NewStart CGSL CORE 5.05 / MAIN 5.05 : python3 Multiple Vulnerabilities (NS-SA-2021-0147)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python3 packages installed that are affected by multiple vulnerabilities: - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occur...

Mozilla Firefox < 92.0

The version of Firefox installed on the remote Windows host is prior to 92.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-38 advisory. - Mozilla developers Christian Holler and Lars T Hansen reported memory safety bugs present in Firefox 91. Some of these...

SUSE SLED15: qemu / qemu-arm / qemu-audio-alsa / qemu-audio-pa / qemu-block-curl / etc (SUSE-SU-2021:2789-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2789-1 advisory. Security issues fixed: - usbredir: free call on invalid pointer in bufpalloc bsc1189145, CVE-2021-3682 - NULL pointer dereference in E...

SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3279-1)

This update for ucode-intel fixes the following issues : Intel CPU Microcode updated to 20201027 prerelease CVE-2020-8695: Fixed Intel RAPL sidechannel attack SGX bsc1170446 CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 bsc1173594 New Platforms: | Processor | Stepping | F-M-S/P...

MariaDB 10.5.0 < 10.5.7 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.5.7. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.5.7 advisory. - With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user...

Mozilla Firefox < 82.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 82.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-45 advisory. - Mozilla developers Christian Holler, Sebastian Hengst, Bogdan Tara, and Tyson Smith reported memory safety bu...

RHEL 6 : kernel-rt (RHSA-2020:3266)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3266 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Securi...

Solaris 10 (x86) : 119784-45

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

RHEL 8 : firefox (RHSA-2020:2382)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2382 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Oracle Linux 7 : thunderbird (ELSA-2019-4148)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4148 advisory. 68.3.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 68.3.0-1 - Update to 68.3.0 build2 68.2.0-2 - Adde...

EulerOS 2.0 SP5 : bind (EulerOS-SA-2019-2128)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - 'managed-keys' is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for us...

openSUSE Security Update : webkit2gtk3 (openSUSE-2019-2208)

This update for webkit2gtk3 fixes the following issues : Security issues fixed : - CVE-2019-8673, CVE-2019-8678, CVE-2019-8686, CVE-2019-8683, CVE-2019-8671, CVE-2019-8595, CVE-2019-8684, CVE-2019-8681, CVE-2019-8615, CVE-2019-8689, CVE-2019-8680, CVE-2019-8672, CVE-2019-8676, CVE-2019-8666,...

RHEL 7 : libjpeg-turbo (RHSA-2019:2052)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2052 advisory. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessi...

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1639)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. Whil...

Amazon Linux 2 : kernel (ALAS-2019-1214)

A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create...

RHEL 7 : kernel (RHSA-2019:1171)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1171 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A flaw was found in the implementation...

RHEL 7 : java-1.8.0-openjdk (RHSA-2019:0775)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0775 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

Photon OS 1.0: Linux PHSA-2016-0012

An update of the linux package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2016-0012. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121650;...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4510)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4510 advisory. - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c Hui Peng Orabug: 29042981 CVE-2018-19824 - ALSA: usb-audio: Replace...

Oracle Linux 7 : xorg-x11-server (ELSA-2018-3410)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-3410 advisory. - CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges Tenable has extracted the preceding description block directly from the...

RHEL 7 : qemu-kvm (RHSA-2018:1663) (Spectre)

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

openSUSE Security Update : ucode-intel (openSUSE-2018-24) (Spectre)

This update for ucode-intel fixes the following issues : Update to Intel CPU Microcode version 20180108 boo1075262 - The pre-released microcode fixing some important security issues is now officially published and included in the added tarball. New firmware updates since last version 20170707 are...

KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update

The remote Windows host is missing security update 4053579. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a wa...

Fedora 25 : 2:qemu (2017-f941184db1)

CVE-2017-7718: cirrus: OOB read access issue bz 1443443 - CVE-2016-9603: cirrus: heap buffer overflow via vnc connection bz 1432040 - CVE-2017-7377: 9pfs: fix file descriptor leak bz 1437872 - CVE-2017-7980: cirrus: OOB r/w access issues in bitblt bz 1444372 - CVE-2017-8112: vmwpvscsi: infinite...

Fedora 26 : kernel (2017-deb70b495e)

The 4.11.11 update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introduci...

Cisco Security Manager Java Object Deserialization RCE (CSCux34671)

The version of Cisco Security Manager running on the remote web server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sendi...

IBM MQ Unsupported Version Detection (credentialed check)

According to its self-reported version number, the installation of IBM MQ formerly IBM WebSphere MQ on the remote Windows host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security...

VMware vCenter Server Appliance BlazeDS AMF3 RCE (VMSA-2017-0007)

The version of VMware vCenter Server Appliance installed on the remote host is 6.0 prior to Update 3b or 6.5 prior to Update c. It is, therefore, affected by a flaw in FlexBlazeDS when processing AMF3 messages due to allowing the instantiation of arbitrary classes when deserializing objects. An...

Cisco Identity Services Engine (ISE) Unsupported Version Detection

According to its self-reported version number, the installation of Cisco Identity Services Engine ISE on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)

This update for openssl fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed bsc1019334 - CVE-2016-8610: A remote denial of service in...

SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3111-1)

This update for the Linux Kernel 3.12.51-5231 fixes several issues. The following security bugs were fixed : - CVE-2016-8655: A race condition in the afpacket packetsetring function could be used by local attackers to crash the kernel or gain privileges bsc1012759. - CVE-2016-9555: The sctpsfootb...

RHEL 7 : kernel (RHSA-2016:1657)

An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Debian DSA-3611-1 : libcommons-fileupload-java - security update

The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending fil...

RHEL 7 : kernel (RHSA-2015:2152)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2152 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file...

Ubuntu 15.04 : linux vulnerabilities (USN-2638-1)

Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service system crash. CVE-2015-0275 Wen Xu discovered a use-after-free flaw in the...

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2512-1)

A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service memory corruption or panic or possibly have unspecified impact via the keyctl commands. CVE-2014-9529 A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge...

RHEL 6 : java-1.7.0-ibm (RHSA-2014:1882)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1882 advisory. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several...

RHEL 6 : kernel-rt (RHSA-2012:1150)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1150 advisory. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)

Mozilla Thunderbird was updated to the 3.1.10 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...

Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20131211)

A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the...

Oracle Linux 4 : seamonkey (ELSA-2009-1431)

From Red Hat Security Advisory 2009:1431 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser,...

Oracle Linux 6 : tomcat6 (ELSA-2011-0335)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0335 advisory. - Resolves: CVE-2011-0534 rhbz674601 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 4 : kernel (ELSA-2007-0488)

From Red Hat Security Advisory 2007:0488 : Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kerne...

Scientific Linux Security Update : samba and cifs-utils on SL6.x i386/x86_64

Samba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS Common Internet File System shares. A cross-site scripting XSS flaw was found in the password change page of the Samba Web...

GLSA-201205-03 : Chromium, V8: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201205-03 Chromium, V8: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent...

SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2080)

This update of OpenOfficeorg includes fixes for the following vulnerabilities : - XML signature weakness. CVE-2009-0217 - XPM Import Integer Overflow. CVE-2009-2949 - GIF Import Heap Overflow. CVE-2009-2950 - MS Word sprmTDefTable Memory Corruption. CVE-2009-3301 - MS Word sprmTDefTable Memory...

RHEL 4 : firefox (RHSA-2010:0500)

An updated firefox package that addresses security issues, fixes bugs, adds numerous enhancements, and upgrades Firefox to version 3.6.4, is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common...

RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0155)

Updated java-1.4.2-ibm packages that fix one security issue and a bug are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security...

CentOS 5 : mysql (CESA-2010:0109)

Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL serve...

Fedora 11 : kernel-2.6.29.6-217.2.3.fc11 (2009-8144)

Fix security bugs: CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 Add -fno- delete-null-pointer-checks gcc compile flag to protect against issues similar to CVE-2009-1897. Fix virtioblk driver bug reported against Fedora 10. iwl3945 wireless driver rfkill fixes. Fix DPMS on some nVidia adapters when...