Fedora 40 : thunderbird (2024-5b8cfa7937)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5b8cfa7937 advisory. Update to 128.3.1 https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/ ---- Update to 128.3.0...

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for python-requests (SUSE-SU-SUSE-RU-2024:3600-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:3600-1 advisory. This update for python-requests fixes the following issue: - Update CVE-2024-35195.patch to allow...

JetBrains TeamCity < 2024.7.3 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2024.7.3. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API CVE-2024-47161 - In JetBrains TeamCity before 2024.07.3 path...

Security Update for Microsoft .NET Core SDK (October 2024)

The version of .NET Core SDK installed on the remote host is 6.x prior to 6.0.35 or 8.x prior to 8.0.10. It is, therefore, affected by denial of service vulnerability as referenced in the October 2024 advisory: - .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability...

HP Hotkey Support Installed (Windows)

Binary data hphotkeysupportinstalled.nbin...

GitLab 11.4 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-5005)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Key...

Siemens JT2Go < 2406.0003 Buffer Overflow (SSA-626178)

The version of Siemens JT2Go installed on the remote host is prior to 2406.0003. It is, therefore, affected by a stack-based buffer overflow vulnerability as referenced in the SSA-626178 advisory that could be triggered while parsing specially crafted PDF files. This could allow an attacker to...

Progress Telerik UI for WinForms < 2024.3.924 Command Injection

The version of Progress Telerik UI for WinForms installed on the remote host is prior to 2024.3.924. It is, therefore, affected by a vulnerability as referenced in the cve-2024-7679 advisory. - In Progress Telerik UI for WinForms versions prior to 2024 Q3 2024.3.924, a command injection attack is...

CBL Mariner 2.0 Security Update: unbound (CVE-2024-43167)

The version of unbound installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43167 advisory. - DISPUTE NOTE: this issue does not pose a security risk as it according to analysis by the original software...

Security Update for Microsoft Visual Studio Code (October 2024)

The version of Microsoft Visual Studio Code installed on the remote Linux host is prior to 1.94.1. It is, therefore, affected by a remote code execution vulnerability. A remote attacker can use this to execute arbitrary commands. Note that Nessus has not tested for this issue but has instead reli...

Security Updates for Microsoft Office Products C2R (October 2024)

The Microsoft Office Products are missing a security update. It is, therefore, affected by the following vulnerabilities: - Microsoft Office is affected by a remote code execution vulnerability. CVE-2024-43576 - Microsoft Office is affected by a remote code execution vulnerability. CVE-2024-43616...

Security Update for Microsoft Power BI Report Server (October 2024)

The Microsoft Power BI Report Server on the remote host is missing the October 2024 security update. It is, therefore, affected by a server spoofing vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Photon OS 4.0: Nano PHSA-2024-4.0-0699

An update of the nano package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0699. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ivanti Connect Secure 9.1Rx < 9.1R18.9 / 22.x < 22.7R2.1 RCE

The Ivanti Connect Secure installed on the remote host is 9.1Rx prior to 9.1R18.9, 22.x prior to 22.7R2.1. It is, therefore, affected by a remote code execution vulnerability due to improper input validation in the admin portal. Note that Nessus has not tested for this issue but has instead relie...

CBL Mariner 2.0 Security Update: unbound (CVE-2024-33655)

The version of unbound installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-33655 advisory. - The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service resource...

Ivanti Policy Secure 22.x < 22.7R1.1 RCE

The Ivanti Policy Secure installed on the remote host is prior to 22.7R1.1. It is, therefore, affected by a remote code execution vulnerability due to improper input validation in the admin portal. Note that Nessus has not tested for this issue but has instead relied only on the application's...

CBL Mariner 2.0 Security Update: nvidia-container-toolkit (CVE-2024-0132)

The version of nvidia-container-toolkit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0132 advisory. - NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU...

Fedora 40 : koji (2024-7ee01adadc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7ee01adadc advisory. Update to 1.35.1. Includes fix for CVE-2024-9427 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Juniper Junos OS Vulnerability (JSA88132)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA88132 advisory. - An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker ...

GitLab 8.16 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-9623)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys ...