SolarWinds Platform 2024.2.0 < 2024.4 Multiple Vulnerabilities XSS

The version of SolarWinds Platform installed on the remote host is prior to 2024.4. It is, therefore, affected by multiple vulnerabilities as referenced in the solarwindsplatform20244 advisory. - SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation...

CBL Mariner 2.0 Security Update: OpenIPMI (CVE-2024-42934)

The version of OpenIPMI installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42934 advisory. - OpenIPMI before 2.0.36 has an out-of-bounds array access for authentication type in the ipmisim simulator,...

Oracle Linux 8 / 9 : java-11-openjdk (ELSA-2024-8121)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8121 advisory. 1:11.0.25.0.9-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:11.0.25.0.9-2 - Update to jdk-11.0.25+9 GA - Update release notes to 11.0.25+9 -...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-45296)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45296 advisory. - path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a...

Oracle MySQL Server 8.0.x < 8.0.40 (January 2025 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging Kerberos. Supported versions that are affected are 8.0.39 and...

Ubuntu 24.10 : OATH Toolkit vulnerability (USN-7059-2)

The remote Ubuntu 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7059-2 advisory. USN-7059-1 fixed a vulnerability in OATH Toolkit library. This update provides the corresponding update for Ubuntu 24.10. Tenable has extracted the preceding...

Teltonika Remote Management System and RUT Model Routers Improper Neutralization of Special Elements Used in an OS Command (CVE-2023-32350)

Versions 00.07.00 through 00.07.03 of Teltonika's RUT router firmware contain an operating system OS command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a...

JetBrains YouTrack < 2024.3.46677 Improper Access Control

The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.46677. It is, therefore, affected by a vulnerability as referenced in the 2024346677 advisory. - In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to dele...

CBL Mariner 2.0 Security Update: terraform (CVE-2023-4782)

The version of terraform installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4782 advisory. - Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on...

Oracle WebLogic Server (October 2024 CPU)

The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions tha...

SolarWinds Web Help Desk < 12.8.3 HF 3 Java Deserialization RCE

The version of SolarWinds Web Help Desk installed on the remote host is prior to 12.8.3 HF3. It is, therefore, affected by a Java deserialization remote-code execution vulnerability, that, if exploited, would allow an attacker to run commands on the host machine. Note that Nessus has not tested f...

Oracle WebCenter Sites (October 2024 CPU)

The 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by a vulnerability as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites jose4j. The supported version that i...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-43800)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43800 advisory. - serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to...

Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 42, 10.0 < 10.0.10, 10.1.0 < 10.1.2 CSRF

According to its self-reported version number, Zimbra Collaboration Server is affected by a cross-site request forgery by disabling GraphQL GET methods via localconfig. A new local config attribute, zimbragqlenabledangerousdeprecatedgetmethodwillberemoved, has been introduced to control these...

HCL BigFix Server 9.5.x < 9.5.25 / 10.0.x < 10.0.12 / 11.0.x < 11.0.3 DLL Hijacking (KB0116659)

The version of HCL BigFix Server installed on the remote host is 9.5.x prior to 9.5.25, 10.0.x prior to 10.0.12 or 11.x prior to 11.0.3. It is, therefore, affected by a DLL hijacking vulnerability as referenced in the KB0116659 advisory, where a dynamic search for a prerequisite library could all...

Atlassian Confluence 7.19.x < 7.19.26 (CONFSERVER-98189)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98189 advisory. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an...

Qnap QTS Out-of-bounds Write (CVE-2023-41273)

A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533...

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP6) (SUSE-SU-2024:3628-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3628-1 advisory. This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potentia...

SUSE Linux Enterprise Server For SAP SEoL (11.3.x)

According to its version, SUSE Linux Enterprise Server For SAP is 11.3.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Qnap QTS OS Command Injection (CVE-2024-38641)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823...