CBL Mariner 2.0 Security Update: kernel (CVE-2024-46807)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46807 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource point...

AlmaLinux 9 : firefox (ALSA-2024:7958)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:7958 advisory. firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 Tenable has extracted the preceding description block directly from the AlmaLinux...

AlmaLinux 9 : OpenIPMI (ALSA-2024:8037)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:8037 advisory. openipmi: missing check on the authorization type on incoming LAN messages in IPMI simulator CVE-2024-42934 Tenable has extracted the preceding description block...

Wago CODESYS V3 Products Use of Password Hash With Insufficient Computational Effort (CVE-2020-12069)

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. This plugin...

Amazon Linux 2 : unbound (ALASUNBOUND-2024-003)

The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-003 advisory. NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-44988)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44988 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound...

WordPress Cookie Scanner plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Cookie Scanner versions = 1.1...

Palo Alto Cortex XDR Agent Installed (Linux)

Binary data paloaltocortexxdragentunixinstalled.nbin...

Ubuntu 14.04 LTS : ConfigObj vulnerability (USN-7040-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7040-2 advisory. USN-7040-1 fixed a vulnerability in ConfigObj. This update provides the corresponding update for Ubuntu 14.04 LTS. Tenable has extracted the preceding description...

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-8038)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8038 advisory. aardvark-dns 2:1.10.1-2 - build off the RHEL maintenance branch - Resolves: RHEL-59129 buildah cockpit-podman conmon containernetworking-plugins...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2024-729)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-729 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However...

Oracle Linux 9 : podman (ELSA-2024-8039)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8039 advisory. - rebuild to address CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 Tenable has extracted the preceding description block directly from the Oracle Linux...

WordPress Cookie Scanner Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cookie Scanner Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49220 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 18da6e2fb5aa Credits SOPROBRO Required...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2024-730)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-730 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2024-735)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-735 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing...

Amazon Linux 2023 : liboath, liboath-devel, libpskc (ALAS2023-2024-722)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-722 advisory. oath-toolkit: Local root exploit in a PAM module CVE-2024-47191 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested...

Splunk Enterprise 9.1.0 < 9.1.6, 9.2.0 < 9.2.3 (SVD-2024-1010)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-1010 advisory. - In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user...

Fedora 40 : webkit2gtk4.0 (2024-9694c3eec0)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9694c3eec0 advisory. Update to 2.46.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Oracle Linux 9 : OpenIPMI (ELSA-2024-8037)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-8037 advisory. - Update the patch for CVE-2024-42934 to add a missing upstream commit from 2.0.36: 663e3cd3 Tenable has extracted the preceding description block directly from...

Splunk Enterprise 9.1.0 < 9.1.6, 9.2.0 < 9.2.3 (SVD-2024-1004)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-1004 advisory. - In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the admin or power Splunk rol...