Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cve]

Common Vulnerabilities and Exposures

International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures. CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

https://cve.mitre.org/

19 questions
6
votes
1 answer

Upgrading nginx 1.10.3 on Debian 9 (stretch) to avoid CVE-2017-7529 vulnerability

As of right now Debian 9 (stretch) installs nginx version 1.10.3 which is vulnerable to CVE-2017-7529: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting…
SeinopSys
  • 532
  • 2
  • 6
  • 19
4
votes
2 answers

How to determine if my CentOS 8 is vulnerable to CVE-2019-18348

I am a long-time linux sysadmin, but new to CentOS. I just need to determine if this CentOS server is vulnerable to CVE-2019-18348. To do that, I have to either verify the packages installed are patched, or have a way to test for the vulnerability…
user1522091
  • 79
  • 1
  • 5
4
votes
3 answers

RDP from linux to windows

Many users in our office use a Linux VM to connect to the office's RDP server to work remotely. From March 2018 onwards a patch was progressively put out by Microsoft to address CVE-2018-0886, ultimately resulting in a final patch which no longer…
Frans Henskens
  • 43
  • 1
  • 4
2
votes
1 answer

How can I use openscap to do an offline OVAL scan of a Cisco router?

This doc describes a process of scanning a router's "show tech" file with a joval utility. I downloaded joval's trial, but didn't see that utility. Can openscap do offline OVAL scans of Cisco routers? I want the routers to generate some file (show…
red888
  • 4,183
  • 18
  • 64
  • 111
1
vote
0 answers

If I have a kernel version, can I get a list of CVEs it's vulnerable to?

So say I have a kernel version. Something like one of these: 3.10.0-229.el7.x86_64 2.6.32-220.el6.x86_64 3.10.0-514.26.2.el7.x86_64 3.10.35-43.137.amzn1.x86_64 2.6.32-358.14.1.el6.x86_64 Is there a way to programmatically get a list of CVEs that…
Carrot
  • 266
  • 3
  • 8
1
vote
3 answers

Why there are so many vulnerable Nginx images on Docker Hub?

Currently, all of them seem to have unpatched components and marked red https://hub.docker.com/r/library/nginx/tags/
Andrei
  • 235
  • 3
  • 10
1
vote
0 answers

CVE-2007-289 MS-DOS device name on IIS 8.5 & ASP.NET 4.5

our security team has recently scanned 1 of our server and the specific vulnerability detected: CVE-2007-2897 Microsoft ASP.NET MS-DOS Device Name DoS (PCI-DSS check) Did some search and found several users mentioned according to Microsoft Security…
nlks
  • 132
  • 2
  • 3
  • 12
1
vote
1 answer

Is sshd UseLogin enabled or disabled by default?

This question relates to CVE-2015-8325. https://access.redhat.com/security/cve/CVE-2015-8325
William Entriken
  • 593
  • 5
  • 12
1
vote
0 answers

How do I solve cve-2015-3183 without updating Apache

During the latest app scan in my project, CVE-2015-3183 has popped up. I have looked everywhere on the net for solution. Solution is simple: update your Apache. The problem is we cannot update our Apache for next 3 to 4 months as it requires lots…
sanjeevnjha
  • 11
  • 1
1
vote
0 answers

Is there any command in Debian and Ubuntu similar to Red Hat sudo yum updateinfo list cves?

in Red Hat, I'm used to: Check which cve currently affect the system and the severity: sudo yum updateinfo list cves Get more details about that CVE: sudo yum updateinfo Install all packages that solve the security issue: sudo yum…
Marco Brenna
  • 27
  • 8
1
vote
1 answer

How to protect against sudo vulnerability CVE-2021-3156

I tried to patch the new sudo vulnerability as described in https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 I'm getting the following error. # stap -g sudoedit-block.stap Checking…
360man
  • 13
  • 1
  • 4
0
votes
0 answers

Windows Server CVE-1999-0527: Fix?

Anyone know why I am getting this on a server Win 2012 R2? FTP is not an enabled feature, on the server. It's a very old CVE and very (no) info about it on searching.
user001
  • 125
  • 1
  • 1
  • 10
0
votes
0 answers

How to determine what CVE is back ported to what version of package?

I'm trying to determine what version of apache is backported for CVE-2021-40438. I'm very confused as to how to find out. Our spacewalk server has multiple apache versions of 2.4.37 from -10 to -56 and the specific VM is up to date with…
Scivic
  • 1
  • 1
0
votes
1 answer

How to perform security updates of Docker Alpine

I stumbled upon a tricky situation: I read on the Docker Alpine main page that the image is getting updated every month for minor versions/security fixes. Packages with CVE are not updated for the stable version (v3.17.*) but are on the edge…
Kaymaz
  • 241
  • 3
  • 11
0
votes
1 answer

Infinite loop of BN_mod_sqrt not resolved after updating openssl in Ubuntu

as I mentioned; I updated my openssl version to 1.1.1-1ubuntu2.1~18.04.15 and followed the code mentioned in github.com/drago-96/CVE-2022-0778 to verify if it is fixed. But it's going into an infinite loop. Do I need to update any other package? Or…
user41965
  • 101
  • 2
1
2