Photon OS 2.0: Python2 PHSA-2019-2.0-0171

An update of the python2 package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0171. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CentOS 7 : java-1.7.0-openjdk (CESA-2019:0791)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20181018)

Security Fixes : - OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 - OpenJDK: Unrestricted access to scripting engine Scripting, 8202936 CVE-2018-3183 - OpenJDK: Incomplete enforcement of the trustURLCodebase restriction JNDI, 8199177 CVE-2018-3149 - OpenJDK: Incorrect handli...

SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2018:3207-1)

This update for binutils to 2.31 fixes the following issues : These security issues were fixed : CVE-2017-15996: readelf allowed remote attackers to cause a denial of service excessive memory allocation or possibly have unspecified other impact via a crafted ELF file that triggered a buffer...

Debian DLA-1531-1 : linux-4.9 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-6554 A memory leak in the irdabind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a deni...

Fedora 27 : 1:ceph (2018-8738f5f4a7)

New release 1:12.2.7-1 ---- New release 1:12.2.6-1 CVE-2018-1128 CVE-2018-1129 CVE-2018-10861 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Photon OS 2.0 : libtiff / glibc / libsoup (PhotonOS-PHSA-2018-2.0-0060) (deprecated)

An update of 'libtiff', 'glibc', 'libsoup' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0060. The text itself is copyrig...

Debian DLA-1421-1 : ruby2.1 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-9096 SMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or MAIL FROM command. CVE-2016-2339 Exploitable heap...

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20180405)

This update upgrades Thunderbird to version 52.7.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 MFSA 2018-07 CVE-2018-5125 - Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 MFSA 2018-07 CVE-2018-5145 - Mozilla: Vorbis audio processing out of bound...

Apache Struts 2.3.x Struts 1 plugin RCE (remote)

The Struts 1 plugin in Apache Struts 2.3.x is affected by a remote code execution vulnerability via a malicious field value passed in a raw message to the ActionMessage class. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3574)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-3574 advisory. kernel-uek 4.1.12-94.3.5 - dccp/tcp: do not inherit mclist from parent Eric Dumazet Orabug: 26132091 CVE-2017-8890 Tenable has extracted the preceding...

Jenkins < 2.46.2 / 2.57 and Jenkins Enterprise < 1.625.24.1 / 1.651.24.1 / 2.7.24.0.1 / 2.46.2.1 Multiple Vulnerabilities

The version of Jenkins running on the remote web server is prior to 2.57 or is a version of Jenkins LTS prior to 2.46.2, or else it is a version of Jenkins Enterprise that is 1.625.x.y prior to 1.625.24.1, 1.651.x.y prior to 1.651.24.1, 2.7.x.0.y prior to 2.7.24.0.1, or 2.x.y.z prior to 2.46.2.1...

Fedora 22 : ntp (2016-777d838c1b)

Security fix for CVE-2016-1548, CVE-2016-2516, CVE-2016-2518, CVE-2016-1550 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Slackware 14.0 / 14.1 / current : php (SSA:2016-176-01)

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-176-01. The text itself is copyright C...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-688)

It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2016-0686 It was...

Lexmark Markvision Enterprise Java Object Deserialization RCE

The remote Lexmark Markvision Enterprise server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a specially crafted...

SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2014:1422-1)

OpenJDK was updated to icedtea 2.5.3 OpenJDK 7u71 fixing security issues and bugs. - Security : - S8015256: Better class accessibility - S8022783, CVE-2014-6504: Optimize C2 optimizations - S8035162: Service printing service - S8035781: Improve equality for annotations - S8036805: Correct linker...

PHP 5.5.x < 5.5.24 Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified use-after-free error exists in the zendsharedmemdup function within file ext/opcache/zendsharedalloc.c that allows an...

PHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)

According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.6. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchantbrokerrequestdict function in ext/enchant/enchant.c could allow a remote attacker to cause a...

OracleVM 3.3 : xen (OVMSA-2014-0038) (POODLE)

The remote OracleVM system is missing necessary patches to address critical security updates : - xend: disable sslv3 due to CVE-2014-3566 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory OVMSA-2014-0038...

Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2014-1620)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1620 advisory. 1:1.7.0.65-2.5.3.1.0.1.el70 - Update DISTRONAME in specfile 1:1.7.0.65-2.5.3.1 - Bump to 2.5.3 for latest security fixes. - Remove obsolete patches...

Oracle Linux 7 : php (ELSA-2014-1327)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1327 advisory. - gd: fix NULL pointer dereference in gdImageCreateFromXpm. CVE-2014-2497 - gd: fix NUL byte injection in file names. CVE-2014-5120 - fileinfo: fix...

VMSA-2014-0006 : VMware product updates address OpenSSL security vulnerabilities

a. OpenSSL update for multiple products. OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2014-0224, CVE-2014-0198,...

Oracle Linux 5 : php (ELSA-2014-0311)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0311 advisory. 5.1.6-44 - add security fixes for CVE-2006-7243, CVE-2009-0689 Tenable has extracted the preceding description block directly from the Oracle Linux...

Mozilla Thunderbird ESR < 17.0.10 Multiple Vulnerabilities

The installed version of Thunderbird ESR is earlier than 17.0.10 and is, therefore, potentially affected the following vulnerabilities: - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosu...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-1941-1)

Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service system crash. CVE-2013-1059 Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could...

Oracle Linux 3 / 4 : cups (ELSA-2009-1083)

From Red Hat Security Advisory 2009:1083 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIXr Printing System CUPS...

CentOS 6 : kernel (CESA-2013:0630)

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

SuSE 10 Security Update : Java (ZYPP Patch Number 8481)

IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs. Please see the IBM JDK Alert page for more information : http://www.ibm.com/developerworks/java/jdk/alerts/ Security issues fixed : - / CVE-2013-0443. CVE-2013-1478 / CVE-2013-1480 / CVE-2013-1476 ...

Ubuntu 12.10 : linux vulnerabilities (USN-1699-1)

Jon Howell reported a flaw in the Linux kernel's KVM Kernel-based virtual machine subsystem's handling of the XSAVE CPU feature. On hosts without the XSAVE CPU feature, using qemu userspace, an unprivileged local attacker could exploit this flaw to crash the system. CVE-2012-4461 A flaw was...

PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution

According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as such is potentially affected by a remote code execution and information disclosure vulnerability. An error in the file 'sapi/cgi/cgimain.c' can allow a remote attacker to obtain PHP...

CentOS 5 : postgresql84 (CESA-2011:1378)

Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

CentOS 4 : firefox (CESA-2010:0966)

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

iSCSI Unauthenticated Target Detection

Binary data iscsinoauthtarget.nbin...

MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)

There is an information disclosure vulnerability in ASP.NET, part of the .NET framework. Information can be leaked due to improper error handling during encryption padding. A remote attacker could exploit this to decrypt and modify an ASP.NET application's server-encrypted data. In .NET Framework...

Fedora 11 : sunbird-1.0-0.16.20090715hg.fc11 / thunderbird-3.0.4-1.fc11 (2010-5526)

Update to new upstream Thunderbird version 3.0.4, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security /known-vulnerabilities/thunderbird30.htmlthunderbird3.0.4 Update also includes sunbird package rebuilt against new version of Thunderbird...

Debian DSA-1928-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2846 Michael Buesch noticed a typing issue in the...

Mandriva Linux Security Advisory : postgresql8.2 (MDVSA-2009:251-1)

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service backend shutdown by re-LOAD-ing libraries from a certain plugins directory CVE-2009-3229. The core server component in PostgreSQL 8.4...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5450)

MozillaFirefox was updated to version 2.0.0.16, which fixes various bugs and following security issues : - An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5405)

Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including following security bugs : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory...

Debian DSA-1479-1 : linux-2.6 - several vulnerabilities

Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2878 Bart Oldeman reported a denial of service DoS issue ...

FreeBSD : xorg -- multiple vulnerabilities (fe2b6597-c9a4-11dc-8da8-0008a18a9961)

Matthieu Herrb of X.Org reports : Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows. Exploiting these overflows will crash the X...

Mozilla Firefox < 2.0.0.15 Multiple Vulnerabilities

Binary data 4567.prm...

J Walk Application Server Encoded Directory Traversal Arbitrary File Access

The version of J Walk running on the remote host has a directory traversal vulnerability. It is possible to read arbitrary files by prepending '.%252e/.%2523' to a filename. A remote attacker could exploit this to read sensitive information that might be used to mount further attacks. %NASLMINLEV...

Microsoft Windows ICMP Type 9 Packet Remote DoS

It was possible to crash the remote machine by flooding it with ICMP type 9 packets. An attacker may use this attack to make this host crash continuously, preventing you from working. C Tenable Network Security, Inc. p-smash Script audit and contributions from Carmichael Security Erik Anderson...

CDE RPC tooltalk Service Multiple Overflows

The tooltalk RPC service is running. A possible implementation fault in the ToolTalk object database server may allow an attacker to execute arbitrary commands as root. This warning may be a false positive since the presence of this vulnerability is only accurately identified with local access. C...

WordPress 5.2.x < 5.2.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

SUSE SLED15 / SLES15 Security Update : python39 (SUSE-SU-2022:1485-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1485-1 advisory. - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker...

Ubuntu 18.04 LTS : QtSvg vulnerabilities (USN-5241-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5241-1 advisory. It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafte...

openSUSE 15 Security Update : java-1_8_0-ibm (openSUSE-SU-2022:0108-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0108-1 advisory. - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Support...