Photon OS 5.0: Linux PHSA-2024-5.0-0385

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0385. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Autodesk Revit Installed (Windows)

Binary data autodeskrevitwininstalled.nbin...

Devolutions Remote Desktop Manager Installed (Windows)

Binary data devolutionsdesktopmanagerwininstalled.nbin...

Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463)

Binary data paloaltoexpeditionCVE-2024-9463.nbin...

Mattermost Server 9.5.x < 9.5.9 / 9.11.x < 9.11.1 (MMSA-2024-00373)

The version of Mattermost Server installed on the remote host is prior to 9.5.9 or 9.11.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00373 advisory. - Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post i...

actionmailer Ruby Library 3.x < 6.1.7.9 / 7.0.x < 7.0.8.5 / 7.1.x < 7.1.4.1 / 7.2.x < 7.2.1.1 DoS (CVE-2024-47889)

The version of the actionmailer Ruby library installed on the remote host is 3.x prior to 6.1.7.9, 7.0.x prior to 7.0.8.5, 7.1.x prior to 7.1.4.1 or 7.2.x prior to 7.2.1.1. It is, therefore, affected by a denial of service DoS vulnerability. The vulnerability lies in the blockformat helper of...

Docker Desktop < 4.34.3 RCE

The version of Docker installed on the remote host is prior to 4.34.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9348 advisory. - Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. CVE-2024-9348 Note that Nessus has not...

CBL Mariner 2.0 Security Update: vim (CVE-2024-43802)

The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43802 advisory. - Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the curren...

Palo Alto GlobalProtect Agent Local Privilege Escalation (CVE-2024-9473)

A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to insta...

Photon OS 4.0: Wireshark PHSA-2024-4.0-0702

An update of the wireshark package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0702. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Mattermost Server 9.5.x < 9.5.8 / 9.8.x < 9.8.3 / 9.9.x < 9.9.2 / 9.10.x < 9.10.1 (MMSA-2024-00368)

The version of Mattermost Server installed on the remote host is prior to 9.5.8, 9.8.3, 9.9.2, or 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00368 advisory. - Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitiz...

Oracle Essbase Multiple Vulnerabilities (October 2024 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the October 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform curl. The supported version that is affected is 21.6. Easily...

Devolutions Remote Desktop Manager Information Disclosure (DEVO-2024-0014)

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions. Note that Nessus has not tested for thi...

Oracle Linux 7 : 389-ds-base (ELSA-2024-7434)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-7434 advisory. 1.3.11.1-5.0.3 - Security fix for CVE-2024-8445 Orabug: 37119399CVE-2024-8445 Tenable has extracted the preceding description block directly from the Oracle Lin...

Docker for Windows < 4.34.3 RCE

The version of Docker Desktop installed on the remote host is prior to 4.34.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9348 advisory. - Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. CVE-2024-9348 Note that Nessus has...

Mattermost Server 9.5.x < 9.5.8 / 9.10.x < 9.10.1 (MMSA-2024-00359)

The version of Mattermost Server installed on the remote host is prior to 9.5.8 or 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00359 advisory. - Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the...

CVE-2024-49220

Cross-Site Request Forgery CSRF vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1...

CVE-2024-49220

Cross-Site Request Forgery CSRF vulnerability in Nikel Cookie Scanner cookie-scanner allows Cross Site Request Forgery.This issue affects Cookie Scanner: from n/a through = 1.1...

CVE-2024-49220 WordPress Cookie Scanner plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Nikel Cookie Scanner cookie-scanner allows Cross Site Request Forgery.This issue affects Cookie Scanner: from n/a through = 1.1...

CVE-2024-49220

CVE-2024-49220 is a CSRF-to-Stored XSS vulnerability in the WordPress Cookie Scanner plugin (versions