues : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature boo952810 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

GLSA-201502-15 : Samba: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201502-15 Samba: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitra...

Amazon Linux AMI : php55 (ALAS-2015-474)

sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newline character, whi...

CentOS 5 / 6 : php / php53 (CESA-2014:1012)

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

CentOS 6 : kernel (CESA-2013:1436)

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-185)

Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569 , CVE-2013-2383 , CVE-2013-2384 Multiple improper permission check issues were...

Oracle Linux 5 : firefox (ELSA-2010-0547)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0547 advisory. firefox: 3.6.7-2.0.1.el5 - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones...

Mozilla Thunderbird < 17.0.5 Multiple Vulnerabilities

Binary data 6736.prm...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327)

MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : - Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session...

FreeBSD : mozilla -- multiple vulnerabilities (6c8ad3e8-0a30-11e1-9580-4061862b8c22)

The Mozilla Project reports : MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter 1.9.2 branch MFSA 2011-47 Potential XSS against sites using Shift-JIS MFSA 2011-48 Miscellaneous memory safety hazards rv:8.0 MFSA 2011-49 Memory corruption while profiling using Firebug MFSA 2011-50...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6883)

This update of OpenOfficeorg includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption...