58847 matches found
OSGeo GeoTools RCE (CVE-2024-36404)
The version of OSGeo GeoTools installed on the remote host is affected by a remote code execution vulnerability, as follows: - Remote Code Execution is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Note that Nessus has not...
WordPress < 6.6.1
WordPress versions 6.6.1 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid204968; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/01/08"; scriptcveid"CVE-2024-31111", "CVE-2024-31210",...
OSGeo GeoServer RCE (CVE-2024-36401)
The version of OSGeo GeoServer installed on the remote host is affected by a remote code executionvulnerability, as follows: - Multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to...
ManageEngine OpManager SQLi (CVE-2024-6748)
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
How Cyberthreats Could Disrupt the Olympics
Introduction Cybersecurity experts are on high alert, as the 2024 Olympic Games continue over the coming weeks. Historically, the Olympics have been a prime target for cybercriminals, state-sponsored actors, and hacktivists. The convergence of global attention, vast amounts of sensitive data, and...
Danswer Unauthenticated Access
By default, Danswer does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category. No source data...
Windows System Driver Enumeration (Windows)
Binary data wmienumkerneldrivers.nbin...
LOLDriver Detection (Windows)
Binary data loldriversdetectwin.nbin...
Microsoft Edge (Chromium) < 127.0.2651.86 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 127.0.2651.86. It is, therefore, affected by multiple vulnerabilities as referenced in the August 1, 2024 advisory. - Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attack...
FreeBSD : chromium -- multiple security fixes (15d398ea-4f73-11ef-8a0f-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 15d398ea-4f73-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 3 security fixes: Tenable has extracted the...
Ubuntu 24.04 LTS : Python vulnerability (USN-6941-1)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6941-1 advisory. It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered private or globally reachable. Th...
Fedora 40 : kernel (2024-873e2cb5f2)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-873e2cb5f2 advisory. The 6.9.12 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly...
Slackware Linux 15.0 / current curl Vulnerability (SSA:2024-213-01)
The version of curl installed on the remote host is prior to 8.9.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-213-01 advisory. New curl packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding description...
Fedora 39 : xdg-desktop-portal-hyprland (2024-295a735fbc)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-295a735fbc advisory. Update to 1.3.3 https://github.com/hyprwm/xdg-desktop-portal-hyprland/releases/tag/v1.3.3 Tenable has extracted the preceding description block directly from...
Fedora 40 : chromium (2024-141c438daf)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-141c438daf advisory. - fix crash on ppc64le Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
System Asset Info Enumeration (Linux / Unix)
Binary data linuxassetinfoenum.nbin...
SUSE SLED15: gnome-extensions / gnome-shell / gnome-shell-calendar / etc (SUSE-SU-2024:2618-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2618-1 advisory. - CVE-2024-36472: Fixed portal helper automatically launched without user confirmation bsc1225567 Tenable...
RHEL 7 : httpd (RHSA-2024:4943)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4943 advisory. For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the...
Photon OS 5.0: Mysql PHSA-2024-5.0-0335
An update of the mysql package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0335. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Fedora 40 : curl (2024-a7976ba89f)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a7976ba89f advisory. - fix freeing stack buffer in utf8asn1str CVE-2024-6197 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...