Nortek Linear eMerge E3-Series < 0.32-08f Command Injection

Nortek Linear eMerge E3-Series versions prior to 0.32-08f is affected by a vulnerability allowing an unauthenticated attacker to execute remote commands via a specially forged request. No source data...

Atlassian Confluence < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96101)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96101 advisory. - When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error...

Zoom Workplace Desktop App For Windows < 6.0.10 RACE condition (ZSB-24028)

The version of Zoom Workplace Desktop App for Windows installed on the remote host is prior to 6.0.10. It is, therefore, affected by a privilage escalation vulnerability that may allow a local authenticated attacker to cause a denial of service via local access. Note that Nessus has not tested fo...

Oracle Linux 9 : qt5-qtbase (ELSA-2024-4623)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4623 advisory. 5.15.9-10 - HTTP2: Delay any communication until encrypted can be responded to Resolves: RHEL-46348 Tenable has extracted the preceding description block direct...

Oracle Linux 8 : qt5-qtbase (ELSA-2024-4617)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4617 advisory. 5.15.3-8 - HTTP2: Delay any communication until encrypted can be responded to Resolves: RHEL-46340 Tenable has extracted the preceding description block directl...

VMware Aria Automation SQLi Vulnerability (VMSA-2024-0017)

The VMware Aria Automation application running on the remote host is affected by a SQL injection vulnerability due to incorrect input validation which allows for SQL-injection in the product. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote...

Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2024-200-01)

The version of httpd installed on the remote host is prior to 2.4.62. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-200-01 advisory. New httpd packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

Qlik Sense Enterprise Path Traversal

Qlik Sense Enterprise for Windows is affected by a Path Traversal as well as an HTTP Request Smuggling, under specific conditions, the second vulnerability can be used to obtain an unauthenticated Remote Code Execution. No source data...

Joomla! 3.x < 3.10.16 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...

CVE-2024-40641

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...

CVE-2024-40641 Unsigned code template execution through workflows in projectdiscovery/nuclei

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...

Oracle Linux 8 : ruby (ELSA-2024-4499)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4499 advisory. - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. CVE-2023-36617 Resolves: RHEL-5614 - Fix Buffer overread vulnerability in...

GitLab 11.8 < 16.11.6 / 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-6595)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to...

SUSE SLES15: xen / xen-devel / xen-libs / xen-tools / xen-tools-domU / etc (SUSE-SU-2024:2533-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2533-1 advisory. - CVE-2024-2201: Mitigation for Native Branch History Injection XSA-456, bsc1222453 - CVE-2024-31143: Fixed double unlock in x86...

Slackware Linux 15.0 / current openssl Multiple Vulnerabilities (SSA:2024-199-01)

The version of openssl installed on the remote host is prior to 1.1.1za. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-199-01 advisory. New openssl packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

Fedora 39 : golang (2024-5b06c85574)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5b06c85574 advisory. This update fixes CVE-2024-24791 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

RHEL 9 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-net: FTP client trusts the host from PASV response by default CVE-2021-37533 - Those using...

RHEL 8 : openexr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenEXR: Heap-buffer-overflow in Imf25::copyIntoFrameBuffer CVE-2021-23169 - A heap-based buffer overflow...

RHEL 6 : libssh2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh2: Out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 - A...

EulerOS 2.0 SP9 : sudo (EulerOS-SA-2024-1973)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.13 does not escape control characters in log messages.CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in...