CBL Mariner 2.0 Security Update: tpm2-tools (CVE-2024-29039)

The version of tpm2-tools installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29039 advisory. - tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows...

Fedora 40 : suricata (2024-7fc32da8ad)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7fc32da8ad advisory. New bugfix and security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 40 : gtk3 (2024-145e88df1c)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-145e88df1c advisory. Update to 3.24.43 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 39 : fluent-bit (2024-f3c8d05888)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f3c8d05888 advisory. Update to 3.0.4 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CBL Mariner 2.0 Security Update: tpm2-tools (CVE-2024-29038)

The version of tpm2-tools installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29038 advisory. - tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker c...

Fedora 40 : botan2 (2024-7f42bafbdb)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7f42bafbdb advisory. Rebase to v2.19.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Ignite Realtime Openfire Admin Console Detection

Binary data openfiredetect.nbin...

Hierarchical Data Format HDF5 File Detection for Linux/UNIX

Binary data detectmodelfileshdf5.nbin...

AlmaLinux 9 : libndp (ALSA-2024:4636)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:4636 advisory. libndp: buffer overflow in route information length field CVE-2024-5564 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Oracle Linux 8 / 9 : java-1.8.0-openjdk (ELSA-2024-4563)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4563 advisory. 1.8.0.422.b05-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:1.8.0.422.b05-1.1 - Update to shenandoah-jdk8u422-b05 GA - Update release notes...

Ivanti Endpoint Manager - July 2024 Security Update

The version of Ivanti Endpoint Manager running on the remote host lacking the July 2024 Hotfix. It is, therefore, affected by an unspecified SQL Injection vulnerability in the Core server of Ivanti EPM 2024 flat that allows an authenticated attacker within the same network to execute arbitrary...

Ricoh MFP and Printer Products Buffer Overflow (ricoh-2024-000008)

The remote Ricoh MFP or printer is affected by a buffer overflow: - There is a possibility of a denial of service DoS attack or partial data destruction caused by a remote attacker. No arbitrary code can be executed. CVE-2024-39927 %NASLMINLEVEL 80900 C Tenable Network Security, Inc...

Atlassian Confluence 7.19.23 < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96103)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96103 advisory. - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory erro...

AlmaLinux 9 : qt5-qtbase (ALSA-2024:4623)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4623 advisory. qtbase: qtbase: Delay any communication until encrypted can be responded to CVE-2024-39936 Tenable has extracted the preceding description block directly from the...

ManageEngine OpManager XSS (CVE-2024-38870)

A cross-side scripting vulnerability exists in the configured proxy server for ManageEngine OpManager 12.8.103 and below, 12.8.151 to 12.8.237, or 12.8.247 to 12.8.249. A stored XSS vulnerability was discovered in Schedule reports. Note that Nessus has not tested for this issue but has instead...

AlmaLinux 8 : libndp (ALSA-2024:4620)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:4620 advisory. libndp: buffer overflow in route information length field CVE-2024-5564 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Atlassian Confluence 7.19.23 < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96100)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96100 advisory. - When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This...

SolarWinds ARM < 2024.3 (arm_2024_3)

The version of SolarWinds ARM installed on the remote host is prior to 2024.3. It is, therefore, affected by multiple vulnerabilities as referenced in the arm2024-3 advisory, including the following: - The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution...

AlmaLinux 8 : qt5-qtbase (ALSA-2024:4617)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4617 advisory. qtbase: qtbase: Delay any communication until encrypted can be responded to CVE-2024-39936 Tenable has extracted the preceding description block directly from the...

Qlik Sense Enterprise Path Traversal

Qlik Sense Enterprise for Windows is affected by a Path Traversal as well as an HTTP Request Smuggling, under specific conditions, the second vulnerability can be used to obtain an unauthenticated Remote Code Execution. No source data...