Questions tagged [cve]

Common Vulnerabilities and Exposures

International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures. CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

https://cve.mitre.org/

20 questions

votes

1 answer

Upgrading nginx 1.10.3 on Debian 9 (stretch) to avoid CVE-2017-7529 vulnerability

As of right now Debian 9 (stretch) installs nginx version 1.10.3 which is vulnerable to CVE-2017-7529: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting…

nginx debian cve

asked Sep 21 '17 at 20:22

SeinopSys

votes

2 answers

How to determine if my CentOS 8 is vulnerable to CVE-2019-18348

I am a long-time linux sysadmin, but new to CentOS. I just need to determine if this CentOS server is vulnerable to CVE-2019-18348. To do that, I have to either verify the packages installed are patched, or have a way to test for the vulnerability…

centos security python centos8 cve

asked Dec 06 '19 at 21:50

user1522091

votes

3 answers

RDP from linux to windows

Many users in our office use a Linux VM to connect to the office's RDP server to work remotely. From March 2018 onwards a patch was progressively put out by Microsoft to address CVE-2018-0886, ultimately resulting in a final patch which no longer…

linux rdp cve

asked Jul 02 '18 at 06:53

Frans Henskens

votes

1 answer

How can I use openscap to do an offline OVAL scan of a Cisco router?

This doc describes a process of scanning a router's "show tech" file with a joval utility. I downloaded joval's trial, but didn't see that utility. Can openscap do offline OVAL scans of Cisco routers? I want the routers to generate some file (show…

cisco oval cve openscap

asked Oct 16 '15 at 17:59

red888

4,351

votes

1 answer

Debsecan showing deprecated linux-libc-dev

I am hardening a debian 12 server right now and I am trying to find and patch CVEs using debsecan. When I run debsecan --suite bookworm I get a list of CVEs with most of them being related to linux-libc-dev. I installed the…

debian cve

asked Jul 06 '24 at 07:12

tillewolle

vote

0 answers

If I have a kernel version, can I get a list of CVEs it's vulnerable to?

So say I have a kernel version. Something like one of these: 3.10.0-229.el7.x86_64 2.6.32-220.el6.x86_64 3.10.0-514.26.2.el7.x86_64 3.10.35-43.137.amzn1.x86_64 2.6.32-358.14.1.el6.x86_64 Is there a way to programmatically get a list of CVEs that…

linux security kernel cve

asked Sep 07 '17 at 18:07

Carrot

vote

3 answers

Why there are so many vulnerable Nginx images on Docker Hub?

Currently, all of them seem to have unpatched components and marked red https://hub.docker.com/r/library/nginx/tags/

nginx docker vulnerability cve

asked Apr 11 '17 at 12:06

Andy

vote

0 answers

CVE-2007-289 MS-DOS device name on IIS 8.5 & ASP.NET 4.5

our security team has recently scanned 1 of our server and the specific vulnerability detected: CVE-2007-2897 Microsoft ASP.NET MS-DOS Device Name DoS (PCI-DSS check) Did some search and found several users mentioned according to Microsoft Security…

iis windows-server-2012-r2 asp.net iis-8.5 cve

asked Dec 13 '16 at 07:57

nlks

vote

1 answer

Is sshd UseLogin enabled or disabled by default?

This question relates to CVE-2015-8325. https://access.redhat.com/security/cve/CVE-2015-8325

ssh cve

asked Nov 02 '16 at 14:58

William Entriken

vote

0 answers

How do I solve cve-2015-3183 without updating Apache

During the latest app scan in my project, CVE-2015-3183 has popped up. I have looked everywhere on the net for solution. Solution is simple: update your Apache. The problem is we cannot update our Apache for next 3 to 4 months as it requires lots…

linux pci-dss cve

asked Dec 15 '15 at 18:45

sanjeevnjha

vote

1 answer

Is using a custom MariaDB docker image advisable?

I found that the official mariadb images on Docker Hub have larger amounts of vulnerabilities (even 3 with severity critical). Most of them are caused by the package golang / stdlib / 1.18.2. I observed this the stats now for several month and was…

security docker mariadb cve

asked Mar 11 '25 at 19:28

SDwarfs

vote

3 answers

How can I reliably discover CVEs relating to installed packages

I have a web application running on Ubuntu Server 18. One of its dependencies is Ghostscript. The latest version I'm able to install via apt-get is 9.26, but I've learned that this version has a security issue. What I'm looking for is a way of…

ubuntu security apt cve

asked Feb 03 '22 at 16:16

griswoldbar

vote

0 answers

Is there any command in Debian and Ubuntu similar to Red Hat sudo yum updateinfo list cves?

in Red Hat, I'm used to: Check which cve currently affect the system and the severity: sudo yum updateinfo list cves Get more details about that CVE: sudo yum updateinfo Install all packages that solve the security issue: sudo yum…

ubuntu debian security cve

asked Feb 25 '21 at 16:25

Marco Brenna

vote

1 answer

How to protect against sudo vulnerability CVE-2021-3156

I tried to patch the new sudo vulnerability as described in https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 I'm getting the following error. # stap -g sudoedit-block.stap Checking…

centos security sudo cve

asked Jan 27 '21 at 23:24

360man

votes

0 answers

Windows Server CVE-1999-0527: Fix?

Anyone know why I am getting this on a server Win 2012 R2? FTP is not an enabled feature, on the server. It's a very old CVE and very (no) info about it on searching.

windows-server-2012-r2 ftp cve

asked Nov 08 '17 at 15:25

user001

2 Next