SUSE SLES15 / openSUSE 15 Security Update : kubernetes1.27 (SUSE-SU-2024:3455-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3455-1 advisory. - rebuild the package with the current go 1.23 security release bsc1229122. Tenable has extracted the preceding...

Microsoft Edge (Chromium) < 128.0.2739.97 / 129.0.2792.65 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 128.0.2739.97 / 129.0.2792.65. It is, therefore, affected by multiple vulnerabilities as referenced in the September 26, 2024 advisory. - Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowe...

Ubuntu 24.04 LTS : libcupsfilters vulnerability (USN-7044-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7044-1 advisory. Simone Margaritelli discovered that libcupsfilters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to...

SUSE SLES15 / openSUSE 15 Security Update : kubernetes1.24 (SUSE-SU-2024:3453-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3453-1 advisory. - rebuild the package with the current go 1.23 security release bsc1229122. Tenable has extracted the preceding...

GitLab 15.6 < 17.2.8 / 17.3 < 17.3.4 / 17.4 < 17.4.1 (CVE-2024-8974)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an...

CUPS cups-browsed Remote Unauthenticated Printer Registration (CVE-2024-47176)

Binary data cupsCVE-2024-47176.nbin...

Fedora 39 : chromium (2024-e60359f212)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e60359f212 advisory. Update to 129.0.6668.70 High CVE-2024-9120: Use after free in Dawn High CVE-2024-9121: Inappropriate implementation in V8 High CVE-2024-9122: Type...

Exploit for CVE-2024-9166

CVE-2024-9166 Vulnerability Scanner A Python-based tool to sca...

PowerPress Podcasting Plugin for WordPress 11.9.3 / 11.9.4 Injected Backdoor

The WordPress PowerPress Podcasting Plugin installed on the remote host is affected by an injected backdoor. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Pods Plugin for WordPress 3.2.3 Injected Backdoor

The WordPress Pods Plugin installed on the remote host is affected by an injected backdoor. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Apache OFBiz < 18.12.16 Remote Code Execution

Apache OFBiz versions prior to 18.12.16 suffers from a vulnerability allowing a remote and unauthenticated attacker to arbitrary write file to the target instance and Remote Code Execution RCE on the vulnerable system. Note that this plugin requires the 'File Upload' assessment option enabled in...

JetBrains YouTrack Installed (Windows)

Binary data jetbrainsyoutrackwininstalled.nbin...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : ConfigObj vulnerability (USN-7040-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7040-1 advisory. It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly u...

AlmaLinux 8 : git-lfs (ALSA-2024:7135)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:7135 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Tenable...

Foxit PDF Editor for Mac < 2024.3 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor for Mac application previously named Foxit PhantomPDF for Mac installed on the remote macOS host is prior to 2024.3. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability...

Foxit PDF Reader for Mac < 2024.3 Multiple Vulnerabilities

According to its version, the Foxit PDF Reader for Mac application previously named Foxit Reader for Mac installed on the remote macOS host is prior to 2024.3. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Th...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : opensc (SUSE-SU-2024:3444-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3444-1 advisory. - CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. bsc1230076...

Apple iTunes < 12.13.3 Multiple Vulnerabilities (uncredentialed check)

The version of Apple iTunes installed on the remote Windows host is prior to 12.13.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 121328 advisory. - A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 f...

Apple iTunes < 12.13.3 Multiple Vulnerabilities (credentialed check)

The version of Apple iTunes installed on the remote Windows host is prior to 12.13.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 121328 advisory. - A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 f...

Oracle Linux 7 : firefox (ELSA-2024-5324)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-5324 advisory. 115.12.0-1.0.3 - Security fixes Orabug: 36904311Orabug: 36948200CVE-2024-6601 CVE-2024-6603CVE-2024-6604CVE-2024-7519CVE-2024-7520CVE-2024-7521...