SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2024:2485-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2485-1 advisory. Updated to version 9.0.91: - CVE-2024-34750: Fixed an improper handling of exceptional conditions bsc1227399. Tenable has...

RHEL 9 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-net: FTP client trusts the host from PASV response by default CVE-2021-37533 - Those using...

RHEL 6 : libssh2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh2: Out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 - A...

Fedora 40 : mingw-python-certifi (2024-599bb2cb73)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-599bb2cb73 advisory. Update to 2024.7.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for thi...

EulerOS 2.0 SP9 : glade (EulerOS-SA-2024-1931)

According to the versions of the glade package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial...

EulerOS 2.0 SP9 : sudo (EulerOS-SA-2024-1973)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.13 does not escape control characters in log messages.CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2024:2488-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2488-1 advisory. This update for the Linux Kernel 5.14.21-150500557 fixes several issues. The following security issues were fixed: - CVE-2024-26923: Fixed...

RHEL 7 : openexr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenEXR: Heap-buffer-overflow in Imf25::copyIntoFrameBuffer CVE-2021-23169 - An integer overflow leading ...

EulerOS 2.0 SP9 : util-linux (EulerOS-SA-2024-1951)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals...

Microsoft Edge (Chromium) < 125.0.2535.67 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 125.0.2535.67. It is, therefore, affected by multiple vulnerabilities as referenced in the May 16, 2024 advisory. - Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to...

Fedora 39 : yt-dlp (2024-72fb215fcd)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-72fb215fcd advisory. Update to 2024.07.09 ---- Update to 2024.07.07 ---- Update to 2024.07.02 Tenable has extracted the preceding description block directly from the Fedora...

RHEL 9 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...

Fedora 40 : erlang-jose (2024-a8d7972ef6)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a8d7972ef6 advisory. Re-reviewed Jose ver. 1.11.10 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

RHEL 8 : openexr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenEXR: Heap-buffer-overflow in Imf25::copyIntoFrameBuffer CVE-2021-23169 - A heap-based buffer overflow...

Rocky Linux 9 : openssh (RLSA-2024:4457)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4457 advisory. openssh: Possible remote code execution due to a race condition in signal handling affecting Rocky Linux 9 CVE-2024-6409 Tenable has extracted the preceding...

Rocky Linux 8 : python-pillow (RLSA-2024:4227)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4227 advisory. python-pillow: buffer overflow in imagingcms.c CVE-2024-28219 Tenable has extracted the preceding description block directly from the Rocky Linux security...

Rocky Linux 8 : python-jinja2 (RLSA-2024:4231)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:4231 advisory. jinja2: accepts keys containing non-attribute characters CVE-2024-34064 Tenable has extracted the preceding description block directly from the Rocky Linux...

Mattermost Desktop Installed (Windows)

Binary data mattermostdesktopwininstalled.nbin...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1885)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaini...

EulerOS 2.0 SP10 : gnutls (EulerOS-SA-2024-1884)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leadi...