WordPress Plugin 'GiveWP - Donation Plugin and Fundraising Platform' < 3.14.2 RCE

The WordPress application running on the remote host has a version of the 'GiveWP - Donation Plugin and Fundraising Platform' plugin that is prior to 3.14.2. It is, therefore, affected by a remote code execution vulnerability. Deserialization of malicious PHP objects injected through the...

EulerOS Virtualization 2.11.0 : expat (EulerOS-SA-2024-2191)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via...

EulerOS 2.0 SP12 : mod_http2 (EulerOS-SA-2024-2244)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a clien...

RHEL 8 : kpatch-patch-4_18_0-553 (RHSA-2024:5522)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:5522 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch...

CBL Mariner 2.0 Security Update: bind / dhcp (CVE-2024-1975)

The version of bind / dhcp installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1975 advisory. - If a server hosts a zone containing a KEY Resource Record, or a resolver DNSSEC-validates a KEY Resource...

EulerOS Virtualization 2.10.1 : sssd (EulerOS-SA-2024-2149)

According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to...

CBL Mariner 2.0 Security Update: qt5-qtbase (CVE-2024-39936)

The version of qt5-qtbase installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39936 advisory. - An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before...

CBL Mariner 2.0 Security Update: grpc / keras / mysql / protobuf / pytorch (CVE-2022-1941)

The version of grpc / keras / mysql / protobuf / pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1941 advisory. - A parsing vulnerability for the MessageSet type in the ProtocolBuffers...

Apple iTunes < 12.12.9 Multiple Vulnerabilities (credentialed check)

The version of Apple iTunes installed on the remote Windows host is prior to 12.12.9. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213763 advisory. - A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be...

Apple iTunes < 12.12.9 Multiple Vulnerabilities (uncredentialed check)

The version of Apple iTunes installed on the remote Windows host is prior to 12.12.9. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213763 advisory. - A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be...

CBL Mariner 2.0 Security Update: xorg-x11-server (CVE-2024-31083)

The version of xorg-x11-server installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31083 advisory. - A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This...

CBL Mariner 2.0 Security Update: bind (CVE-2024-4076)

The version of bind installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4076 advisory. - Client queries that trigger serving stale data and that also require lookups in local authoritative zone data M...

CBL Mariner 2.0 Security Update: libtiff (CVE-2024-7006)

The version of libtiff installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7006 advisory. - A null pointer dereference flaw was found in Libtiff via tifdirinfo.c. This issue May allow an attacker to...

CBL Mariner 2.0 Security Update: cert-manager / helm (CVE-2024-25620)

The version of cert-manager / helm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25620 advisory. - Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources...

CBL Mariner 2.0 Security Update: bind / dhcp (CVE-2024-1737)

The version of bind / dhcp installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1737 advisory. - Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2024-704)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-704 advisory. ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory address read vulnerability with Regex search CVE-2024-27282 Tenable has extracted the preceding descripti...

CBL Mariner 2.0 Security Update: xorg-x11-server (CVE-2024-31080)

The version of xorg-x11-server installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31080 advisory. - A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents...

FreeBSD : electron31 -- multiple vulnerabilities (e61af8f4-455d-4f99-8d81-fbb004929dab)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e61af8f4-455d-4f99-8d81-fbb004929dab advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...

SUSE SLES15: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2024:2949-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2949-1 advisory. - CVE-2024-40776: Fixed a use-after-free issue with improved memory management bsc1228613. - CVE-2024-40779: Fixed a out-of-bounds...

Amazon Linux 2 : ca-certificates (ALAS-2024-2607)

The version of ca-certificates installed on the remote host is prior to 2023.2.68-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2607 advisory. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while...