337960 matches found
RHEL 6 : java-1.8.0-ibm (RHSA-2018:1722)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1722 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...
Scientific Linux Security Update : libvirt on SL7.x x86_64 (20180522) (Spectre)
Security Fixes : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0114-1) (Meltdown) (Spectre)
The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes...
OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)
The remote OracleVM system is missing necessary patches to address critical security updates : - nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce Fields Orabug: 25986995 CVE-2017-7895 - ocfs2/o2net: o2netlistendataready should do nothing if socket state is not TCPLISTEN Tariq Saeed...
Ubuntu 12.04 LTS : linux, linux-ti-omap4 vulnerability (USN-3218-1)
Alexander Popov discovered that the NHDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges. Note that Tenable Network Security has extracte...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-693)
It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2016-0686 It was...
Fedora 23 : community-mysql-5.6.29-1.fc23 (2016-65a1f22818)
This is an update to 5.6.29 that delivers also all fixes for CVE-2015-4766, CVE-2015-4791, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862,...
F5 Networks BIG-IP : Linux kernel vulnerability (K17241)
The vdsoaddr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. CVE-2014-9585 Impact When exploite...
RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:1604) (Logjam)
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.6 and 5.7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2015-0809)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0809 advisory. 1:1.8.0.45-30.b13 - repacked sources - Resolves: RHBZ1209076 1:1.8.0.45-7.b13 - Re-add %name prefix to patches to avoid conflicts with OpenJDK 7...
Oracle Solaris Third-Party Patch Update : ntp (cve_2013_5211_input_validation)
The remote Solaris system is missing necessary patches to address security updates : - The monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploite...
RHEL 6 : JBoss EWP (RHSA-2013:0195)
Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
RHEL 6 : kernel (RHSA-2014:0512)
Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
Cisco NX-OS GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash) (Shellshock)
According to its self-reported version, the remote NX-OS device is affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to...
Oracle Linux 5 : kernel (ELSA-2014-0926)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0926 advisory. - infiniband rds: do not deref NULL dev in rdsiwladdrcheck Jacob Tanenbaum 1093311 1093312 CVE-2014-2678 - xen page-alloc: scrub anonymous domain heap...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:1288-1)
java-170-openjdk was updated to icedtea-2.4.1 bnc828665 - Security fixes - S6741606, CVE-2013-2407: Integrate Apache Santuario - S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls - S7170730, CVE-2013-2451: Improve Windows network stack support. - S8000638, CVE-2013-2450: Improv...
Oracle Linux 5 : kernel (ELSA-2013-1449-1)
From Red Hat Security Advisory 2013:1449 : Updated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...
Mandriva Linux Security Advisory : python (MDVSA-2013:117)
Updated python packages fix security vulnerabilities : A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this fla...
Mac OS X : Java for Mac OS X 10.5 Update 9
The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 9. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the...
CentOS 4 / 5 : firefox / seamonkey (CESA-2009:1430)
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime...
Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-178-01)
New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2009-178-01...
FreeBSD : mozilla -- multiple vulnerabilities (da185955-5738-11de-b857-000f20797ede)
Mozilla Foundation reports : MFSA 2009-32 JavaScript chrome privilege escalation MFSA 2009-31 XUL scripts bypass content-policy checks MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar MFSA 2009-29 Arbitrary code execution using event listeners attached to an elemen...
Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities
The installed version of Thunderbird is earlier than 2.0.0.18. Such versions are potentially affected by the following security issues : - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from...
RHEL 4 / 5 : tetex (RHSA-2007:1027)
Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting...
openSUSE 10 Security Update : seamonkey (seamonkey-3632)
This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such a...
Debian DSA-1348-1 : poppler - integer overflow
It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. poppler includes a copy of the xpdf code and required an update as well. The oldstable distribution sarge doesn't include poppler. %NASLMINLEVEL 70300 C...
Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203)
The version of Microsoft Azure Data Studio installed on the remote Windows host is prior to 1.48.0. It is, therefore, affected by an unspecified elevation of privilege vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported...
Security Updates for Microsoft SQL Server (October 2023)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A Denial of Service vulnerability. An attacker could impact availability of the service resulting in Denial of Service DoS CVE-2023-36728 Note that...
KB5030214: Windows 10 version 1809 / Windows Server 2019 Security Update (September 2023)
The remote Windows host is missing security update 5030214. It is, therefore, affected by multiple vulnerabilities - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2023-35355 - DHCP Server Service Denial of Service Vulnerability CVE-2023-38162 - Windows GDI...
Security Updates for Microsoft Visual Studio Products (August 2022)
The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Fbx File parser Heap overflow Vulnerability. CVE-2022-35777, CVE-2022-35826 - Fbx File parser OOBW Vulnerability. CVE-2022-35825, CVE-2022-35827 Note that Nessus has not...
SUSE SLES15 Security Update : kernel (Live Patch 16 for SLE 15 SP3) (SUSE-SU-2022:2216-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2216-1 advisory. - Integer Overflow or Wraparound vulnerability in iouring of Linux Kernel allows local attacker to cause memory corruption and...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-019)
The version of kernel installed on the remote host is prior to 5.4.91-41.139. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-019 advisory. A flaw was found in the JFS filesystem code. This flaw allows a local attacker with the ability to set...
SUSE SLES12: cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc (SUSE-SU-2022:1402-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1402-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...
RHEL 7 : kernel (RHSA-2022:1104)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1104 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use after free in eventpoll.c...
EulerOS 2.0 SP3 : vim (EulerOS-SA-2022-1193)
According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3778, CVE-2021-3872, CVE-2021-3927 - vim is vulnerable to Use After Free CVE-2021-3796,...
RHEL 8 : kpatch-patch (RHSA-2022:0335)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0335 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fixe...
ManageEngine ServiceDesk Plus < 11.2 Build 11205 RCE
A command injection vulnerability exists in ManageEngine ServiceDesk Plus 11.2 Build 11205 due to insufficient sanitisation of user supplied input. An authenticated, remote attacker can exploit this to execute arbitrary commands with SYSTEM privileges. Note that Nessus has not tested for this iss...
AngularJS < 1.8.0 Cross-Site Scripting
According to its self-reported version number, AngularJS is prior to 1.8.0. Therefore, it may be affected by a a Cross-Site Scripting XSS vulnerability through the wrapping of elements in ones. Note that the scanner has not tested for these issues but has instead relied only on the application's...
EulerOS 2.0 SP9 : qemu (EulerOS-SA-2021-1275)
According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPYAREA macro while...
KB4592440: Windows 10 Version 1809 and Windows Server 2019 December 2020 Security Update
The remote Windows host is missing security update 4592440. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962,...
CentOS 7 : freetype (RHSA-2020:4907)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4907 advisory. - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...
Fedora 32 : 1:java-1.8.0-openjdk (2020-a405eea76a)
New in release OpenJDK 8u272 2020-10-20: =========================================== Full versions of these release notes can be found at : - https://bitly.com/openjdk8u272 - https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt New features - JDK-8245468: Add TLSv1.3...
EulerOS Virtualization 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1790)
According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Memory leak in hw/audio/es1370.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service...
Oracle Linux 8 : kernel (ELSA-2020-2427)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-2427 advisory. - documentation x86/speculation: Add Ivy Bridge to affected list Josh Poimboeuf 1827191 1827192 CVE-2020-0543 - documentation x86/speculation: Add SRBDS...
Photon OS 1.0: Mysql PHSA-2020-1.0-0292
An update of the mysql package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0292. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid136556...
Fedora 30 : glibc (2020-7f625c5ea8)
This update incorporates fixes from the upstream glibc 2.29 stable release branch, including 3 fixes for medium severity security vulnerabilities. CVE-2020-10029, CVE-2020-1752, CVE-2020-1751 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1308)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the...
RHEL 6 : kernel-rt (RHSA-2020:0609)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0609 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...
Mozilla Firefox ESR < 68.4.1
The version of Firefox ESR installed on the remote Windows host is prior to 68.4.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-03 advisory. - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are...
RHEL 8 : container-tools:rhel8 (RHSA-2019:4269)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:4269 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: HTTP/2:...