NewStart CGSL MAIN 6.02 : kernel Vulnerability (NS-SA-2022-0068)

The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by a vulnerability: - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP...

AlmaLinux 8 : gcc-toolset-10-annobin (ALSA-2021:4592)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4592 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2021-2007)

According to the versions of the python3 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from...

RHEL 8 : openssl (RHSA-2021:1131)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1131 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Fedora 32 : kernel / kernel-headers / kernel-tools (2021-14f6642aa6)

The remote Fedora 32 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-14f6642aa6 advisory. - An issue was discovered in the Linux kernel through 5.11.6. fastrpcinternalinvoke in drivers/misc/fastrpc.c does not prevent user applications fro...

RHEL 7 : java-1.7.1-ibm (RHSA-2020:5586)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5586 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IB...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200806)

Security Fixes : - chromium-browser: Use after free in ANGLE CVE-2020-6463 - chromium-browser: Inappropriate implementation in WebRTC CVE-2020-6514 - Mozilla: Potential leak of redirect targets when loading scripts in a worker CVE-2020-15652 - Mozilla: Memory safety bugs fixed in Firefox 79 and...

Debian DLA-2248-1 : intel-microcode security update

The following CVEs were reported against src:intel-microcode. CVE-2020-0543 A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute...

Fedora 31 : community-mysql (2020-261c9ddd7c)

MySQL 8.0.20 Release notes : https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed : CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853...

Fedora 30 : php (2019-437d94e271)

PHP version 7.3.13 18 Dec 2019 Bcmath: - Fixed bug php78878 Buffer underflow in bcshiftaddsub. CVE-2019-11046. cmb Core: - Fixed bug php78862 link silently truncates after a null byte on Windows. CVE-2019-11044. cmb - Fixed bug php78863 DirectoryIterator class silently truncates after a null byte...

RHEL 8 : container-tools:1.0 (RHSA-2019:4273)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:4273 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: HTTP/2:...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-2687)

This update for java-180-openjdk jdk8u232/icedtea 3.14.0 fixes the following issues : Security issues fixed bsc1154212 : - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes -...

EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1998)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It has been discovered that systemd-tmpfiles mishandles symbolic links present in non-terminal path components. In some configurations a local...

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2019-2047)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping a...

Oracle Linux 6 : kernel (ELSA-2019-2736)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2736 advisory. - scsi scsi: megaraidsas: return error when create DMA pool failed Tomas Henzl 1712858 CVE-2019-11810 - net net: Set skprotcreator when copying sockets...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0034)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMITINFINITY, but does not take...

NewStart CGSL MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0009)

The remote NewStart CGSL host, running version MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not display...

CentOS 7 : firefox (CESA-2019:1603)

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)

Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel pani...

FreeBSD : mozilla -- multiple vulnerabilities (18211552-f650-4d86-ba4f-e6d5cbfcdbeb)

Mozilla Foundation reports : CVE-2018-18356: Use-after-free in Skia CVE-2019-5785: Integer overflow in Skia CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

Mozilla Thunderbird < 60.2.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-25 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3084-1)

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL level while emulating unprivileged...

Atlassian JIRA ProfileLinkUserFormat Information Disclosure Vulnerability

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote...

Mozilla Thunderbird < 52.9 Multiple Vulnerabilities (macOS)

The version of Mozilla Thunderbird installed on the remote OSX host is prior to 52.9. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid111043; scriptversion"1.5";...

Oracle Linux 7 : kernel (ELSA-2017-1308)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1308 advisory. - net packet: fix overflow in check for tpreserve Hangbin Liu 1441171 1441172 CVE-2017-7308 - net packet: fix overflow in check for tpframenr Hangbin L...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0770-1)

This update for the Linux Kernel 3.12.60-5257 fixes one issue. The following security bug was fixed : - CVE-2017-5970: The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel allowed attackers to cause a denial of service system crash via 1 an application that made crafted...

ISC BIND 9.10.x < 9.10.3-P4 DoS

Binary data 9873.prm...

RHEL 5 : java-1.7.0-ibm (RHSA-2016:0100) (SLOTH)

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

F5 Networks BIG-IP : Path MTU discovery vulnerability (K15792)

Multiple TCP/IP and ICMP implementations, when using Path MTU PMTU discovery PMTUD, allow remote attackers to cause a denial of service network throughput reduction for TCP connections via forged ICMP 'Fragmentation Needed and Don't Fragment was Set' packets with a low next-hop MTU value, aka the...

SUSE SLED12 / SLES12 Security Update : Security Update for Linux Kernel (SUSE-SU-2015:0658-1)

The SUSE Linux Enterprise Server 12 kernel was updated to 3.12.39 to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-0777: The XEN usb backend could leak information to the guest system due to copying uninitialized memory. - CVE-2015-2150: Xen and the Linux...

CentOS 6 : kernel (CESA-2015:0674)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CentOS 5 : samba3x (CESA-2015:0249)

Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fro...

Oracle Linux 6 : kernel (ELSA-2014-1843)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1843 advisory. - x86 kvm: fix PIT timer race condition mguzik 1149592 1149593 CVE-2014-3611 - x86 kvm: vmx: handle invept and invvpid vm exits gracefull mguzik 114482...

RHEL 5 : kernel (RHSA-2013:0168)

Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

SuSE 10 Security Update : kernel-debug (ZYPP Patch Number 6986)

This SUSE Linux Enterprise 10 SP3 kernel update for x8664 only fixes a severe regression introduced by the previous bugfix that would make some machines not boot due to iommu / AGP memory issues. The update also fixes several other bugs and the following security issue : - drivers/net/r8169.c in...

SuSE 11.1 Security Update : PHP5 (SAT Patch Number 4133)

PHP5 was updated to fix several security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. if NASLLEVEL 3000 exit0;...

RHEL 6 : thunderbird (RHSA-2011:0311)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2011:0311 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicio...

Ubuntu 8.04 LTS : linux regression (USN-974-2)

USN-974-1 fixed vulnerabilities in the Linux kernel. The fixes for CVE-2010-2240 caused failures for Xen hosts. This update fixes the problem. We apologize for the inconvenience. Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when...

GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200804-20 Sun JDK/JRE: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched ...

MariaDB 10.11.0 < 10.11.11

The version of MariaDB installed on the remote host is prior to 10.11.11. It is, therefore, affected by a vulnerability as referenced in the 10.11.11 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.40 and prior,...

RHEL 7 : openssh (RHSA-2023:4382)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4382 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

Oracle MySQL Workbench <= 8.0.32 (April 2023)

The version of Oracle MySQL Workbench installed on the remote Windows host is prior to 8.0.32. It is, therefore, affected by a Use After Free vulnerability in the MySQL Workbench product of Oracle MySQL component: Workbench: OpenSSL. Supported versions that are affected are 8.0.32 and prior. Easi...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.11.3)

The version of AOS installed on the remote host is prior to 5.11.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.11.3 advisory. - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.1082)

The version of AHV installed on the remote host is prior to 20201105.1082. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.1082 advisory. - Perl before 5.30.3 has an integer overflow related to mishandling of a PLregkindOPn == NOTHING situation. A...

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2022-1730)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd...

EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2022-1385)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9270)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9270 advisory. 4.14.35-2047.511.5.8.el7uek - netfilter: nftables: initialize registers in nftdochain Pablo Neira Ayuso Orabug: 34048826 CVE-2022-1016 Tenable has extracted the...

RHEL 8 : samba (RHSA-2022:0008)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0008 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2021-2931)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. CVE-2021-34798 -...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0094)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted...