Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Python vulnerabilities (USN-7015-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7015-2 advisory. USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2...

SUSE SLES15 Security Update : python3 (SUSE-SU-2024:3302-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3302-1 advisory. - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module bsc1228780. - CVE-2024-7592: Fixed Email...

Docker Desktop < 4.34.2 Multiple Vulnerabilities

The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...

Docker Desktop < 4.34.2 Multiple Vulnerabilities

The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...

Amazon Linux 2 : python2-setuptools (ALAS-2024-2632)

The version of python2-setuptools installed on the remote host is prior to 41.2.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2632 advisory. A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution vi...

SolarWinds ARM 2024.3.1 Multiple Vulnerabilities (2024-3-1)

The version of SolarWinds ARM installed on the remote host is prior to 2024.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-3-1 advisory. - SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. ...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2024-053 (ALASKERNEL-5.15-2024-053)

The version of kernel installed on the remote host is prior to 5.15.162-107.160. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-053 advisory. A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the functi...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2024-085 (ALASKERNEL-5.4-2024-085)

The version of kernel installed on the remote host is prior to 5.4.283-195.378. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-085 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MM...

Amazon Linux 2 : kernel (ALAS-2024-2633)

The version of kernel installed on the remote host is prior to 4.14.336-257.566. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2633 advisory. 2024-12-05: CVE-2024-26687 was added to this advisory. In the Linux kernel, the following vulnerability has been...

Amazon Linux 2 : ruby (ALAS-2024-2634)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2634 advisory. ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Tenable has extracted the preceding description block directly...

Amazon Linux 2 : microcode_ctl (ALAS-2024-2635)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2635 advisory. 2024-10-10: CVE-2024-22374 was added to this advisory. Improper isolation in some IntelR Processors stream cache...

Amazon Linux 2 : ruby (ALAS-2024-2637)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2637 advisory. A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using...

MLflow Registry Enumeration

Binary data mlflowregistryenumeration.nbin...

Oracle Linux 8 : pcs (ELSA-2024-6670)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6670 advisory. 0.10.18-2.0.1.el810.2 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.2 - Updated rubygem rexml Resolves: RHEL-52409, RHEL-52788, RHEL-55997...

Next.js < 14.1.1 Server Actions Server-Side Request Forgery

Next.js versions from 13.4 included before 14.1.1 suffer from a Server-Side Request Forgery SSRF when using Server Actions performing a redirection to a relative path starting with '/'. By leveraging this vulnerability, a remote and unauthenticated attacker can forge an arbitrary 'Host' header an...

Service Worker Detected

This is an informational plugin to inform the user that the scanner has detected the usage of Service Worker on the target web application. No source data...

MLFlow < 2.12.1 File Deletion

A broken access control vulnerability exists in mlflow/mlflow versions before 2.12.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

openSUSE 15 Security Update : htmldoc (openSUSE-SU-2024:0303-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0303-1 advisory. - CVE-2024-45508: Fixed an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only...

Amazon Linux AMI : microcode_ctl (ALAS-2024-1946)

The version of microcodectl installed on the remote host is prior to 2.1-47.43. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1946 advisory. Improper isolation in some IntelR Processors stream cache mechanism may allow an authenticated user to potentially enable...

Photon OS 3.0: Python3 PHSA-2024-3.0-0795

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0795. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...