SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6523)

IBM Java 1.4.2 was updated to SR13 FP1. It fixes following two security issues: CVE-2009-2625: A vulnerability in the Java Runtime Environment JRE with parsing XML data might allow a remote client to create a denial-of-service condition on the system that the JRE runs on. - A vulnerability in how...

RHEL 3 / 4 : openoffice.org (RHSA-2010:0643)

Updated openoffice.org packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

c99shell Backdoor Detection

At least one instance of c99shell or a derivative, such as c100 or Locus7Shell is hosted on the remote web server. This is a PHP script that acts as a backdoor and provides a convenient set of tools for attacking the affected host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Fedora 10 : gnutls-2.4.2-5.fc10 (2009-8622)

This update fixes handling of NUL characters in certificate Common Name or subjectAltName fields especially in regards to comparsion to hostnames. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

openSUSE Security Update : OpenOffice_org (OpenOffice_org-1187)

This update of OpenOffice.org fixes potential buffer overflow in EMF parser code CVE-2009-2139, CVE-2009-2140 Thanks to Petr Mladek. Additionally Secunia reported an integer underflow CVE-2009-0200 and a buffer overflow CVE-2009-0201 that could be triggered while parsing Word documents...

MercuryBoard User-Agent SQL Injection

The remote host is running MercuryBoard, an open source bulletin board system that uses PHP and MySQL. The installed version of MercuryBoard fails to remove malicious data from a User-Agent header before using it in a database query, making it prone to SQL injection attacks. An authenticated...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7009-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7009-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2257)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1781)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the Linux kernel's cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain...

RHEL 8 : firefox (RHSA-2022:0816)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0816 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

EulerOS Virtualization 3.0.2.6 : ruby (EulerOS-SA-2021-2866)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip...

Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2021-4160)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4160 advisory. - Security fix for CVE-2021-28957 Resolves: rhbz1941534 - Fixes CVE-2020-27783 and another vulnerability in the HTML Cleaner - Fix for CVE-2021-33503...

openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:3506-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3506-1 advisory. - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be...

Security Updates for Microsoft Internet Explorer OOB (Sept 2021) (deprecated)

This plugin is a work-around and is being deprecated due other superceded Microsoft Security patches. See Nessus Plugin IDs: 153374, 153372, 153373, 153375, 153377, 153381, 153383 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2021/09/23. Deprecated due to patch...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5011-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5011-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

Solaris 10 (x86) : 119784-47

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

RHEL 8 : grub2 (RHSA-2021:0697)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0697 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

Photon OS 2.0: Mysql PHSA-2021-2.0-0320

An update of the mysql package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0320. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid146769...

Amazon Linux AMI : samba (ALAS-2021-1469)

The version of samba installed on the remote host is prior to 4.10.16-9.56. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1469 advisory. A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1491)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.265.b01-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1491 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supporte...

RHEL 8 : thunderbird (RHSA-2020:4913)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4913 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fixes: Mozilla:...

RHEL 8 : sqlite (RHSA-2020:4442)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4442 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a singl...

Debian DLA-2377-1 : qt4-x11 security update

Several vulnerabilities were fixed in qt4-x11, the legacy version of the Qt toolkit. CVE-2018-15518 Double-free or corruption in QXmlStreamReader during parsing of a specially crafted illegal XML document. CVE-2018-19869 A malformed SVG image causes a segmentation fault. CVE-2018-19870 A malforme...

NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0046)

The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable...

openSUSE Security Update : python (openSUSE-2020-1257)

This update for python fixes the following issues : - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs bsc1174091. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in...

Apple iCloud 7.x < 7.15 Multiple Vulnerabilities

According to its version, the iCloud application installed on the remote Windows host is 7.x prior to 7.15. It is, therefore, affected by multiple vulnerabilities: - Multiple arbitrary code execution vulnerabilities exist with in the WebKit due to multiple memory corruption issues. An...

SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1538-1)

This update for qemu fixes the following issues : Security issues fixed : CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code bsc1166240. CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation bsc1146873. CVE-2020-1983: Fixed a use-after-free in the ipreass...

Photon OS 2.0: Nodejs PHSA-2020-2.0-0210

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0210. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13408...

Oracle Linux 8 : kernel (ELSA-2019-1479)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1479 advisory. - net tcp: enforce tcpminsndmss in tcpmtuprobing Florian Westphal 1719922 1719923 CVE-2019-11479 - net tcp: add tcpminsndmss sysctl Florian Westphal...

RHEL 8 : firefox (RHSA-2019:1696)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1696 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigat...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20190221)

Security Fixes : This update upgrades Firefox to version 60.5.1 ESR. Security Fixes : - chromium-browser, mozilla: Use after free in Skia CVE-2018-18356 mozilla: Integer overflow in Skia CVE-2019-5785 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'...

Photon OS 1.0: Openjdk PHSA-2017-0016

An update of the openjdk package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0016. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121693;...

SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:3289-1)

This update for tiff fixes the following issues : CVE-2018-17100: There is a int32 overflow in multiplyms in tools/ppm2tiff.c, which can cause a denial of service crash or possibly have unspecified other impact via a crafted image file. bsc1108637 CVE-2018-17101: There are two out-of-bounds write...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2110-1)

This update for the Linux Kernel 3.12.74-606496 fixes one issue. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

Fedora 26 : drupal8 (2018-922cc2fbaa) (Drupalgeddon 2)

8.3.9 - SA-CORE-2018-002 CVE-2018-7600 - 8.3.8 - SA-CORE-2018-001 CVE-2017-6926 / CVE-2017-6927 / CVE-2017-6930 / CVE-2017-6931 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically...

KB4048951: Security update for Adobe Flash Player (November 2017)

The remote Windows host is missing security update KB4048951. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104547; scriptversion"1.13";...

Oracle Linux 7 : kernel (ELSA-2017-2930-1) (BlueBorne)

Description of changes: - 3.10.0-693.5.2.0.1.el7.OL7 - ipc ipc/sem.c: bugfix for semctl,,GETZCNT Manfred Spraul orabug 22552377 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel olkmodsigningkey.x509alexey.petrenko at oracle.com - Update...

EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1177)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers relate...

openSUSE Security Update : qemu (openSUSE-2017-822)

This update for qemu fixes several issues. These security issues were fixed : - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service infinite loop by leveraging an incorrect return value bsc1042159. - CVE-2017-8379: Memory leak in the keyboard input...

Ubuntu 16.10 : linux, linux-meta vulnerabilities (USN-3326-1) (Stack Clash)

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2017-7374 It was discovered that the stack guard page for processes in the Linux kernel was not...

RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0650)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OracleVM 3.3 : kernel-uek (OVMSA-2015-0150)

The remote OracleVM system is missing necessary patches to address critical security updates : - ipc/sem.c: fully initialize semarray before making it visible Manfred Spraul Orabug: 22277382 CVE-2015-7613 - ipc: fix msg newqueue add Guru Anbalagane Orabug: 22277382 CVE-2015-7613 - sctp: fix race ...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3049)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3049 advisory. - ipv6: Don't reduce hop limit for an interface D.S. Ljungmark Orabug: 21444791 CVE-2015-2922 Tenable has extracted the preceding description block...

Fedora 21 : kernel-3.16.3-300.fc21 (2014-11097)

Linux v3.16.3. Various bugfixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2113-1)

Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload UFI in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service panic. CVE-2013-4563 Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker...

CentOS 6 : nss / nss-util / nss-softokn / nspr (CESA-2013:1144)

Updated nss, nss-util, nss-softokn, and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System...

RHEL 6 : firefox (RHSA-2013:0696)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0696 advisory. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found ...

CGI Generic Command Execution (time-based, intrusive)

The remote web server hosts CGI scripts that seem to fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host. Note that : - This script uses a time-based detection method that is less reliable than the basic...

CentOS 5 : kernel (CESA-2010:0610)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...