IBM Java 7.0 < 7.0.10.80 / 7.1 < 7.1.4.80 / 8.0 < 8.0.6.25

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.80 / 7.1 7.1.4.80 / 8.0 8.0.6.25. It is, therefore, affected by a vulnerability as referenced in the Oracle January 19 2021 CPU advisory. - Vulnerability in the Java SE product of Oracle Java SE component: Libraries...

RHEL 7 : rh-mariadb103-mariadb (RHSA-2022:1010)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1010 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The...

Oracle Linux 8 : gnutls (ELSA-2022-9221)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9221 advisory. 3.6.16-4.0.1fips - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 Orabug...

FreeBSD : polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync (36a35d83-c560-11eb-84ab-e0d55e2a8bf9)

Cedric Buissart reports : The function polkitsystembusnamegetcredssync is used to get the uid and pid of the process requesting the action. It does this by sending the unique bus name of the requesting process, which is typically something like ':1.96', to dbus-daemon. These unique names are...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0012)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have...

RHEL 8 : grub2 (RHSA-2021:0696)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0696 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

Debian DLA-2563-1 : openssl security update

It was discovered that there were two issues in the openssl cryptographic system : - CVE-2021-23840: Prevent an issue where 'Digital EnVeloPe' EVP-related calls could cause applications to behave incorrectly or even crash. - CVE-2021-23841: Prevent an issue in the X509 certificate parsing caused ...

Amazon Linux AMI : expat (ALAS-2021-1459)

The version of expat installed on the remote host is prior to 2.1.0-12.24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1459 advisory. It was discovered that the setElementTypePrefix function incorrectly extracted XML namespace prefixes. By tricking an...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1009)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the...

RHEL 7 : kernel (RHSA-2020:5430)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5430 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: out of bounds write in functio...

Oracle Linux 7 : freeradius (ELSA-2020-3984)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3984 advisory. 3.0.13-15 - Fixes EAP-PWD: DoS issues due to multithreaded BNCTX access Resolves: bz1818808 3.0.13-14 - Fixes receiving of multiple RADIUS packets unde...

Oracle Linux 7 : java-11-openjdk (ELSA-2020-2969)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2969 advisory. 1:11.0.8.10-0.0.1 - link atomic for ix86 build 1:11.0.8.10-0 - Update to shenandoah-jdk-11.0.8+10 GA - Switch to GA mode for final release. - Update...

EulerOS 2.0 SP3 : nss-util (EulerOS-SA-2020-1415)

According to the version of the nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory a...

Mozilla Firefox ESR < 68.4

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-02 advisory. - Mozilla developers Jason Kratzer, Christian Holler, and Bob Clary reported memory safety bugs present in...

Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2019-3158)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3158 advisory. 1:1.7.0.241-2.6.20.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.241-2.6.20.0 - Bump to 2.6.20 and OpenJDK 7u241-b01. - Drop PR1834/RH1022017 which is...

RHEL 7 : kernel (RHSA-2019:2866)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2866 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A buffer overflow flaw was found in the way Lin...

openSUSE Security Update : python-urllib3 (openSUSE-2019-2133)

This update for python-urllib3 fixes the following issues : Security issues fixed : - CVE-2019-9740: Fixed CRLF injection issue bsc1129071. - CVE-2019-11324: Fixed invalid CA certificat verification bsc1132900. - CVE-2019-11236: Fixed CRLF injection via request parameter bsc1132663. This update w...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1870-1) (SACK Slowness)

The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-5390 aka 'SegmentSmack': A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario...

SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2019:1296-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for ucode-intel fixes the following issues : ucode-intel was updated to official QSR 2019.1 microcode release bsc1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV ...

SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:1236-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for ucode-intel fixes the following issues : This update contains the Intel QSR 2019.1 Microcode release bsc1111331 Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS...

EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldapgetattributeber function. A...

Debian DSA-4434-1 : drupal7 - security update

A cross-site scripting vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-006 . C Tenable Network Security, Inc. The descriptive text and package checks in...

EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1236)

According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4xattrinodehash function. An attacker could tric...

Debian DLA-1566-1 : mysql-5.5 security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.62, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :...

openSUSE Security Update : qemu (openSUSE-2018-603) (Spectre)

This update for qemu fixes the following issues : This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests bsc1092885. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of...

CentOS 6 : kernel (CESA-2018:0008) (Meltdown) (Spectre)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1256)

According to the version of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in...

RHEL 6 : MRG (RHSA-2017:2705) (BlueBorne)

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

MS17-017: Security Update for Windows Kernel (4013081)

The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2017-3516)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3516 advisory. - vfs: read filehandle only once in handletopath Sasha Levin Orabug: 25388709 CVE-2015-1420 - USB: usbfs: fix potential infoleak in devio Kangjie L...

openSUSE Security Update : qemu (openSUSE-2016-1504)

This update for qemu to version 2.6.2 fixes the several issues. These security issues were fixed : - CVE-2016-7161: Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU aka Quick Emulator allowed attackers to execute arbitrary code on the QEMU host via a large...

MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.35. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition...

Microsoft SQL Server 2014 SP1 12.0.4100.0 through 12.0.4231.0 Privilege Escalation (3194720)

Binary data 9812.prm...

RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:2088)

An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which give...

Debian DLA-529-1 : tomcat7 security update

A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer 4096 bytes used to read the uploaded file. This caused the file upload process to take several orders of magnitude longer than if th...

OracleVM 3.3 / 3.4 : nss-util (OVMSA-2016-0034)

The remote OracleVM system is missing necessary patches to address critical security updates : - Actually apply the fix for CVE-2016-1950 from NSS 3.19.2.3 ... - Rebuild to ensure use of correct NSPR. - Include the fix for CVE-2016-1950 from NSS 3.19.2.3 %NASLMINLEVEL 70300 C Tenable Network...

AIX Java Advisory : java_jan2016_advisory.asc (January 2016 CPU) (SLOTH)

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following components : - 2D - AWT - IBM J9 JVM - JAXP - JMX - Libraries - Networking - Security %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

AIX 6.1 TL 8 : sendmail (IV75644) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...

RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0264 advisory. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a...

openSUSE Security Update : bash (openSUSE-SU-2014:1308-1) (Shellshock)

Replace patches bash-4.2-heredoc-eof-delim.patch and bash-4.2-parse-exportfunc.patch with the official upstream patch levels bash42-052 and bash42-053 - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level bash42-051 - Make bash-4.2-extra-import-func.patch an optional patch due...

Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2014-1634)

The remote Oracle Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1634 advisory. 1:1.6.0.33-1.13.5.0 - Update to IcedTea 1.13.5 - Remove upstreamed patches. - Regenerate add-final-location-rpaths patch against new release. -...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0964-1)

update to icedtea-2.3.9 bnc816720 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework RMI model -...

RHEL 5 : kvm (RHSA-2012:0676)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0676 advisory. - kernel: kvm: irqchipinkernel and vcpu-arch.apic inconsistency CVE-2012-1601 - kvm: device assignment page leak CVE-2012-2121 Note that...

IBM WebSphere Portal Dojo Module Arbitrary File Download

The version of WebSphere Portal on the remote host is using a vulnerable version of the Dojo toolkit. Input to the 'path' parameter of layerLoader.jsp is not properly validated. A remote, unauthenticated attacker could exploit this to download arbitrary files. This vulnerability exists due to an...

Oracle Java SE 7 <= Update 11 Multiple Vulnerabilities (February 2013 CPU)

Binary data 6685.prm...

FreeBSD : libxml -- Stack consumption vulnerability (5a7d4110-0b7a-11e1-846b-00235409fd3e)

Stack consumption vulnerability allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

Mandriva Linux Security Advisory : php (MDVSA-2011:052)

Multiple vulnerabilities has been identified and fixed in php : The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service applicatio...

openSUSE Security Update : kdelibs3 (kdelibs3-1648)

KDE KDELibs Remote Array Overrun Arbitrary code execution, CVE-2009-0689 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update kdelibs3-1648. The text description of this plugin is C SUSE LLC...

CentOS 4 / 5 : firefox (CESA-2008:0207)

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the...

Fedora 7 : cups-1.2.12-7.fc7 (2007-3100)

This update fixes several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...