FreeBSD : chromium -- multiple security fixes (e464f777-719e-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e464f777-719e-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 4 security fixes: Tenable has extracted the...

[SECURITY] Fedora 41 Update: clamav-1.0.7-1.fc41

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

SAP NetWeaver AS ABAP Multiple Vulnerabilities (3488039)

Multiple vulnerabilities may be present in SAP NetWeaver Application Server ABAP, including the following: - The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access informati...

FreeBSD : Gitlab -- vulnerabilities (bcc8b21e-7122-11ef-bece-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bcc8b21e-7122-11ef-bece-2cf05da270f3 advisory. Gitlab reports: Execute environment stop actions as the owner of the stop action job Prevent...

Ivanti Endpoint Manager - September 2024 Security Update

The version of Ivanti Endpoint Manager running on the remote host is lacking the September 2024 Hotfix or Security Update 6. It is, therefore, affected by mutliple vulnerabilities: - An unspecified SQL injection in Ivanti EPM before the 2024 September update allows a remote authenticated attacker...

Fedora 40 : osc (2024-b11026f492)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b11026f492 advisory. New upstream release 1.9.1, fixes CVE-2024-22034 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

RHEL 7 : python3-setuptools (RHSA-2024:6661)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6661 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Citrix Workspace App for Windows Multiple Vulnerabilities (CTX691485)

The version of Citrix Workspace installed on the remote host is prior 2402 LTSR CU1 or 2405. It is, therefore, affected by multiple vulnerabilities: - Local privilege escalation allows a low-privileged user to gain SYSTEM privileges Improper Control of a Resource Through its Lifetime CVE-2024-788...

Dell 2335dn printer Weak Password Requirements (CVE-2018-15748)

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.152335dn MFP 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of t...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 2, 2024 to September 8, 2024)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearchers...

Sequelize Configuration File Detected

Sequelize is a promise-based Node.js ORM tool for databases engines. Sequelize CLI uses by default a configuration file in 'config' directory to store the environment and database information. By accessing it, an attacker could leverage the vulnerability to gain unauthorized and privileged access...

Veeam Service Provider Console Installed (Windows)

Binary data veeamserviceproviderconsolewininstalled.nbin...

CBL Mariner 2.0 Security Update: tensorflow (CVE-2023-33976)

The version of tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-33976 advisory. - TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a...

GitLab 11.2 < 17.1.7 / 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-4660)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was...

GitLab 16.5 < 17.1.7 / 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-4472)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Security Updates for Microsoft SQL Server (September 2024) (Remote)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Fedora 40 : nextcloud (2024-296a0db958)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-296a0db958 advisory. 29.0.6 release RHBZ2305125 RHBZ2309499 fixes CVE-2024-39338 Tenable has extracted the preceding description block directly from the Fedora security advisory...

CBL Mariner 2.0 Security Update: shim / shim-unsigned-aarch64 / shim-unsigned-x64 (CVE-2023-40549)

The version of shim / shim-unsigned-aarch64 / shim-unsigned-x64 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40549 advisory. - An out-of-bounds read flaw was found in Shim due to the lack of...

CBL Mariner 2.0 Security Update: frr (CVE-2024-44070)

The version of frr installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44070 advisory. - An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-42460)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42460 advisory. - In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing...