CBL Mariner 2.0 Security Update: krb5 (CVE-2024-37370)

The version of krb5 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37370 advisory. - In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a...

CBL Mariner 2.0 Security Update: curl (CVE-2024-0853)

The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0853 advisory. - curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapli...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-36288)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36288 advisory. - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition i...

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2024-686)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-686 advisory. .NET Core and Visual Studio Denial of Service Vulnerability CVE-2024-30105 .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-35264 .NET and Visual Studio Denial of Service...

CBL Mariner 2.0 Security Update: qemu (CVE-2022-36648)

The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-36648 advisory. - The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier,...

CBL Mariner 2.0 Security Update: qemu / qemu-kvm (CVE-2021-4206)

The version of qemu / qemu-kvm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-4206 advisory. - A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc...

SUSE SLES12 Security Update : python-Twisted (SUSE-SU-2024:2732-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2732-1 advisory. - CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order bsc1228549 - CVE-2024-41810: Fixed...

CBL Mariner 2.0 Security Update: cmake / curl / mysql (CVE-2024-2398)

The version of cmake / curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2398 advisory. - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-39482)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39482 advisory. - In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse ...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2024-697)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-697 advisory. 2024-08-28: CVE-2024-24790 was added to this advisory. 2024-08-09: CVE-2023-47108 was removed from this advisory. 2024-08-09: The severity of this advisory has been changed from Important to...

Oracle JDeveloper DoS (July 2024 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by denial of service vulnerability as referenced in the July 2024 CPU advisory. Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Oracle...

GeoServer Jai-EXT RCE (CVE-2022-24816)

Binary data geoserverjaiextCVE-2022-24816.nbin...

CBL Mariner 2.0 Security Update: terraform (CVE-2024-6257)

The version of terraform installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6257 advisory. - HashiCorp's go-getter library can be coerced into executing Git update on an existing maliciously modified...

Security Vulnerabilities fixed in Firefox for iOS 129 — Mozilla

Long pressing on a download link could potentially provide a means for cross-site scripting The contextual menu for links could provide an opportunity for cross-site scripting attacks When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to...

Photon OS 3.0: Runc PHSA-2024-3.0-0775

An update of the runc package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0775. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 40 : chromium (2024-3a1a0a664e)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a1a0a664e advisory. update to 127.0.6533.88 Critical CVE-2024-6990: Uninitialized Use in Dawn High CVE-2024-7255: Out of bounds read in WebTransport High CVE-2024-7256:...

SUSE SLES12 Security Update : patch (SUSE-SU-2024:2704-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2704-1 advisory. - CVE-2019-20633: Fixed double-free/OOB read in pch.c bsc1167721 Tenable has extracted the preceding description block directly from the SUS...

Photon OS 4.0: Python3 PHSA-2024-4.0-0662

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0662. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 40 : hostapd / wpa_supplicant (2024-73626281d8)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-73626281d8 advisory. Update to upstream version 2.11. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Progress MOVEit Transfer < 2023.0.12 / 2023.1 < 2023.1.7 / 2024.0 < 2024.0.3 Privilege Escalation

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3. Note that Nessus has not tested for these issues but has...