lighttpd mod_fastcgi HTTP Request Header Remote Overflow

The remote web server appears to be lighttpd running with the FastCGI module modfastcgi. The version of the FastCGI module on the remote host is affected by a buffer overflow vulnerability. A remote attacker can exploit this, by sending a specially crafted request with a long header, to add or...

Apache Banner Linux Distribution Disclosure

Nessus was able to extract the banner of the Apache web server and determine which Linux distribution the remote host is running. %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid18261; scriptversion"1.102";...

Security Updates for Azure Pipelines Agent (November 2023)

The Microsoft Azure Pipelines Agent running on the remote host is prior to 2.217.2. It is, therefore affected by a remote code execution vulnerability due to an integer overflow in the embedded mingit component. Note that Nessus has not tested for this issue but has instead relied only on the...

OpenSSL 1.1.1 < 1.1.1x Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1x. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1x advisory. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service...

Splunk Enterprise < 9.0 Multiple Vulnerabilities

The version of Splunk installed on the remote host is prior to 9.0. It is, therefore, affected by multiple vulnerabilities. - The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority CA certificate stores by...

AlmaLinux 8 : python3 (ALSA-2022:1986)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1986 advisory. - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP...

Oracle MySQL Workbench < 8.0.29 (Jan 2022)

The version of Oracle MySQL Workbench installed on the remote Windows host is prior to 8.0.29. It is, therefore, affected by a vulnerability in the MySQL Workbench product of Oracle MySQL component: Workbench: libssh. Supported versions that are affected are 8.0.28 and prior. Easily exploitable...

RHEL 8 : httpd:2.4 (RHSA-2022:1080)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1080 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Errors encountered during...

Oracle Linux 8 : httpd:2.4 (ELSA-2022-1049)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1049 advisory. httpd 2.4.37-43.0.2.3 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-43.3 -...

AlmaLinux 8 : kernel (ALSA-2021:5227)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:5227 advisory. - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user...

Oracle Linux 8 : nodejs:14 (ELSA-2022-0350)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0350 advisory. nodejs 1:14.18.2-2 - Add missing fixes - Resolves: RHBZ2027642, RHBZ2027635 1:14.18.2-1 - Resolves: RHBZ2027609 - Resolves: RHBZ2027649, RHBZ2027646,...

Oracle Linux 7 : openssl (ELSA-2022-9023)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9023 advisory. - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings Tenable has extracted the preceding description block directly from the Oracle Linu...

Photon OS 2.0: C PHSA-2021-2.0-0378

An update of the c package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0378. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc';...

CodeMeter Runtime Buffer Over-read (WIBU-210423-01)

Binary data codemetercve-2021-20093.nbin...

SUSE SLED15: postgresql10 / postgresql10-contrib / postgresql10-devel / etc (SUSE-SU-2021:1970-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1970-1 advisory. - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations bsc1185924. - CVE-2021-32028:...

Debian DLA-2623-1 : qemu security update

Several security vulnerabilities have been discovered in QEMU, a fast processor emulator. CVE-2021-20257 net: e1000: infinite loop while processing transmit descriptors CVE-2021-20255 A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU...

Fedora 33 : python-django (2021-1bb399a5af)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-1bb399a5af advisory. - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are...

CentOS 8 : thunderbird (CESA-2019:1308)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:1308 advisory. - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext CVE-2018-18511 - Mozilla: Use-after-free in XMLHttpRequest CVE-2019-11691 -...

openSUSE Security Update : openssl-1_1 (openSUSE-2020-2223)

This update for openssl-11 fixes the following issues : - CVE-2020-1971: Fixed a NULL pointer dereference in EDIPARTYNAME bsc1179491. This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

Mozilla Thunderbird < 78.5

The version of Thunderbird installed on the remote Windows host is prior to 78.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-52 advisory. - Mozilla developers Steve Fink, Jason Kratzer, Randell Jesup, Christian Holler, and Byron Campen reported memory...

Fedora 33 : 1:java-1.8.0-openjdk (2020-5708dd5b87)

New in release OpenJDK 8u272 2020-10-20: =========================================== Full versions of these release notes can be found at : - https://bitly.com/openjdk8u272 - https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt New features - JDK-8245468: Add TLSv1.3...

Fedora 31 : kernel (2020-5436586091)

The 5.6.15 stable kernel update contains a number of important fixes across the tree. ---- The 5.6.14 stable kernel update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Fedora 30 : git (2020-4e093619bb)

Security fix for CVE-2020-5260 and CVE-2020-11008 CVE-2020-5260 - From the upstream release notes : With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200407)

Security Fixes : - Mozilla: Use-after-free while running the nsDocShell destructor CVE-2020-6819 - Mozilla: Use-after-free when handling a ReadableStream CVE-2020-6820 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid135278;...

Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-4257-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4257-1 advisory. It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use th...

Debian DSA-4571-1 : thunderbird - security update

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 60.x series has ended, so starting with this update we're now following the 68.x...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4820)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4820 advisory. - xfrm: policy: Fix out-of-bound array accesses in xfrmpolicyunlink YueHaibing Orabug: 30322228 CVE-2019-15666 - floppy: fix out-of-bounds read in...

EulerOS Virtualization for ARM 64 3.0.2.0 : python-requests (EulerOS-SA-2019-1947)

According to the version of the python-requests package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 30...

Security Updates for Microsoft SQL Server (Uncredentialed Check) (July 2019)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who...

openSUSE Security Update : compat-openssl098 (openSUSE-2019-1637)

This update for compat-openssl098 fixes the following issues : - CVE-2019-1559: Fix 0-byte record padding oracle via SSLshutdown bsc1127080 - Reject invalid EC point coordinates bsc1131291 - Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' bsc1117951 This update w...

Photon OS 1.0: Linux PHSA-2018-1.0-0097

An update of the linux package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0097. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121797...

Photon OS 1.0: Openssl PHSA-2018-1.0-0175

An update of the openssl package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0175. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Splunk Information Disclosure Vulnerability (SP-CAAAP5E)

The Splunk installation running on the remote web server is affected by an information disclosure vulnerability at a Splunk REST endpoint. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose potentially sensitive information C Tenable Network Securit...

Fedora 28 : community-mysql (2018-f67fda3db6)

MySQL 5.7.23 Release notes https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html CVEs fixed CVE-2018-2767 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 CVE-2018-3071 CVE-2018-3077 CVE-2018-3081 Note that...

Oracle Linux 6 : firefox (ELSA-2018-3831)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2018-3831 advisory. 60.4.0-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 60.4.0-1 - Update to 60.4.0 ESR 60.3.0-...

openSUSE Security Update : texlive (openSUSE-2018-1099)

This update for texlive fixes the following issue : - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex bsc1109673 %NASLMINLEVEL 70300 C Tenable...

KB4103716: Windows 10 May 2018 Security Update

The remote Windows host is missing security update 4103716. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability...

EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1028)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaw...

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20180104) (Spectre)

Security Fixes : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...

OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0046)

The remote OracleVM system is missing necessary patches to address critical security updates : - dccp: fix freeing skb too early for IPV6RECVPKTINFO Andrey Konovalov Orabug: 25598277 CVE-2017-6074 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracte...

OpenSSH 7.x < 7.4 Multiple Vulnerabilities

Binary data 9855.prm...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3047-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3047-1 advisory. Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this...

AIX 7.2 TL 0 : nettcp (IV86132) (SLOTH)

https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...

Debian DSA-3515-1 : graphite2 - security update

Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian DLA-346-1 : openjdk-6 security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. These vulnerabilities relate to execution of arbitrary code, breakouts of the Java sandbox, information disclosure and denial of service. For Debian 6 'Squeeze', these problems have been fixed ...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150311)

It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the uverbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate...

openSUSE Security Update : libserf (openSUSE-SU-2014:1395-1) (POODLE)

libserf was updated to disable SSLv2 and SSLv3. libserf was updated to version 1.3.8 on openSUSE 13.1 and 13.2. This release also fixes a problem with handling very large gzip-encoded HTTP responses. For openSUSE 12.3 libserf 1.1.1 was patched to disable SSLv2 and SSLv3. %NASLMINLEVEL 70300 C...

RHEL 5 : php (RHSA-2014:0312)

Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 and 5.6 Long Life, and Red Hat Enterprise Linux 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability...

RHEL 6 : kernel (RHSA-2014:0419)

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2014:1620)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1620 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple...