Cisco Smart Licensing Utility (CSLU) Installed (Windows)

Binary data ciscosmartlicensingutilitywininstalled.nbin...

Intel Quartus Prime < 24.1 (INTEL-SA-01127)

The version of Intel Quartus Prime installed on the remote host is prior to 24.1. It is, therefore, affected by a vulnerability as referenced in the INTEL-SA-01127 advisory. - Uncontrolled search path for some IntelR QuartusR Prime Pro Edition Design Software before version 24.1 may allow an...

Progress WS_FTP Server < 8.8.8 Multiple Vulnerabilities

The remote host is running a version of WSFTP earlier than 8.8.8. It is, therefore, affected by multiple vulnerabilities: - In WSFTP Server versions before 8.8.8 2022.0.8, a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor...

Oracle Linux 7 : libndp (ELSA-2024-4622)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4622 advisory. 1.2-10.0.1 - Increasing release number as per Oracle package release policy Tenable has extracted the preceding description block directly from the Oracle Linux...

AlmaLinux 8 : fence-agents (ALSA-2024:6309)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6309 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 pypa/setuptools: Remote code execution via downlo...

AlmaLinux 8 : resource-agents (ALSA-2024:6311)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6311 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 pypa/setuptools: Remote code execution via downlo...

Photon OS 4.0: Expat PHSA-2024-4.0-0682

An update of the expat package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0682. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Expat PHSA-2024-5.0-0364

An update of the expat package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0364. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Curl PHSA-2024-4.0-0682

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0682. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6992-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6992-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...

Oracle Linux 9 : bubblewrap / and / flatpak (ELSA-2024-6356)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-6356 advisory. - Add support for --bind-fd and --ro-bind-fd CVE-2024-42472 flatpak - Backport upstream patches for CVE-2024-42472 Tenable has extracted the preceding descripti...

Oracle Linux 8 : nodejs:18 (ELSA-2024-6148)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6148 advisory. nodejs 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...

Rejetto HTTP File Server 2.x <= 2.3m RCE (CVE-2024-23692)

The version of Rejetto HTTP File Server installed on the remote host is 2.x up to 2.3m. It is, therefore, affected by a vulnerability: - Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote,...

Vim < 9.1.0707 Buffer Overflow Vulnerability

According to its version, the version of Vim installed on the remote host is prior to 9.1.0707. It is, therefore affected by a buffer overflow vulnerability. Patch v9.1.0038 optimized how the cursor position is calculated and in doing so introduced the possibility for heap-buffer-overflow when...

FileZilla < 3.67.0 Insecure Key Recovery Vulnerability (CVE-2024-31497)

The FileZilla application installed on the remote host is prior to 3.67.0. It is, therefore, affected by a key recovery vulnerability where biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. Note that Nessu...

OpenTelemetry Collector < 0.108.0 Authentication Bypass

The OpenTelemetry Collector running on the remote host is prior to 0.108.0. It is, therefore, affected by a timing discrepancy vulnerability, outlined below: OpenTelemetry Collector module awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...

Cisco Smart Licensing Utility (CSLU) 2.x < 2.3.0 Multiple Vulnerabilities (cisco-sa-cslu-7gHMzWmw)

The version of Cisco Smart Licensing Utility CSLU installed on the remote Windows host is 2.x prior to 2.3.0. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system ...

CVE-2024-43405

Insight: CVE-2024-43405 affects ProjectDiscovery Nuclei. The issue is in the template signature verification (signer package), where a newline handling discrepancy between the signature verification and YAML parsing allows an attacker to craft templates that bypass digest verification and potenti...

CVE-2024-43405 Nuclei Template Signature Verification Bypass

Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code...

Google Chrome < 128.0.6613.120 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 128.0.6613.120. It is, therefore, affected by multiple vulnerabilities as referenced in the 202409stable-channel-update-for-desktop advisory. - Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed...