337866 matches found
Fedora 29 : 2:qemu / libvirt (2019-0332a96d31) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
Define md-clear CPUID bit. Assuming an updated host kernel and microcode, the md-clear bit will be automatically exposed to guests using the QEMU '-cpu host' arg, or libvirt 'host-model' or 'host-passthrough' configurations. Guests using a named CPU model it must be manually updated to add this...
Kibana ESA-2018-18
Nethanel Coppenhagen of CyberArk Labs discovered Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2113-1)
This update for the Linux Kernel 3.12.74-606460 fixes several issues. The following security issue was fixed : - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data fr...
EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1085)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to...
Solaris 10 (sparc) : 123590-12
SunOS 5.10: PostgreSQL patch. Date this patch was last updated by Sun : Jan/14/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1909-1) (Stack Clash)
This update for the Linux Kernel 3.12.67-606418 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be 'jumped' over the stack...
Debian DLA-939-1 : qemu-kvm security update
Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware based on Quick EmulatorQemu. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2016-9603 qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator and the V...
Oracle Linux 5 / 6 / 7 : thunderbird (ELSA-2017-0498)
The remote Oracle Linux 5 / 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2017-0498 advisory. 45.8.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 45.8.0-1 - Update to 45.8.0 Tenable has...
Oracle Linux 7 : kernel (ELSA-2016-1633)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-1633 advisory. - net tcp: enable per-socket rate limiting of all 'challenge acks' Florian Westphal 1355603 1355605 CVE-2016-5696 - net tcp: uninline tcpoowratelimited Florian...
Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-1458)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1458 advisory. 1:1.8.0.101-3.b13 - Replace bad 8159244 patch from upstream 8u with fresh backport from OpenJDK 9. - Resolves: rhbz1350034 1:1.8.0.101-2.b13 - Add...
OracleVM 3.2 : openssl (OVMSA-2016-0071)
The remote OracleVM system is missing necessary patches to address critical security updates : - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 John Haxby orabug 21673934 - Backport openssl 08-Jan-2015 security fixes John Haxby orabug 20409893 - f...
Debian DLA-410-1 : openjdk-6 security update (SLOTH)
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography. CVE-2015-7575 A flaw was found in the way TLS 1.2 could use the MD5 hash functio...
Debian DSA-3414-1 : xen - security update
Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
MySQL Enterprise Monitor 2.3.x < 2.3.21 / 3.0.x < 3.0.23 Multiple Vulnerabilities
According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 2.3.x prior to 2.3.21 or 3.0.x prior to 3.0.23. It is, therefore, potentially affected by multiple vulnerabilities : - An invalid read error exists in the ASN1TYPEcmp function due to...
openSUSE Security Update : openssl (openSUSE-2015-447) (Logjam)
openssl was updated to fix six security issues. The following vulnerabilities were fixed : - CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default. boo931698 - CVE-2015-1788: Malformed ECParameters...
Debian DSA-3284-1 : qemu - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2015-3209 Matt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a gues...
VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)
The version of VMware Workstation installed on the remote host is version 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into...
openSUSE Security Update : seamonkey (openSUSE-2011-34)
SeaMonkey was updated to version 2.5 to fix several security issues : - MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS - MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards - MFSA 2011-49/CVE-2011-3650 bmo674776 Memory...
MS KB2868725: Update for Disabling RC4
The remote host is missing KB2868725, an update for disabling the weak RC4 cipher suite. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70854; scriptversion"1.3"; scriptcvsdate"Date: 2018/11/15 20:50:28"; scriptxrefname:"MSKB", value:"2868725"; scriptnameenglish:"MS...
Oracle Linux 5 / 6 : samba (ELSA-2012-0465)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-0465 advisory. - Security Release, fixes CVE-2012-1182 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
Oracle Linux 6 : kernel (ELSA-2012-0481)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0481 advisory. - Revert: fs NFSv4: include bitmap in nfsv4 get acl data Sachin Prabhu 753231 753232 CVE-2011-4131 - kernel regset: Return -EFAULT, not -EIO, on...
Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776,...
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6641)
This update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. The following security issues were fixed: CVE-2009-3238: The getrandomint function in drivers/char/random.c in the Linux kernel produces insufficiently random numbers, which allows attackers to...
CentOS 4 : seamonkey (CESA-2011:0313)
Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...
Mandriva Linux Security Advisory : poppler (MDVSA-2010:230)
Multiple vulnerabilities were discovered and corrected in poppler : The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service crash via unknown vectors that trigger an uninitialized pointer dereference CVE-2010-3702. The FoFiType1::pars...
Fedora 11 : Miro-2.5.2-5.fc11 / blam-1.8.5-15.fc11 / chmsee-1.0.1-12.fc11 / eclipse-3.4.2-17.fc11 / etc (2009-10878)
Update to new upstream Firefox version 3.5.4, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.htmlfirefox3.5.4 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox /...
CentOS 3 : python (CESA-2009:1178)
Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the...
Firefox 3.0.x < 3.0.7 Multiple Vulnerabilities
The installed version of Firefox 3.0.x is earlier than 3.0.7. Such versions are potentially affected by the following security issues : - By exploiting stability bugs in the browser engine, it might be possible for an attacker to execute arbitrary code on the remote system under certain condition...
Coppermine Photo Gallery < 1.4.19 data Cookie Local File Inclusion
Binary data 4613.prm...
RHEL 2.1 / 3 / 4 / 5 : samba (RHSA-2007:1114)
Updated samba packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. Samba is a suite of programs used by machines to share files, printers, and other...
Debian DSA-1408-1 : kdegraphics - buffer overflow
Alin Rad Pop discovered a buffer overflow in kpdf, which could allow the execution of arbitrary code if a malformed PDF file is displayed. The old stable distribution sarge will be fixed later. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
RHEL 2.1 : kernel (RHSA-2007:0672)
Updated kernel packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 32-bit architectures. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of th...
MyBB Detection
The remote host is running MyBB formerly known as MyBulletinBoard, a web-based bulletin board system written in PHP utilizing MySQL for its back-end storage. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid20841; scriptversion"1.21";...
writesrv Service Detection
This service gives potential attackers information about who is connected and who isn't, easing social engineering attacks for example. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11222; scriptversion "$Revision: 1.12 $"; scriptcvsdate"$Date: 2011/03/11 21:52:41 $"...
Dell EMC NetWorker RCE (DSA-2023-041)
The version of Dell EMC NetWorker installed on the remote Windows host is affected by a remote code execution vulnerability in the NetWorker Client execution service nsrexecd irrespective of any auth used. Note that Nessus has not tested for this issue but has instead relied only on the...
Azul Zulu Java Multiple Vulnerabilities (2023-01-17)
The version of Azul Zulu installed on the remote host is prior to 6 6.53.0.12 / 7 7.59.0.18 / 8 8.67.0.22 / 11 11.61.18 / 13 13.53.18 / 15 15.45.18 / 17 17.39.20 / 19 19.32.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023-01-17 advisory. - Vulnerability in the...
SUSE SLED12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2022:2719-1)
The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2719-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following...
AlmaLinux 8 : kernel-rt (5565) (ALSA-2022:5565)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:5565 advisory. - kernel: race condition in perfeventopen leads to privilege escalation CVE-2022-1729 Note that Nessus has not tested for this issue but has instead relied only on...
Oracle Linux 8 : glibc (ELSA-2022-0896)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0896 advisory. - CVE-2021-3999: getcwd: align stack on clone in aarch64 and fix a memory leak 2032280 - CVE-2022-23218, CVE-2022-23219: Fix buffer overflows in sunrpc...
Oracle Linux 8 : kernel (ELSA-2022-0188)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0188 advisory. - vfs: Out-of-bounds write of heap buffer in fscontext.c Frantisek Hrbata 2040585 2040586 CVE-2022-0185 - xfs: map unwritten blocks in XFSIOCALLOC,FREE...
Windows HTTP Protocol Stack CVE-2022-21907 Mitigation (EnableTrailerSupport)
The remote system may be in a vulnerable state to CVE-2022-21907 by having the following registry key set: - HKLM\System\CurrentControlSet\Services\HTTP\Parameters\EnableTrailerSupport An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute...
openSUSE 15 Security Update : samba (openSUSE-SU-2021:3650-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3650-1 advisory. - An attacker can downgrade a negotiated SMB1 client connection and its capabitilities. Kerberos authentication is only possible with the...
RHEL 7 : thunderbird (RHSA-2021:2881)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2881 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Security Fixes: Mozilla:...
RHEL 7 : python (RHSA-2021:0528)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0528 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2020:1644)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1644 advisory. - jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14540 - jackson-databind: Serialization gadgets in...
EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2020-1953)
According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This fla...
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4439-1 advisory. It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An...
EulerOS Virtualization 3.0.6.0 : kvm (EulerOS-SA-2020-1792)
According to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor...
RHEL 6 : microcode_ctl (RHSA-2020:2706)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2706 advisory. Security Fixes: hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543 hw: L1D Cache Eviction Sampling CVE-2020-0549 hw: Vector...
EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)
According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker...