NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2024-0050)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow...

CKEditor < 4.24.0-LTS Multiples Cross-Site Scripting

According to its self-reported version number, the CKEditor application running on the remote host is prior to 4.24.0-LTS. It is, therefore, affected by multiples Cross-Site-Scripting : - In samples that are shipped with production code. The vulnerability allowed to execute JavaScript code by...

Postman Installed (Windows)

Binary data postmanwininstalled.nbin...

CKEditor < 5.35.0.1 Cross-Site Scripting

According to its self-reported version number, the CKEditor application running on the remote host is prior to 5.35.0.1. It is, therefore, affected by a Cross-Site-Scripting after fulfilling special conditions. Note that the scanner has not tested for these issues but has instead relied only on t...

CKEditor < 4.25.0-LTS Multiples Cross-Site Scripting

According to its self-reported version number, the CKEditor application running on the remote host is prior to 4.25.0-LTS or 4.22.x prior to 4.25.0-LTS. It is, therefore, affected by multiples Cross-Site-Scripting : - In CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected...

Oracle Linux 9 : glib2 (ELSA-2024-6464)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-6464 advisory. - Fix CVE-2024-34397, signal subscription vulnerabilities Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

HCLTech Domino SEoL (11.0.x)

According to its version, HCLTech Domino is 11.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-083)

The version of kernel installed on the remote host is prior to 5.4.282-194.378. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-083 advisory. 2024-12-05: CVE-2024-41042 was added to this advisory. 2024-09-12: CVE-2024-44944 was added to this...

Oracle Linux 7 : qt5-qtbase (ELSA-2024-4647)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4647 advisory. 5.9.7-5.0.1 - Backport fix for CVE-2024-39936 Orabug: 36904373 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.423)

The version of AHV installed on the remote host is prior to 20220304.423. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.423 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via...

Citrix Workspace App for Windows Privilege Escalation (CTX678036)

The version of Citrix Workspace installed on the remote host is prior to 2203.1 LTSR CU6 Hotfix 2, 2402 LTSR or 2403.1. It is, therefore, affected by a privilege escalation vulnerability as referenced in the CTX678036 advisory. - Local Privilege escalation allows a low-privileged user to gain...

Amazon Linux 2023 : docker (ALAS2023-2024-711)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-711 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

Amazon Linux 2023 : microcode_ctl (ALAS2023-2024-712)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-712 advisory. Insufficient control flow management for some IntelR Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2024-22374 Tenable has extracted the...

Nexans FTTO GigaSwitch Backdoor Account (CVE-2022-32985)

libnxapl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-069)

The version of kernel installed on the remote host is prior to 5.10.224-212.876. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-069 advisory. 2024-12-05: CVE-2024-41042 was added to this advisory. 2024-09-26: CVE-2024-42302 was added to this...

Amazon Linux 2023 : runc (ALAS2023-2024-710)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-710 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

Nutanix AHV : (NXSA-AHV-20220304.392)

The version of AHV installed on the remote host is prior to 20220304.392. It is, therefore, affected by a vulnerability as referenced in the NXSA-AHV-20220304.392 advisory. - zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header...

Amazon Linux 2 : microcode_ctl (ALAS-2024-2631)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2631 advisory. Insufficient control flow management for some IntelR Xeon Processors may allow an authenticated user to potentially enable deni...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssh Vulnerability (NS-SA-2024-1001)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssh packages installed that are affected by a vulnerability: - openssh: A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals i...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openssh Vulnerability (NS-SA-2024-1002)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssh packages installed that are affected by a vulnerability: - openssh: A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals i...