337960 matches found
openSUSE 10 Security Update : xpdf (xpdf-6376)
Specially crafted PDF documents could crash xpdf or potentially even allow execution of arbitrary code CVE-2009-0791. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update xpdf-6376. The text...
Solaris 9 (sparc) : 141709-03
Sun GlassFish Enterprise Server v2.1.1 Security Patch01, Solaris:. Date this patch was last updated by Sun : Jan/08/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...
Fedora 8 : awstats-6.8-3.fc8 (2008-10938)
Use Debian's patch for CVE-2008-3714 rh474396 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
SUSE SLED15: cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc (SUSE-SU-2024:2939-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2939-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...
Amazon Linux 2023 : rsyslog, rsyslog-crypto, rsyslog-elasticsearch (ALAS2023-2023-001)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-001 advisory. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use...
RHEL 8 : kpatch-patch (RHSA-2022:5476)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5476 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...
IBM Java 6.0 < 6.0.16.30 / 6.1 < 6.1.8.30 / 7.0 < 7.0.9.50 / 7.1 < 7.1.3.50 / 8.0 < 8.0.3.10 Multiple Vulnerabilities
The version of IBM Java installed on the remote host is prior to 6.0 6.0.16.30 / 6.1 6.1.8.30 / 7.0 7.0.9.50 / 7.1 7.1.3.50 / 8.0 8.0.3.10. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle July 19 2016 CPU advisory. - Unspecified vulnerability in Oracle Java SE...
AlmaLinux 8 : firefox (ALSA-2021:5013)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:5013 advisory. - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 8 (Moderate) (RHSA-2021:5151)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5151 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.3.10 serves as a replacement for Red Hat JBoss Enterprise Application Platfo...
CentOS 8 : pcs (CESA-2021:4142)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4142 advisory. - jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 - jquery: Cross-site scripting XSS via HTML tags...
SUSE SLED15: glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / etc (SUSE-SU-2021:3385-1)
The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3385-1 advisory. - CVE-2021-35942: wordexp: handle overflow in positional parameter number bsc1187911 - CVE-2021-33574: Use pthreadattrcopy...
RHEL 8 : postgresql:9.6 (RHSA-2021:2393)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2393 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...
CentOS 8 : firefox (CESA-2021:1360)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:1360 advisory. - Mozilla: More internal network hosts could have been probed by a malicious webpage CVE-2021-23961 - Mozilla: Out of bound write due to lazy...
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4879-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4879-1 advisory. It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad- hoc SSIDs. A local attacker could use this to...
CentOS 8 : thunderbird (CESA-2020:2614)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:2614 advisory. - Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage CVE-2020-12398 - Mozilla: Use-after-free in SharedWorkerService...
EulerOS Virtualization 3.0.6.6 : perl (EulerOS-SA-2020-2459)
According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Perl before 5.30.3 has an integer overflow related to mishandling of a 'PLregkindOPn == NOTHING' situation. A crafted regular...
FreeBSD : libxml -- multiple vulnerabilities (f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9)
CVE mitre reports : CVE-2019-20388 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2020-24977 GNOME project libxml2...
Apple iCloud 10.x < 10.9.3 Multiple Vulnerabilities
According to its version, the iCloud application installed on the remote Windows host is 10.x prior to 10.9.3. It is, therefore, affected by multiple vulnerabilities: - A logic issue was addressed with improved restrictions. A file URL may be incorrectly processed. CVE-2020-3885 - A logic issue w...
CentOS 6 : java-1.8.0-openjdk (RHSA-2020:1506)
The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1506 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u24...
EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2020-1195)
According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through...
EulerOS 2.0 SP2 : binutils (EulerOS-SA-2019-2450)
According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++...
openSUSE Security Update : qemu (openSUSE-2019-2510)
This update for qemu fixes the following issues : qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. CVE-2018-20126 bsc1119991, CVE-2019-14378 bsc1143794, and CVE-2019-15890 bsc1149811...
RHEL 6 : kernel-rt (RHSA-2019:2730)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2730 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...
EulerOS 2.0 SP5 : binutils (EulerOS-SA-2019-1799)
According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - elflink.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has a 'member access within null pointer'...
CentOS 7 : curl (CESA-2019:1880)
An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...
NewStart CGSL MAIN 5.04 : kernel-rt Vulnerability (NS-SA-2019-0018)
The remote NewStart CGSL host, running version MAIN 5.04, has kernel-rt packages installed that are affected by a vulnerability: - A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotifyhandleevent and vfsrename while...
Debian DLA-1786-1 : qt4-x11 security update
Multiple issues have been addressed in Qt4. CVE-2018-15518 A double-free or corruption during parsing of a specially crafted illegal XML document. CVE-2018-19869 A malformed SVG image could cause a segmentation fault in qsvghandler.cpp. CVE-2018-19870 A malformed GIF image might have caused a NUL...
openSUSE Security Update : apache2 (openSUSE-2019-1190)
This update for apache2 fixes the following issues : - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these...
openSUSE Security Update : ImageMagick (openSUSE-2019-1141)
This update for ImageMagick fixes the following issues : Security issues fixed : - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function bsc1128649. - CVE-2018-18544: Fixed a memory leak in the function WriteMSLImage bsc1113064. - CVE-2018-20467: Fixed an infinite loop in coders/bmp....
Google Chrome < 73.0.3683.75 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 73.0.3683.75. It is, therefore, affected by multiple vulnerabilities as referenced in the 201903stable-channel-update-for-desktop12 advisory. - Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a...
Photon OS 1.0: Openjdk PHSA-2017-0040
An update of the openjdk package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0040. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121745;...
Fedora 28 : systemd (2018-24bd6c9d4a)
Fix a local vulnerability from a race condition in chown-recursive CVE-2018-15687, 1643367 - Fix a local vulnerability from invalid handling of long lines in state deserialization CVE-2018-15686, 1643372 - Fix a remote vulnerability in DHCPv6 in systemd-networkd CVE-2018-15688, 1643362 -...
SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:3920-1)
java-170-ibm is updated to Java 7.0 Service Refresh 10 Fix Pack 35 bsc1116574 : Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM...
openSUSE Security Update : the Linux Kernel (openSUSE-2018-826)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-5390 aka 'SegmentSmack': A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1508-1)
This update for the Linux Kernel 4.4.121-9273 fixes one issue. The following security issue was fixed : - CVE-2018-1000199: - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modifyuserhwbreakpoint' routine, an unprivileged user/process could use...
Amazon Linux AMI : httpd24 (ALAS-2018-1004)
Use-after-free on HTTP/2 stream shutdown When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to...
Cisco ASA Remote Code Execution and Denial of Service Vulnerability (cisco-sa-20180129-asa1) (destructive check)
The Cisco Adaptive Security Appliance ASA software running on the remote device is affected by a remote code execution vulnerability due to an issue with allocating and freeing memory when processing a malicious XML payload. An unauthenticated, remote attacker can exploit the issue to cause a...
openSUSE Security Update : xen (openSUSE-2017-799)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege XSA-217, bsc1042882 - CVE-2017-10913 CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially...
EulerOS 2.0 SP2 : ntp (EulerOS-SA-2017-1125)
According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.CVE-2015-8139 - N...
EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1072)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and addition...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0571-1)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-2620: In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation bsc1024834. -...
Blue Coat ProxySG 6.5.x < 6.5.9.8 / 6.6.x < 6.6.4.1 Multiple OpenSSL Vulnerabilities
The self-reported SGOS version installed on the remote Blue Coat ProxySG device is 6.5.x prior to 6.5.9.8 or 6.6.x prior to 6.6.4.1. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - Multiple flaws exist in the aesnicbchmacsha1cipher function in file...
GLSA-201606-10 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201606-10 PHP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker can possibly execute arbitrary code or create a...
F5 Networks BIG-IP : Java vulnerabilities (K48802597)
CVE-2013-5825 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to...
CentOS 6 : samba (CESA-2016:0011)
Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...
RHEL 6 : php (RHSA-2015:1218)
Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...
IBM Rational ClearQuest 7.1.1.x / 7.1.2.x < 7.1.2.13.01 / 8.0.0.x < 8.0.0.10.01 / 8.0.1.x < 8.0.1.3.01 OpenSSL Library Multiple Vulnerabilities (credentialed check) (Heartbleed)
The remote host has a version of IBM Rational ClearQuest 7.1.1.x / 7.1.2.x prior to 7.1.2.13.01 / 8.0.0.x prior to 8.0.0.10.01 / 8.0.1.x prior to 8.0.1.3.01 installed. It is, therefore, potentially affected by multiple vulnerabilities in the OpenSSL library : - An error exists related to the...
Oracle Linux 5 : kernel (ELSA-2014-2008)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-2008 advisory. kernel 2.6.18-400.1.1 - x86 traps: stop using IST for SS Petr Matousek 1172809 CVE-2014-9322 Tenable has extracted the preceding description block directly from...
Oracle Linux 7 : unbreakable enterprise kernel (ELSA-2014-3049)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3049 advisory. - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229497 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path...
openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)
Mozilla Thunderbird was updated to the 3.1.10 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...