Fedora 31 : apache-commons-beanutils (2019-bcad44b5d6)

Update to version 1.9.4. Resolves CVE-2019-10086. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. ...

Fedora 29 : python2 / python2-docs (2019-758824a3ff)

Python 2.7.17 is a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. https://www.python.org/downloads/release/python-2717/ - Security fix for CVE-2018-20852. - Security fix for CVE-2019-16056. - Security fix for CVE-2019-16935. Note that...

openSUSE Security Update : go1.12 (openSUSE-2019-2000) (Ping Flood) (Reset Flood)

This update for go1.12 fixes the following issues : Security issues fixed : - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth. bsc1146111 - CVE-2019-9514: Fixed HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of...

EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1667)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid o...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1425-1)

This update for the Linux Kernel 3.12.74-6064110- fixes one issue. The following security issue was fixed : CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcpcollapseofoqueue and tcppruneofoqueue for every incoming packet which can lead to a denial of service...

Amazon Linux 2 : python-urllib3 (ALAS-2019-1211)

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in...

Fedora 29 : httpd (2019-119b14075a)

This update includes the latest upstream release of Apache httpd, version 2.4.39, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES2.4.39 The following security vulnerabilities are addressed : - CVE-2019-0211...

Amazon Linux 2 : kernel (ALAS-2018-939) (Meltdown) (Spectre)

An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon previously...

Apache POI < 3.17 Multiple DoS Vulnerabilities

The version of Apache POI installed on the remote host is a version prior to 3.17. It is, therefore, affected by multiple DoS vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C...

Security Updates for Microsoft Sharepoint Server (October 2017)

The Microsoft Sharepoint Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an...

Windows 7 and Windows Server 2008 R2 October 2017 Security Updates (KRACK)

The remote Windows host is missing security update 4041678 or cumulative update 4041681. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in...

Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-047)

According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel mishandles inheritance, which...

Debian DLA-896-1 : icedove/thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. With version 45.8 Debian drops it's custom branding from the Icedove package an...

McAfee VirusScan Enterprise < 8.8 Patch 6/7 Hotfix 1123565 Protection Bypass Vulnerability (SB10158)

The version of McAfee VirusScan Enterprise VSE installed on the remote Windows host is 8.8 Patch 6 or Patch 7 without Hotfix 1123565. It is, therefore, affected by a flaw related to closing registry handles for the McAfee VirusScan Console process. A local attacker with Windows administrative...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20160512)

Security Fixes : - A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privilege...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20160120) (SLOTH)

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

RHEL 6 : samba (RHSA-2016:0011)

Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...

Scientific Linux Security Update : NetworkManager on SL7.x x86_64 (20151119)

It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs Router Advertisements, without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to...

Xerox WorkCentre 6400 OpenSSL RSA Temporary Key Handling EXPORT_RSA Ciphers Downgrade MitM (XRX15AP) (FREAK)

According to its model number and software version, the remote Xerox WorkCentre 6400 device is affected by a security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, due to the support of weak EXPORTRSA cipher suites with keys less than or equal to 512 bits. A...

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20150715) (Bar Mitzvah) (Logjam)

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733 A flaw was fou...

Debian DSA-3290-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption. - CVE-2015-1805 Red Hat discovered that the pipe iovec read and write implementations may iterate over the iovec twice but will modify...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20150126) (POODLE)

A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. CVE-2014-6601 Multiple improper permission check issues were discovered in the JAX-WS, and...

SuSE 11.3 Security Update : openwsman (SAT Patch Number 9902)

This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the server section : ssldisabledprotocols = SSLv2 SSLv3 %NASLMINLEVEL 70300 C Tenabl...

RHEL 6 : kernel (RHSA-2013:1026)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1026 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A...

openSUSE Security Update : kernel (openSUSE-SU-2014:0856-1)

The Linux kernel was updated to fix security issues and bugs : Security issues fixed: CVE-2014-3153: The futexrequeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEXREQUEU...

openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:1585-1)

Changes in MozillaThunderbird : - update to Thunderbird 17.0 bnc790140 - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards - MFSA 2012-92/CVE-2012-4202 bmo758200 Buffer overflow while rendering GIF images - MFSA 2012-93/CVE-2012-4201 bmo747607 evalInSanbox location...

openSUSE Security Update : kernel (openSUSE-SU-2010:0734-1)

This updated openSUSE 11.3 kernel fixes the following security bugs : CVE-2010-3310: local users could corrupt kernel heap memory via ROSE sockets. CVE-2010-2962: local users could write to any kernel memory location via the i915 GEM ioctl interface. Additionally the update restores the...

Scientific Linux Security Update : struts on SL5.x i386/x86_64 (20140507)

It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution...

Default Password (netoptics) for 'admin' Account

The account 'admin' on the remote host has the password 'netoptics'. An attacker may leverage this issue to gain administrative access to the affected system. Note that Net Optics taps are known to use these credentials as factory defaults. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Ubuntu 12.10 / 13.04 : openjdk-7 vulnerabilities (USN-1907-1)

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. CVE-2013-1500, CVE-2013-2454, CVE-2013-2458 A vulnerability was discovered in the OpenJDK Javadoc related to...

Oracle Linux 4 : kernel (ELSA-2010-0474)

From Red Hat Security Advisory 2010:0474 : Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CV...

Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0599)

From Red Hat Security Advisory 2008:0599 : Updated SeaMonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Updated 16th July 2008 The original se...

Oracle Linux 5 / 6 : postgresql / and / postgresql84 (ELSA-2012-1037)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-1037 advisory. - Update to PostgreSQL 8.4.12, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-12.html including the fixes for...

CentOS 3 / 5 : httpd (CESA-2009:1579)

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the...

FreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)

The Mozilla Project reports : MFSA 2013-01 Miscellaneous memory safety hazards rv:18.0/ rv:10.0.12 / rv:17.0.2 MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA...

Mac OS X 10.6 < 10.6.8 Multiple Vulnerabilities

Binary data 5968.prm...

RHEL 4 / 5 : thunderbird (RHSA-2010:0780)

The remote Redhat Enterprise Linux 4 / 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2010:0780 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content...

Fedora 13 : seamonkey-2.0.4-1.fc13 (2010-6236)

Update to new upstream SeaMonkey version 2.0.4, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.htmlseamonkey2.0.4 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178...

Mozilla Firefox < 3.5.10 Multiple Vulnerabilities

Binary data 5579.prm...

RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043)

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.3. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the IBM Java Runtim...

Slackware 12.1 / 12.2 / 13.0 / current : gnutls (SSA:2009-290-01)

New gnutls packages are available for Slackware 12.1, 12.2, 13.0, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2009-290-01. The text itself is...

SuSE 11 Security Update : Sun JDK 6 (SAT Patch Number 699)

The Sun JDK 6 was updated to Update13 to fix various bugs and security issues. - LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier does not close...

RHEL 4 : kernel (RHSA-2008:0508)

Updated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating...

RunCMS Multiple Script bbPath Parameter Remote File Inclusion

The installed version of RunCMS fails to validate user input to the 'bbPath' parameter of two scripts. An unauthenticated attacker may be able to leverage this issue to view arbitrary files on the remote host or to execute arbitrary PHP code, possibly taken from third-party hosts. Note that...

GNOME Shell <= 45.7 Code Execution in Portal Helper (CVE-2024-36472)

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

RHEL 7 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c CVE-2019-15505 - kernel: lack of...

CentOS 7 : zlib (RHSA-2023:1095)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1095 advisory. - zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications...

Oracle Linux 8 : kernel (ELSA-2022-5819)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5819 advisory. - debug: lockdown kgdb Orabug: 34270802 CVE-2022-21499 - tcp: drop the hash32 part from the index calculation Guillaume Nault 2087130 2064876...

SUSE SLES15: kernel-livepatch-5_3_18-150300_59_71-default / etc (SUSE-SU-2022:2696-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2696-1 advisory. This update for the Linux Kernel 5.3.18-1503005971 fixes several issues. The following security issues were fixed: - CVE-2022-34918: Fixed a...

Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability

The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected by a vulnerability as referenced in the July 6, 2022 advisory. - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentiall...