Solaris 9 (sparc) : 125137-97

JavaSE 6: update 101 patch equivalent to. Date this patch was last updated by Sun : Jul/13/15 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

RIP Poisoning Routing Table Modification

The remote RIP listener accepts routes that are not sent by a neighbor. This cannot happen in the RIP protocol as defined by RFC2453, and although the RFC is silent on this point, such routes should probably be ignored. A remote attacker might use this flaw to access the local network if it is no...

LangChain Experimental Python Library <= 0.0.14 (CVE-2023-44467)

LangChain is a framework for developing applications powered by large language models. langchainexperimental aka LangChain Experimental in LangChain = 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by...

Intel Dynamic Tuning Technology Software Privilege Escalation (INTEL-SA-00875)

Improper access control in the Intel DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Oracle MySQL Server (Apr 2023 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 5.7.41 and...

EulerOS 2.0 SP10 : expat (EulerOS-SA-2022-1645)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. CVE-2022-23852 -...

Oracle Linux 8 : thunderbird (ELSA-2022-0129)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0129 advisory. 91.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.5.0-1 - Update to 91.5.0 build1 Tenable has...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2021-2803)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. CVE-2021-34798 -...

Wind River VxWorks < 7.0 Multiple Vulnerabilities

According to its self-reported version, the remote device is Wind River VxWorks and it's affected by multiple vulnerabilities: - The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc. As a result, the actual memory allocated is smaller...

Debian DSA-4885-1 : netty - security update

Multiple security issues were discovered in Netty, a Java NIO client/server framework, which could result in HTTP request smuggling, denial of service or information disclosure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

openSUSE Security Update : nodejs10 (openSUSE-2021-372)

This update for nodejs10 fixes the following issues : New upstream LTS version 10.24.0 : - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 - CVE-2021-22884: DNS rebinding in --inspect bsc1182620 - CVE-2021-23840: OpenSSL - Integer overflow in...

RHEL 7 : thunderbird (RHSA-2021:0087)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0087 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.1. Security Fixes: Mozilla:...

Photon OS 2.0: Openssl PHSA-2020-2.0-0304

An update of the openssl package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0304. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 1.0: Linux PHSA-2020-1.0-0314

An update of the linux package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0314. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid139700...

openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1064)

This update for webkit2gtk3 fixes the following issues : - Update to version 2.28.3 bsc1173998 : + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player....

Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Application data accepted before TLS handshake completion JSSE, 8235691 CVE-2020-2816 - OpenJDK...

EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-1430)

According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libslirp 4.1.0, as used in QEMU 4.2.0, tcpsubr.c misuses snprintf return values, leading to a buffer overflow in later code.CVE-2020-8608 -...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:2866-1)

This update for provides the following fixes : Following security issues were fixed : CVE-2019-14847: User with 'get changes' permission could have crashed AD DC LDAP server via dirsync bsc1154598. CVE-2019-10218: Client code could have returned filenames containing path separators bsc1144902...

NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0092)

The remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group...

NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0011)

The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough...

Oracle Linux 8 : python3 (ELSA-2019-0997)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-0997 advisory. 3.6.8-2.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-2 - Security fix for CVE-2019-9636 rhbz1693973 Tenable has extracted the...

Oracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)

The version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2018-4301)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4301 advisory. - mnt: Prevent pivotroot from creating a loop in the mount tree Eric W. Biederman Orabug: 26575709 CVE-2014-7970 CVE-2014-7970 - vfs: more mntparen...

Photon OS 1.0: Ruby / Tcpdump PHSA-2017-0034 (deprecated)

An update of tcpdump,ruby packages for PhotonOS has been released. File data PhotonOSPHSA-2017-0034.nasl...

Security Updates for Microsoft Office Products (June 2018)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the...

Security Updates for Internet Explorer (March 2018)

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU regression (USN-3575-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3575-2 advisory. USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix...

Amazon Linux AMI : kernel (ALAS-2016-718)

A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitary kernel memory when unloading a kernel module. This action is usually restricted to root-priveledged users but can also be leveraged if the kernel is compiled wit...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1560-1)

qemu was updated to fix 37 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation bsc981266 - CVE-2015-8817: Avo...

MS16-055: Security Update for Microsoft Graphics Component (3156754)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist in the Windows Graphics component. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to...

RHEL 6 / 7 : glibc (RHSA-2016:0225)

Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Commo...

SuSE 11.3 Security Update : php53 (SAT Patch Number 9718)

This php53 update fixes the following security issues : - Insecure temporary file used for cache data was fixed by switching to a different root only directory /var/cache/php-pear. CVE-2014-5459 - An incomplete fix for CVE-2014-4049. CVE-2014-3597 %NASLMINLEVEL 70300 C Tenable Network Security,...

Default Password (vmware) for 'root' Account

The account 'root' on the remote host has the password 'vmware'. An attacker may leverage this to gain administrator access to the affected system. Note that VMware vCenter Support Assistant Appliance and VMware vCenter Server Appliance are known to use these credentials. %NASLMINLEVEL 70300 C...

PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities

Binary data 8320.prm...

Fedora 19 : openssl-1.0.1e-37.fc19.1 (2014-4910)

pull in upstream patch for CVE-2014-0160 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Fedora Security Advisory 2014-4910. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid73430;...

SuSE 11.1 / 11.2 Security Update : xorg-x11-server-rdp (SAT Patch Numbers 6111 / 6113)

This update of xorg-x11-server-rdp fixed the following security issues : - memory exhaustion flaw CVE-2011-4028 / CVE-2011-4029 - race condition flaw. CVE-2010-2240 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE...

Scientific Linux Security Update : libpng on SL4.x, SL5.x, SL6.x i386/x86_64 (20120220)

The libpng packages contain a library of functions for creating and manipulating PNG Portable Network Graphics image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libp...

Apache on Windows mod_alias URL Validation Canonicalization CGI Source Information Disclosure

The version of Apache running on the remote Windows host can be tricked into disclosing the source of its CGI scripts because of a configuration issue. Specifically, if the CGI directory is located within the document root, then requests that alter the case of the directory name will bypass the...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)

Mozilla Thunderbird 3.0 was updated to version 3.0.7, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

Mozilla Thunderbird < 3.0.6 Multiple Vulnerabilities

The installed version of Thunderbird is earlier than 3.0.6. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-34 - The array class used to store CS...

Debian DSA-1956-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3986 : David James discovered that the window.opener...

CentOS 5 : kernel (CESA-2009:1670)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

Fedora 11 : Miro-2.5.2-7.fc11 / blam-1.8.5-17.fc11 / chmsee-1.0.1-14.fc11 / epiphany-2.26.3-7.fc11 / etc (2009-13333)

Update to new upstream Firefox version 3.5.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.htmlfirefox3.5.6 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox /...

Mozilla Firefox < 3.0.12 Multiple Vulnerabilities

Binary data 5101.prm...

CentOS 4 : tetex (CESA-2007:1027)

Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting...

GLSA-200502-07 : OpenMotif: Multiple vulnerabilities in libXpm

The remote host is affected by the vulnerability described in GLSA-200502-07 OpenMotif: Multiple vulnerabilities in libXpm Multiple vulnerabilities, such as buffer overflows, out of bounds memory access or directory traversals, have been discovered in libXpm that is shipped as a part of the X...

Security Updates for SQL Server Management Studio (April 2025)

The SQL Server Management Studio installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2025-29803 %NASLMINLEVEL 70300 C Tenab...

WordPress 5.7.x < 5.7.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

Cisco IOS Software Command Authorization Bypass (cisco-sa-aaascp-Tyj4fEJm)

According to its self-reported version, Cisco IOS is affected by a vulnerability. - A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and co...

FreeBSD : electron22 -- multiple vulnerabilities (770d88cc-f6dc-4385-bdfe-497f8080c3fb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 770d88cc-f6dc-4385-bdfe-497f8080c3fb advisory. - Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attack...