SUSE SLED15: gio-branding-upstream / glib2-devel / glib2-devel-32bit / etc (SUSE-SU-2024:3086-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3086-1 advisory. - Fixed a possible use after free regression introduced by CVE-2024-34397 patch bsc1224044. Tenable has...

SUSE SLES15: frr / frr-devel / libfrr0 / libfrr_pb0 / libfrrcares0 / etc (SUSE-SU-2024:3090-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3090-1 advisory. - CVE-2024-44070: Fixed missing stream length check before TLV value is taken in bgpattrencap bsc1229438 Tenable has extracted the preceding...

AlmaLinux 9 : runc (ALSA-2024:6188)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:6188 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 Tenable has extracted the preceding description block direct...

GHSA-JFVP-7X6P-H2PV vulnerabilities

Vulnerabilities for packages: podman, k8s-device-plugin, grafana-alloy, docker, syft, buildah, kubernetes, grype, opentelemetry-collector-contrib, neuvector-scanner, runc, cadvisor, ctop, k3s...

CVE-2024-45310 vulnerabilities

Vulnerabilities for packages: podman, k8s-device-plugin, grafana-alloy, docker, syft, buildah, kubernetes, grype, opentelemetry-collector-contrib, neuvector-scanner, runc, cadvisor, ctop, k3s...

Secure Your Business with Qualys’ New Cloud Agent Deployment using Qualys Scanner

The significance of cybersecurity in today’s world cannot be understated. Businesses are constantly exposed to evolving threats that challenge their infrastructure. Organizations deploy various security solutions to combat these risks, including agents installed on their servers, endpoints, and...

Laravel Horizon Unrestricted Access

Laravel Horizon is a Laravel package that provides a dashboard for managing application jobs and queues. If an attacker gains access to this interface, it is possible to stop/delete jobs or retrieve sensitive data contained in job information. No source data...

Gradio Unauthenticated Access

By default, Gradio does not require authentication to access the application. This allows an attacker to access sensitive data. This detection is included in the AI and LLM category. No source data...

FCKEditor Unsupported Version

The installation of FCKEditor detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

Gradio Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Gradio instance on the target application. Gradio is a software to build machine learning apps in Python. This detection is included in the AI and LLM category. No source data...

Laravel Pulse Unrestricted Access

Laravel Pulse is a Laravel package that provides information about application performance. If an attacker gains access to this dashboard, he can retrieve sensitive information, notably from stack traces or endpoints. No source data...

Ivanti Virtual Traffic Manager Authentication Bypass

Ivanti Virtual Traffic Manager vTM versions before 22.2R1 and 22.x 22.7R2 suffers from an authentication bypass vulnerability. By exploiting this vulnerability, a remote and unauthenticated attacker can access the administration panel and perform arbitrary modifications on the affected instance. ...

Nginx+ Dashboard Unrestricted Access

Nginx Plus is a proprietary solution from F5 built on top of Nginx and featuring a dashboard called "Live Activity Monitoring". When accessible without authentication it may contain sensitives information that can be used by an attacker. No source data...

Laravel Telescope Unrestricted Access

Laravel Telescope provides an overview of requests entering your application, exceptions, log entries, database queries, pending tasks, mail, notifications, cache operations, scheduled tasks, variable flushes and much more. If an attacker gains access to this dashboard, it would be possible to...

LiteSpeed Cache Plugin for WordPress < 6.4 Privilege Escalation

The WordPress LiteSpeed Cache Plugin installed on the remote host is affected by an unauthenticated Privilege Escalation. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Gradio 4.3 < 4.13 Local File Read

Gradio version 4.3 prior to 4.13 are vulnerable to an unauthenticated Local file read by calling arbitrary methods of Components class. This detection is included in the AI and LLM category. No source data...

Nginx HTTP API Module Unrestricted Access

Nginx HTTP API Module provide a REST API for accessing various status information, configuring upstream server groups on-the-fly, and managing key-value pairs without the need of reconfiguring nginx. If these endpoints are accessible to an attacker, he can modify the configuration in place and, i...

Ubuntu 14.04 LTS : Drupal vulnerabilities (USN-6981-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6981-2 advisory. USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Tenable has extracted the preceding...

SUSE SLED15: kernel-firmware / kernel-firmware-all / kernel-firmware-amdgpu / etc (SUSE-SU-2024:3081-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3081-1 advisory. - CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-247-01)

The version of mozilla-firefox installed on the remote host is prior to 115.15.0esr / 128.2.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-247-01 advisory. New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues...