openSUSE Security Update : gcc9 (openSUSE-2020-716)

This update includes the GNU Compiler Collection 9. This update ships the GCC 9.3 release. A full changelog is provided by the GCC team on : https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgccs1, libstdc++6 and others are now built by the gcc 9 packages. ...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory Security, 8231415...

CentOS 7 : qemu-kvm (RHSA-2020:1116)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1116 advisory. - tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMUIRC. This can cause a heap-based...

openSUSE Security Update : python3 (openSUSE-2019-1282)

This update for python3 fixes the following issues : Security issue fixed : - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization bsc1129346. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL...

RHEL 7 : thunderbird (RHSA-2019:0160)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0160 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fixes: Mozilla:...

Slackware 14.0 / 14.1 / 14.2 / current : openssl (SSA:2018-325-01)

New openssl packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-325-01. The text itself is copyright C Slackware Linux, Inc...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1223-1)

This update for the Linux Kernel 4.4.114-9267 fixes one issue. The following security issue was fixed : - CVE-2018-1000199: A bug in x86 debug register handling of ptrace could lead to memory corruption, possibly a denial of service or privilege escalation bsc1090036. Note that Tenable Network...

SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0061-1)

This update for java-170-ibm fixes the following issues : - Security update to version 7.0.10.15 bsc1070162 : - CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347...

EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1245)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The iscsiifrx function in drivers/scsi/scsitransportiscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service...

CentOS 7 : httpd (CESA-2017:2479)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Amazon Linux AMI : glibc (ALAS-2017-844) (Stack Clash)

Glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

Microsoft SQL Server 2012 SP3 11.0.6020.0 through 11.0.6247.0 Multiple Privilege Escalation (3194721)

Binary data 9811.prm...

MariaDB Server 10.0.x < 10.0.28 Multiple Vulnerabilities

Binary data 9752.prm...

Fedora 22 : mingw-libxml2-2.9.3-1.fc22 (2016-a9ee80b01d)

Update to 2.9.3 which fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20160121) (SLOTH)

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

CentOS 6 / 7 : openssl (CESA-2015:2617)

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

SUSE SLES10 Security Update : Xen (SUSE-SU-2014:0470-1)

The SUSE Linux Enterprise 10 Service Pack 3 LTSS Xen hypervisor and toolset have been updated to fix various security issues : The following security issues have been addressed : XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cau...

Debian DSA-3169-1 : eglibc - security update

Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library : - CVE-2012-3406 The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not 'properly restrict the use of' the alloca function when allocating...

Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2014-1636)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1636 advisory. 1:1.8.0.25-1.b17 - Update to October CPU patch update. - Resolves: RHBZ1148896 1:1.8.0.20-3.b26 - fixed headless policytool moved to normal -...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3082)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3082 advisory. - ALSA: control: Don't access controls outside of protected regions Lars-Peter Clausen Orabug: 19817786 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 -...

Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10629)

According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - An error exists in the ssl3readbytes function that permits data to be injected into other sessions or allows denial of service attacks. Note that this...

Firefox ESR < 17.0.10 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR is earlier than 17.0.10 and is, therefore, potentially affected by the following vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosu...

Oracle Linux 5 : postgresql (ELSA-2009-1484)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1484 advisory. 8.1.18-2.el54.1 - Remove unnecessary .o file that confuses TPS tests Related: 525284 8.1.18-1.el54.1 - Update to PostgreSQL 8.1.18 to fix CVE-2009-0922...

CentOS 5 : java-1.7.0-openjdk (CESA-2013:0603)

Updated java-1.7.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64

A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. CVE-2010-4476 A flaw was found in the Tomcat NIO Non-Blocking I/O connector. A remote attacker could...

Fedora 14 : maniadrive-1.2-27.fc14 / php-5.3.6-1.fc14 / php-eaccelerator-0.9.6.1-6.fc14 (2011-3636)

Security Enhancements and Fixes in PHP 5.3.6 : - Fixed bug 54247 format-string vulnerability on Phar. CVE-2011-1153 - Fixed bug 54193 Integer overflow in shmopread. CVE-2011-1092 - Fixed bug 54055 buffer overrun with high values for precision ini setting. - Fixed bug 54002 crash on crafted tag in...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6884)

This update of OpenOfficeorg includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption...

CentOS 4 : thunderbird (CESA-2010:0544)

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...

openSUSE Security Update : seamonkey (openSUSE-SU-2010:0273-1)

This update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues. Following security issues are fixed: MFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can...

Debian DSA-1931-1 : nspr - several vulnerabilities

Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1563 A programming error in the string handling code may lead t...

SuSE9 Security Update : Tomcat (YOU Patch Number 12460)

This update of tomcat fixes several vulnerabilities : - RequestDispatcher usage can lead to information leakage. CVE-2008-5515 - denial of service via AJP connection. CVE-2009-0033 - some authentication classes allow user enumeration. CVE-2009-0580 - XSS bug in example application cal2.jsp...

SuSE 11 Security Update : ruby (SAT Patch Number 1073)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

openSUSE 10 Security Update : kdegraphics3-pdf (kdegraphics3-pdf-4681)

A buffer overflow in the xpdf code contained in kpdf could be exploited by attackers to potentially execute arbitrary code CVE-2007-5393. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

PHP 8.1.x < 8.1.20

The version of PHP installed on the remote host is prior to 8.1.20. It is, therefore, affected by a vulnerability as referenced in the Version 8.1.20 advisory. - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

Security Updates for Sysinternals Sysmon (December 2022)

The Sysinternals Sysmon installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2022-44704 %NASLMINLEVEL 80900 C Tenable Networ...

SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:2268-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2268-1 advisory. - In aiopollcompletework of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalati...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9480)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9480 advisory. - perf: Fix sysperfeventopen race against self Peter Zijlstra Orabug: 34211086 CVE-2022-1729 - debug: Lock down kgdb Stephen Brennan Orabug: 342110...

RHEL 8 : openssl (RHSA-2022:1065)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1065 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

RHEL 8 : cyrus-sasl (RHSA-2022:0658)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0658 advisory. The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer SASL. SASL is a method for adding authentication...

EulerOS Virtualization 3.0.2.0 : vim (EulerOS-SA-2021-2845)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3778, CVE-2021-3872, CVE-2021-3984 - vim is vulnerable to Use After Free...

Debian DLA-2647-1 : bind9 security update

Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2021-25214 Greg Kuechle discovered that a malformed incoming IXFR transfer could trigger an assertion failure in named, resulting in denial of service. CVE-2021-25215 Siva Kakarla discovered that named could crash...

Ubuntu 18.04 LTS / 20.04 LTS : Django vulnerability (USN-4742-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4742-1 advisory. It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web...

Fedora 32 : python39 (2021-e3a5a74610)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-e3a5a74610 advisory. - Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python...

MySQL 8.0.x < 8.0.23 Multiple Vulnerabilities (Jan 2021 CPU)

The version of MySQL running on the remote host is 8.0.x prior to 8.0.23. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the January 2021 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle MySQL component: Server:...

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2020:3732-1)

This update for openssl-100 fixes the following issues : CVE-2020-1971: Fixed a NULL pointer dereference in EDIPARTYNAME bsc1179491. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

KB4586830: Windows 10 Version 1607 and Windows Server 2016 November 2020 Security Update

The Microsoft 4586830 Product is missing security updates. - Remote Desktop Protocol Server Information Disclosure Vulnerability CVE-2020-16997 - DirectX Elevation of Privilege Vulnerability CVE-2020-16998 - Windows WalletService Information Disclosure Vulnerability CVE-2020-16999 - Remote Deskto...

Debian DLA-2333-1 : imagemagick security update

Several security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image...

EulerOS 2.0 SP2 : bind (EulerOS-SA-2020-1676)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can,...

CentOS 6 : java-1.7.0-openjdk (RHSA-2020:1508)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1508 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

EulerOS 2.0 SP8 : python2 (EulerOS-SA-2019-2114)

According to the versions of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This...