337960 matches found
Fedora 11 : kernel-2.6.29.5-191.fc11 (2009-6768)
Update to kernel 2.6.29.5: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.5 Includes DRM modesetting bug fixes. Adds driver for VIA SD/MMC controllers and full support for the Nano processor in 64-bit mode. Note that Tenable Network Security has extracted the preceding description...
FreeBSD : cups -- remote code execution and DNS rebinding (736e55bc-39bb-11de-a493-001b77d09812)
Gentoo security team summarizes : The following issues were reported in CUPS : - iDefense reported an integer overflow in the cupsImageReadTIFF function in the 'imagetops' filter, leading to a heap-based buffer overflow CVE-2009-0163. - Aaron Siegel of Apple Product Security reported that the CUP...
Debian DSA-1707-1 : iceweasel - several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS...
CentOS 4 / 5 : thunderbird (CESA-2008:0908)
Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws...
Slackware 10.2 / 11.0 / 12.0 / 12.1 : mozilla-firefox (SSA:2008-198-01)
New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and 12.1 to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2008-198-01. The text itself is...
WS-Management Server Detection
The remote web server supports the Web Services for Management WS-Management specification, a general web services protocol based on SOAP for managing systems, applications, and other such entities. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid33139;...
Solaris 5.9 (x86) : 120190-19
StarSuite 8 Solarisx86: Update 14. Date this patch was last updated by Sun : Sep/11/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
JQuery < 3.5.0 XSS
In JQuery version greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of JQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Initial CVE-2020-23064 mentioned in the...
KB5025288: Windows 8.1 Embedded and Windows Server 2012 R2 Security Update (April 2023)
The remote Windows host is missing security update 5025288. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2023-28275 - Windows Pragmatic General Multicast PGM Remote Code Execution Vulnerability...
PHP 8.0.x < 8.0.25 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.0.25. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.0.25 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allow...
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1475)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of memory bounds write flaw 1 or 2 bytes of memory in the Linux kernel NFS subsystem was found in the way users use mirroring replication...
SUSE SLES12: libdcerpc-binding0 / libdcerpc-binding0-32bit / libdcerpc0 / etc (SUSE-SU-2022:0252-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:0252-1 advisory. - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfsfruit module. bsc1194859 Tenable has extracted the preceding description block directly fro...
CentOS 7 : httpd (RHSA-2021:3856)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3856 advisory. - A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server...
EulerOS 2.0 SP5 : glibc (EulerOS-SA-2021-2660)
According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called...
Oracle Linux 6 : openssl (ELSA-2021-9150) (deprecated)
This plugin has been deprecated, please use oraclelinuxELSA-2021-9137.nasl instead. C Tenable Network Security, Inc. @DEPRECATED@ The descriptive text and package checks in this plugin were extracted from Oracle Linux Security Advisory ELSA-2021-9150. Disabled on 2021/04/28. Use...
Fedora 33 : mingw-glib2 (2021-7c71cda8da)
The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-7c71cda8da advisory. - An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a...
RHEL 7 : python (RHSA-2021:0761)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0761 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
Oracle Linux 8 : nodejs:10 (ELSA-2021-0548)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0548 advisory. nodejs 1:10.23.1-1 - January Security release - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/ - Rebase to 10.23.1 - Resolves...
Oracle Linux 8 : nodejs:10 (ELSA-2020-2848)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2848 advisory. - Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) Multiple Vulnerabilities (000253095)
The Trend Micro InterScan Web Security Virtual Appliance is affected by multiple vulnerabilities : - A path traversal vulnerability exists in the Apache Solr application due to improper validation of a user-supplied path prior to using it in file operations when parsing the file parameter in an...
Amazon Linux AMI : kernel (ALAS-2020-1382)
The version of kernel installed on the remote host is prior to 4.14.177-107.254. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1382 advisory. A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw...
Apple iCloud 10.x < 10.9.2 Multiple Vulnerabilities
According to its version, the iCloud application installed on the remote Windows host is 10.x prior to 10.9.2. It is, therefore, affected by multiple vulnerabilities: - An arbitrary code execution vulnerability exist with in the WebKit due to multiple memory corruption issues. An unauthenticated,...
openSUSE Security Update : MozillaFirefox (openSUSE-2020-621)
This update for MozillaFirefox fixes the following issues : Update to version 68.8.0 ESR bsc1171186 : - CVE-2020-12387: Use-after-free during worker shutdown - CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens - CVE-2020-12389: Sandbox escape with improperly separated process...
Oracle Linux 8 : firefox (ELSA-2020-1406)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1406 advisory. - Added fix for mozbz1348168/CVE-2017-5428 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...
RHEL 8 : java-1.8.0-openjdk (RHSA-2020:0202)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0202 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...
OpenSSL 1.0.2 < 1.0.2u Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.2u. It is, therefore, affected by a vulnerability as referenced in the 1.0.2u advisory. - There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are...
EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2106)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the...
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1972)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500...
RHEL 7 : Virtualization Manager (RHSA-2019:1206) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
An update for rhvm-setup-plugins is now available for Red Hat Virtualization 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
KB4499179: Windows 10 Version 1709 and Windows Server Version 1709 May 2019 Security Update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
The remote Windows host is missing security update 4499179. It is, therefore, affected by multiple vulnerabilities : - A new subclass of speculative execution side channel vulnerabilities, known as Microarchitectural Data Sampling, exist in Windows. An attacker who successfully exploited these...
RHEL 7 : java-1.7.0-openjdk (RHSA-2019:0791)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0791 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security...
RHEL 6 : java-1.7.0-openjdk (RHSA-2019:0462)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0462 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fixes:...
Oracle Linux 7 : kernel (ELSA-2018-3083)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3083 advisory. - fs exec: Limit arg stack to at most 75 of STKLIM Yauheni Kaliuta 1625991 CVE-2018-14634 - fs exec: account for argv/envp pointers Yauheni Kaliuta...
openSUSE Security Update : tiff (openSUSE-2018-1242)
This update for tiff fixes the following issues : Security issue fixed : - CVE-2018-10779: TIFFWriteScanline in tifwrite.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.bsc1092480 - CVE-2018-17100: There is a int32 overflow in multiplyms in tools/ppm2tiff.c, which can cause a...
SUSE SLES11 Security Update : xen (SUSE-SU-2018:0678-1) (Meltdown) (Spectre)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks bsc1074562, bsc1068032 - CVE-2018-5683: The vgadrawtext function...
Oracle Java SE Multiple Vulnerabilities (January 2018 CPU)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 9 Update 4, 8 Update 161, 7 Update 171, or 6 Update 181. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Deployment - Hotspot - I18n -...
PHP 7.0.x < 7.0.25 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.25. It is, therefore, affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid104632;...
Security Updates for Microsoft Skype for Business and Microsoft Lync and Microsoft Live Meeting (September 2017)
The Microsoft Skype for Business or Microsoft Lync or Microsoft Live Meeting installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the...
EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1154)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be...
OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0126) (Stack Clash)
The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0126 for details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory...
RHEL 5 : nss (RHSA-2017:1103)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1103 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...
SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1)
This update for compat-openssl098 fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed bsc1019334 - CVE-2016-8610: A remote denial of...
Cisco Identity Services Engine (ISE) Unsupported Version Detection
According to its self-reported version number, the installation of Cisco Identity Services Engine ISE on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security...
RHEL 6 : kernel (RHSA-2017:0293)
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RHEL 6 / 7 : ntp (RHSA-2017:0252)
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Oracle Linux 7 : qemu-kvm (ELSA-2016-2585)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2585 advisory. - Resolves: bz1359729 CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS rhel-7.3 - Resolves: bz1340929...
OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0095)
The remote OracleVM system is missing necessary patches to address critical security updates : - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393864 CVE-2016-4470 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM...
Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 8 Update 101, 7 Update 111, or 6 Update 121. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the CORBA subcomponent that allows an unauthenticated,...
openSUSE Security Update : openssl (openSUSE-2016-292) (DROWN)
This update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...
Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20160107) (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...