OpenTelemetry Collector < 0.107.0 Timing Discrepancy

The OpenTelemetry Collector running on the remote host is prior to 0.107.0. It is, therefore, affected by a timing discrepancy vulnerability, outlined below: The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured...

F5 Networks BIG-IP : Apache HTTP server vulnerability (K000140693)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140693 advisory. Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules ...

IBM WebSphere Application Server Liberty 17.0.0.3 < 24.0.0.9 Information Disclosure (7165502)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by an information disclosure vulnerability as referenced in the 7165502 advisory. - IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network ...

Fedora 39 : roundcubemail (2024-b60eb661a4)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b60eb661a4 advisory. Version 1.6.8 - Managesieve: Protect special scripts in managesievekolabmaster mode - Fix newmailnotifier notification focus in Chrome 9467 - Fix...

ManageEngine ADAudit Plus < Build 8110 Multiple Vulnerabilities

The version of ManageEngine ADAudit Plus installed on the remote host is prior to build 8110. It is, therefore, affected by multiple vulnerabilities. - Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option...

CVE-2024-3104

creationtimestamp| type| source ---|---|--- 2024-08-14 16:35:18+00:00| published-proof-of-concept| https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/anythingllmcve20243104...

RHEL 8 : krb5 (RHSA-2024:5312)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5312 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending...

RHEL 8 : wget (RHSA-2024:5299)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:5299 advisory. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input ma...

Oracle Linux 9 : thunderbird (ELSA-2024-5392)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-5392 advisory. 115.14.0-1.0.1 - Add Oracle prefs 115.14.0 - Add OpenELA debranding 115.14.0-1 - Update to 115.14.0 build1 Tenable has extracted the preceding...

RHEL 8 : grafana (RHSA-2024:5291)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5291 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net:...

Ivanti Virtual Traffic Manager (vTM) Web Interface Detection

Binary data ivantivirtualtrafficmanagerwebdetect.nbin...

Adobe Photoshop 24.x < 24.7.4 / 25.x < 25.11 Vulnerability (macOS APSB24-49)

The version of Adobe Photoshop installed on the remote macOS or Mac OS X host is prior to 24.7.4/25.11. It is, therefore, affected by a vulnerability as referenced in the apsb24-49 advisory. - Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability tha...

Canonical Snapcraft Packages Installed (Linux)

Binary data canonicalsnapcraftpackagesnixinstalled.nbin...

Security Updates for Azure CycleCloud (August 2024)

The Azure CycleCloud product is missing security updates. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability exists due to a disclosure of the storage credentials. An authenticated, remote attacker can exploit this to bypass authentication and...

Adobe Bridge 13.x < 13.0.9 / 14.x < 14.1.2 Multiple Vulnerabilities (APSB24-59)

The version of Adobe Bridge installed on the remote Windows host is prior to 13.0.9 or 14.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-59 advisory. - Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that cou...

AlmaLinux 9 : 389-ds-base (ALSA-2024:5192)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5192 advisory. 389-ds-base: Malformed userPassword hash may cause Denial of Service CVE-2024-5953 389-ds-base: unauthenticated user can trigger a DoS by sending a specif...

Adobe Illustrator < 27.9.5 / 28.0 < 28.6 Multiple Vulnerabilities (APSB24-45)

The version of Adobe Illustrator installed on the remote Windows host is prior to 27.9.5, 28.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-45 advisory. - Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that...

KB5041782: Windows 10 LTS 1507 Security Update (August 2024)

The remote Windows host is missing security update 5041782. It is, therefore, affected by multiple vulnerabilities - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than neede...

KB5041580: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (August 2024)

The remote Windows host is missing security update 5041580. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...

Adobe Bridge 13.x < 13.0.9 / 14.x < 14.1.2 Multiple Vulnerabilities (APSB24-59)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 13.0.9 or 14.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-59 advisory. - Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerabilit...