Google Chrome < 127.0.6533.88 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 127.0.6533.88. It is, therefore, affected by multiple vulnerabilities as referenced in the 202407stable-channel-update-for-desktop30 advisory. - Insufficient data validation in Dawn in Google Chrome on Android prior to...

Photon OS 5.0: Python3 PHSA-2024-5.0-0334

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0334. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

OSGeo GeoServer Service Detection

Binary data osgeogeoserverservicedetect.nbin...

libexiv2 Installed (Linux / Unix)

Binary data libexiv2nixinstalled.nbin...

Dahua Security Cameras Improper Authentication (CVE-2017-9316)

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...

Exiv2 Installed (Linux / Unix)

Binary data exiv2nixinstalled.nbin...

External Broken Resources Detected

Web applications heavily rely on external resources such as JavaScript files, Cascading Style Sheets CSS or images. When an application uses links which targets external resources which do not exist, an attacker could try gaining control over this resource to inject code in the target web...

FreeBSD : znc -- remote code execution vulnerability (8057d198-4d26-11ef-8e64-641c67a117d8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8057d198-4d26-11ef-8e64-641c67a117d8 advisory. Mitre reports: In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Tenable has...

PaperCut NG/MF < 22.1.3 Path Traversal

PaperCut NG and PaperCut MF versions prior to 22.1.3 on Windows is vulnerable to a path traversal allowing an unauthenticated attacker to read, write or delete arbitrary files and may also leads to remote code execution when external device integration is enabled. No source data...

Dify Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Dify instance on the target application. Dify is an open-source LLM app development platform. This detection is included in the AI and LLM category. No source data...

Facade Ignition < 2.5.2 Remote Code Execution

Facade Ignition is a customizable error page for Laravel applications running on Laravel 5.5 up to Laravel 8. It is the default error page for all Laravel 6 applications. Facade Ignition versions prior to 2.5.2 is is affected by a vulnerability allowing an unauthenticated attacker to obtain Remot...

Danswer Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Danswer instance on the target application. Danswer is the AI Assistant connected to your company's docs, apps, and people. This detection is included in the AI and LLM category. No source data...

AnythingLLM API Sensitive Information Disclosure

AnythingLLM suffers from an information disclosure vulnerability through the /api/setup-complete API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM...

Apple iOS < 16.7.9 Multiple Vulnerabilities (120908)

Binary data appleios1679check.nbin...

Apple iOS < 17.6 Multiple Vulnerabilities (120909)

Binary data appleios176check.nbin...

CBL Mariner 2.0 Security Update: python-idna / python-pip / python3 / tensorflow (CVE-2024-3651)

The version of python-idna / python-pip / python3 / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3651 advisory. - A vulnerability was identified in the kjd/idna library, specifically...

Fedora 40 : darkhttpd (2024-25f8e34407)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-25f8e34407 advisory. - Update to 1.16 fixes rhbz2259096 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Photon OS 3.0: Vim PHSA-2022-3.0-0411

An update of the vim package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0411. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20479...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-40898)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40898 advisory. - SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTM...

OSGeo GeoServer Installed (Linux / Unix)

Binary data osgeogeoservernixinstalled.nbin...