Mozilla Firefox ESR < 115.15

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-41 advisory. - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were...

Gradio 4.3 < 4.13 Local File Read

Gradio version 4.3 prior to 4.13 are vulnerable to an unauthenticated Local file read by calling arbitrary methods of Components class. This detection is included in the AI and LLM category. No source data...

Nginx HTTP API Module Unrestricted Access

Nginx HTTP API Module provide a REST API for accessing various status information, configuring upstream server groups on-the-fly, and managing key-value pairs without the need of reconfiguring nginx. If these endpoints are accessible to an attacker, he can modify the configuration in place and, i...

Oracle Linux 9 : python-urllib3 (ELSA-2024-6162)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-6162 advisory. - Security fix for CVE-2024-37891 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has n...

AlmaLinux 9 : gvisor-tap-vsock (ALSA-2024:6187)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:6187 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 Tenable has extracted the preceding description block direct...

EulerOS Virtualization 2.12.1 : gnutls (EulerOS-SA-2024-2306)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem...

Oracle Linux 9 : krb5 (ELSA-2024-6166)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6166 advisory. 1.21.1-2.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.21.1-2 - CVE-2024-37370 CVE-2024-37371 Fix vulnerabilities in GSS message tok...

Mozilla Firefox ESR < 115.15

The version of Firefox ESR installed on the remote Windows host is prior to 115.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-41 advisory. - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the...

Oracle Linux 9 : python3.9 (ELSA-2024-6163)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-6163 advisory. - Security fix for CVE-2024-8088 Resolves: RHEL-55968 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

Mozilla Firefox < 130.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 130.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-39 advisory. - Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we...

Slackware Linux 15.0 / current seamonkey Vulnerability (SSA:2024-247-02)

The version of seamonkey installed on the remote host is prior to 2.53.19. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-247-02 advisory. New seamonkey packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

Ubuntu 14.04 LTS : Drupal vulnerabilities (USN-6981-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6981-2 advisory. USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Tenable has extracted the preceding...

EulerOS Virtualization 2.12.0 : mod_http2 (EulerOS-SA-2024-2331)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413...

SUSE SLED15: kernel-firmware / kernel-firmware-all / kernel-firmware-amdgpu / etc (SUSE-SU-2024:3081-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3081-1 advisory. - CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM...

LiteSpeed Cache Plugin for WordPress < 6.4 Privilege Escalation

The WordPress LiteSpeed Cache Plugin installed on the remote host is affected by an unauthenticated Privilege Escalation. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Intel Quartus Prime Installed (Windows)

Binary data intelquartusprimewininstalled.nbin...

Siemens LOGO! V8.3 BM Devices Plaintext Storage of a Password (CVE-2024-39922)

LOGO! V8.3 BM incl. SIPLUS variants devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set passwords from an embedded storage IC. Siemens has released new hardware versions with the LOGO! V8.4 BM...

Fedora 40 : vim (2024-bb4b6da0b6)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bb4b6da0b6 advisory. patchlevel 703 Security fixes for CVE-2024-43374, CVE-2024-43802 Tenable has extracted the preceding description block directly from the Fedora...

MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner', 'Description' = %q This module is based on et's HTTP Directory Scanner module, with...

Snowflake API Settings

Binary data snowflakesettings.nbin...