F5 Networks BIG-IP : Linux kernel vulnerability (SOL16122)

arch/x86/kernel/entry64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment SS segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. C Tenabl...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-511) (Bar Mitzvah) (Logjam)

OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this...

CentOS 6 : java-1.8.0-openjdk (CESA-2015:0069) (POODLE)

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

OracleVM 2.2 : openssl (OVMSA-2014-0007)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 ...

CentOS 7 : kernel (CESA-2014:1724)

Updated kernel packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Fedora 20 : kernel-3.16.6-203.fc20 (2014-13773)

More KVM CVE fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 9256)

BM Java 6 was updated to version 6 SR16 to fix several security issues and various other bugs. More information can be found at: http://www.ibm.com/developerworks/java/jdk/alerts/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Solaris 10 (x86) : 150401-59 (deprecated)

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to compromise Solaris. Successful attacks of this...

Oracle Linux 6 : kernel (ELSA-2011-1350)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1350 advisory. - Revert: net ipv6: make fragment identifications less predictable Jiri Pirko 723432 723433 CVE-2011-2699 - x86 perf, x86: Fix Intel fixed counters bas...

Oracle Linux 3 : seamonkey (ELSA-2009-1432)

From Red Hat Security Advisory 2009:1432 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser,...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (BEAST)

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI Remote Method Invocation registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry...

Firefox 10.0.x < 10.0.5 Multiple Vulnerabilities

The installed version of Firefox 10.0.x is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Multiple memory corruption errors exist. CVE-2012-1937, CVE-2012-1939 - T...

MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)

The installed version of the Microsoft Report Viewer control fails to properly validate parameters within a data source, which results in a reflected or non-persistent cross-site scripting vulnerability. If an attacker can trick a user into clicking on a link to a malicious server, he could injec...

RHEL 4 : seamonkey (RHSA-2011:0888)

Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

SuSE 10 Security Update : libpoppler (ZYPP Patch Number 7192)

Specially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code. CVE-2010-3702 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SeaMonkey < 2.0.6 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.0.6. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-34 - An error in DOM attribute cloning...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : samba vulnerabilities (USN-839-1)

J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated homes share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. CVE-2009-2813 Tim Prouty discovered that the smbd daemon in Samba...

Mandriva Linux Security Advisory : mysql (MDVSA-2009:094)

Multiple vulnerabilities has been found and corrected in mysql : MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' b single-quote single-quote token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service daemon...

Mac OS X Multiple Vulnerabilities (Security Update 2005-005)

Binary data 2878.prm...

KB5040434: Windows 10 Version 1607 / Windows Server 2016 Security Update (July 2024)

The remote Windows host is missing security update 5040434. It is, therefore, affected by multiple vulnerabilities - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any othe...

Node.js 18.x < 18.20.4 / 20.x < 20.15.1 / 22.x < 22.4.1 Multiple Vulnerabilities (Monday, July 8, 2024 Security Releases).

The version of Node.js installed on the remote host is prior to 18.20.4, 20.15.1, 22.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Monday, July 8, 2024 Security Releases advisory. - The CVE-2024-27980 was identified as an incomplete fix for the BatBadBut...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2022-002)

The version of java-11-openjdk installed on the remote host is prior to 11.0.16.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2022-002 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java S...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9694)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9694 advisory. 4.1.12-124.65.1.1 - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34460939 CVE-2022-2588 Tenable has extracted...

Oracle Linux 9 : java-17-openjdk (ELSA-2022-5736)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5736 advisory. 1:17.0.4.0.8-0.2.ea - Revert the following changes until copy-java-configs has adapted to relative symlinks: - Move cacerts replacement to install...

NewStart CGSL CORE 5.05 / MAIN 5.05 : glibc Vulnerability (NS-SA-2022-0042)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has glibc packages installed that are affected by a vulnerability: - The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an...

IBM Java 6.0 < 6.0.16.70 / 6.1 < 6.1.8.70 / 7.0 < 7.0.10.30 / 7.1 < 7.1.4.30 / 8.0 < 8.0.5.20 Multiple Vulnerabilities (Jul 17, 2018)

The version of IBM Java installed on the remote host is prior to 6.0 6.0.16.70 / 6.1 6.1.8.70 / 7.0 7.0.10.30 / 7.1 7.1.4.30 / 8.0 8.0.5.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle July 17 2018 CPU advisory. - Vulnerability in the Java SE, Java SE Embedd...

RHEL 8 : openssl (RHSA-2022:1091)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1091 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2022-1181)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field...

CentOS 8 : grafana (CESA-2021:4226)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4226 advisory. - grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call CVE-2021-27358 - golang: crypto/elliptic:...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2569)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version 5.11-rc4...

Debian DLA-2711-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2711 advisory. Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. CVE-2021-30547 Description For Debian 9 stretch,...

openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:2354-1)

"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2354-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...

NewStart CGSL MAIN 4.06 : bind Multiple Vulnerabilities (NS-SA-2021-0003)

The remote NewStart CGSL host, running version MAIN 4.06, has bind packages installed that are affected by multiple vulnerabilities: - Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses th...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1028)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the...

RHEL 8 : mariadb:10.3 (RHSA-2020:5665)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5665 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded ...

SUSE SLES12 Security Update : xen (SUSE-SU-2020:1630-1)

This update for xen fixes the following issues : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling SRBDS or 'CrossTalk'...

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2020:1225-1)

This update for MozillaThunderbird fixes the following issues : Update to 68.8.0 ESR MFSA 2020-18 bsc1171186 - CVE-2020-12397 bmo1617370 Sender Email Address Spoofing using encoded Unicode characters - CVE-2020-12387 bmo1545345 Use-after-free during worker shutdown - CVE-2020-6831 bmo1632241 Buff...

Debian DSA-4641-1 : webkit2gtk - security update

The following vulnerability has been discovered in the webkit2gtk web engine : - CVE-2020-10018 Sudhakar Verma, Ashfaq Ansari and Siddhant Badhe discovered that processing maliciously crafted web content may lead to arbitrary code execution. C Tenable Network Security, Inc. The descriptive text a...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4163-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4163-1 advisory. It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An...

Fedora 31 : 1:openssl (2019-9ab7ee6309)

Minor update release 1.1.1d with low impact security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additiona...

LibreOffice < 6.2.7 / 6.3.x < 6.3.1 Directory Traversal (macOS)

The version of LibreOffice installed on the remote macOS host is prior to 6.2.7 or 6.3.x prior to 6.3.1. It is, therefore, affected by a directory traversal vulnerability. This is due to a feature in LibreOffice which allows documents to specify pre-installed macros that can be executed on variou...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1829-1)

The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such...

EulerOS Virtualization 2.5.4 : openssl (EulerOS-SA-2019-1201)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigat...

SUSE SLES12 Security Update : qemu (SUSE-SU-2018:1362-2) (Spectre)

This update for qemu fixes several issues. This security issue was fixed : CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests bsc1092885. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior...

Apache Tomcat 9.0.0.M1 < 9.0.12 Open Redirect Weakness

The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.12. It is, therefore, affected by a open redirect vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid118037;...

KB4338823: Windows 7 and Windows Server 2008 R2 July 2018 Security Update

The remote Windows host is missing security update 4338823 or cumulative update 4338818. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. CVE-2018-8202 - A...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3678-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3678-1 advisory. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker...

Debian DSA-4196-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. - CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM...

RHEL 6 : kernel (RHSA-2018:1351)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1351 advisory. - Kernel: error in exception handling leads to DoS CVE-2018-8897 Note that Nessus has not tested for this issue but has instead relied only on the...

Slackware 14.2 / current : openssl (SSA:2017-306-02)

New openssl packages are available for Slackware 14.2 and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-306-02. The text itself is copyright C...