Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cve]

Common Vulnerabilities and Exposures

International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures. CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

https://cve.mitre.org/

18 questions
6
votes
1 answer

Upgrading nginx 1.10.3 on Debian 9 (stretch) to avoid CVE-2017-7529 vulnerability

As of right now Debian 9 (stretch) installs nginx version 1.10.3 which is vulnerable to CVE-2017-7529: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting…
SeinopSys
  • 512
  • 2
  • 6
  • 19
4
votes
2 answers

How to determine if my CentOS 8 is vulnerable to CVE-2019-18348

I am a long-time linux sysadmin, but new to CentOS. I just need to determine if this CentOS server is vulnerable to CVE-2019-18348. To do that, I have to either verify the packages installed are patched, or have a way to test for the vulnerability…
user1522091
  • 79
  • 1
  • 5
4
votes
3 answers

RDP from linux to windows

Many users in our office use a Linux VM to connect to the office's RDP server to work remotely. From March 2018 onwards a patch was progressively put out by Microsoft to address CVE-2018-0886, ultimately resulting in a final patch which no longer…
Frans Henskens
  • 43
  • 1
  • 4
2
votes
1 answer

How can I use openscap to do an offline OVAL scan of a Cisco router?

This doc describes a process of scanning a router's "show tech" file with a joval utility. I downloaded joval's trial, but didn't see that utility. Can openscap do offline OVAL scans of Cisco routers? I want the routers to generate some file (show…
red888
  • 4,069
  • 16
  • 58
  • 104
1
vote
0 answers

If I have a kernel version, can I get a list of CVEs it's vulnerable to?

So say I have a kernel version. Something like one of these: 3.10.0-229.el7.x86_64 2.6.32-220.el6.x86_64 3.10.0-514.26.2.el7.x86_64 3.10.35-43.137.amzn1.x86_64 2.6.32-358.14.1.el6.x86_64 Is there a way to programmatically get a list of CVEs that…
Carrot
  • 266
  • 3
  • 8
1
vote
3 answers

Why there are so many vulnerable Nginx images on Docker Hub?

Currently, all of them seem to have unpatched components and marked red https://hub.docker.com/r/library/nginx/tags/
Andrey
  • 225
  • 3
  • 9
1
vote
0 answers

CVE-2007-289 MS-DOS device name on IIS 8.5 & ASP.NET 4.5

our security team has recently scanned 1 of our server and the specific vulnerability detected: CVE-2007-2897 Microsoft ASP.NET MS-DOS Device Name DoS (PCI-DSS check) Did some search and found several users mentioned according to Microsoft Security…
nlks
  • 122
  • 1
  • 3
  • 12
1
vote
1 answer

Is sshd UseLogin enabled or disabled by default?

This question relates to CVE-2015-8325. https://access.redhat.com/security/cve/CVE-2015-8325
William Entriken
  • 543
  • 5
  • 12
1
vote
0 answers

How do I solve cve-2015-3183 without updating Apache

During the latest app scan in my project, CVE-2015-3183 has popped up. I have looked everywhere on the net for solution. Solution is simple: update your Apache. The problem is we cannot update our Apache for next 3 to 4 months as it requires lots…
sanjeevnjha
  • 11
  • 1
1
vote
0 answers

Is there any command in Debian and Ubuntu similar to Red Hat sudo yum updateinfo list cves?

in Red Hat, I'm used to: Check which cve currently affect the system and the severity: sudo yum updateinfo list cves Get more details about that CVE: sudo yum updateinfo Install all packages that solve the security issue: sudo yum…
Marco Brenna
  • 27
  • 8
1
vote
1 answer

How to protect against sudo vulnerability CVE-2021-3156

I tried to patch the new sudo vulnerability as described in https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 I'm getting the following error. # stap -g sudoedit-block.stap Checking…
360man
  • 13
  • 1
  • 4
0
votes
0 answers

Windows Server CVE-1999-0527: Fix?

Anyone know why I am getting this on a server Win 2012 R2? FTP is not an enabled feature, on the server. It's a very old CVE and very (no) info about it on searching.
user001
  • 115
  • 1
  • 1
  • 10
0
votes
1 answer

Infinite loop of BN_mod_sqrt not resolved after updating openssl in Ubuntu

as I mentioned; I updated my openssl version to 1.1.1-1ubuntu2.1~18.04.15 and followed the code mentioned in github.com/drago-96/CVE-2022-0778 to verify if it is fixed. But it's going into an infinite loop. Do I need to update any other package? Or…
user41965
  • 101
  • 2
0
votes
2 answers

How can I reliably discover CVEs relating to installed packages

I have a web application running on Ubuntu Server 18. One of its dependencies is Ghostscript. The latest version I'm able to install via apt-get is 9.26, but I've learned that this version has a security issue. What I'm looking for is a way of…
griswoldbar
  • 115
  • 3
0
votes
0 answers

Not able to upgrade OpenSSL version from 1.1.1g to 1.1.1l in RHEL 8.4

I have Linux machine RHEL 8.4 with OpenSSL 1.1.1g. After running the vulnerability and penetration testing, It was found that this version of OpenSSL is not secured and recommended to upgrade OpenSSL 1.1.1g --> 1.1.1l When I'm giving the…
Shruti Prajapati
  • 1
1
2