Fedora 39 : golang-helm-3 (2023-46c95e2c57)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-46c95e2c57 advisory. Automatic update for golang-helm-3-3.11.1-1.fc39. Changelog Tue Feb 21 2023 Davide Cavalca - 3.11.1-1 - Update to 3.11.1; Fixes: RHBZ1977738,...

Fedora 40 : curl (2024-a09456b7a9)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a09456b7a9 advisory. - fix Usage of disabled protocol CVE-2024-2004 - fix HTTP/2 push headers memory-leak CVE-2024-2398 Tenable has extracted the preceding description...

CentOS 8 : firefox (CESA-2024:1912)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:1912 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

Fedora 40 : golang-github-onsi-ginkgo-2 (2023-1c1be955d7)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1c1be955d7 advisory. Automatic update for golang-github-onsi-ginkgo-2-2.13.2-3.fc40. Changelog Sun Dec 31 2023 Mikel Olasagasti Uranga - 2.13.2-3 - Update to 2.13.2 - Closes...

Fedora 40 : kubernetes (2024-ce2eefc399)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ce2eefc399 advisory. Update Kubernetes to v1.29.4 for Fedora 40. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugi...

Fedora 40 : exercism (2024-35c28f59d1)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-35c28f59d1 advisory. Update to latest version Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security...

Ubuntu 24.04 LTS. : curl vulnerabilities (USN-6718-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-3 advisory. USN-6718-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding...

AlmaLinux 9 : golang (ALSA-2024:1963)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1963 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state...

Fedora 40 : golang-github-prometheus-node-exporter (2023-654e0ddfd8)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-654e0ddfd8 advisory. Automatic update for golang-github-prometheus-node-exporter-1.6.1-1.fc40. Changelog Thu Nov 9 2023 Mikel Olasagasti Uranga - 1.6.1-1 - Update to 1.6...

Fedora 40 : chisel (2023-b29031a7aa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b29031a7aa advisory. Automatic update for chisel-1.9.0-1.fc40. Changelog Sun Aug 20 2023 Filipe Rosset - 1.9.0-1 - Update to 1.9.0 fixes rhbz2113146 rhbz2163065...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-594)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-594 advisory. 2024-06-19: CVE-2024-27982 was added to this advisory. NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 An attacker can make the Node.js HTTP/2 server...

Fedora 40 : nghttp2 (2024-da8cdd8414)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-da8cdd8414 advisory. - fix CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 40 : firefox (2024-c6a1d4e0ec)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c6a1d4e0ec advisory. - New upstream release 125.0 ---- - New upstream release 124.0.2 Tenable has extracted the preceding description block directly from the Fedora...

RHEL 9 : git-lfs (RHSA-2024:2079)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2079 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

Fedora 40 : gitleaks (2024-4901258366)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4901258366 advisory. Automatic update for gitleaks-8.18.2-1.fc40. Changelog Thu Feb 8 2024 Mikel Olasagasti Uranga - 8.18.2-1 - Update to 8.18.2 - Closes rhbz2250439 rhbz2248275...

Fedora 40 : golang-github-nats-io / golang-github-nats-io-jwt-2 / etc (2023-5f984129b2)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-5f984129b2 advisory. Updated NATS stack for CVE-2023-39325 and CVE-2023-46129 Tenable has extracted the preceding description block directly from the Fedora security...

Amazon Linux 2023 : mod_http2 (ALAS2023-2024-595)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-595 advisory. HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory...

Important: httpd24

Issue Overview: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. CVE-2024-27316 Affected Packages: httpd24 Issue Correction: Run yum...

Fedora 40 : golang-github-prometheus-prom2json (2023-14a33318b8)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-14a33318b8 advisory. Automatic update for golang-github-prometheus-prom2json-1.3.3-1.fc40. Changelog Sun Dec 3 2023 Mikel Olasagasti Uranga - 1.3.3-1 - Update to 1.3.3 -...

Ubuntu 24.04 LTS. : Apache HTTP Server vulnerabilities (USN-6729-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-3 advisory. USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the...