CBL Mariner 2.0 Security Update: reaper (CVE-2017-18214)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-18214 advisory. - The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted...

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs18 (CVE-2023-5363)

The version of cloud-hypervisor-cvm / hvloader / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5363 advisory. - Issue summary: A bug has been identified in the processing of key and...

CBL Mariner 2.0 Security Update: glibc (CVE-2024-33602)

The version of glibc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-33602 advisory. - nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgrou...

SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15 SP4) (SUSE-SU-2024:2447-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2447-1 advisory. This update for the Linux Kernel 5.14.21-15040024111 fixes several issues. The following security issues were fixed: - CVE-2024-26923: Fixed...

CBL Mariner 2.0 Security Update: postgresql (CVE-2022-41862)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-41862 advisory. - In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishme...

Fedora 40 : yarnpkg (2024-eef12396fc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-eef12396fc advisory. Backport fix for CVE-2024-4067. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CBL Mariner 2.0 Security Update: hyperv-daemons (CVE-2024-26984)

The version of hyperv-daemons installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26984 advisory. - In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race...

FreeBSD : electron29 -- multiple vulnerabilities (55d4a92f-c75f-43e8-ab1f-4a0efc9795c4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 55d4a92f-c75f-43e8-ab1f-4a0efc9795c4 advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-39291)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39291 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in...

Fedora 39 : python3.6 (2024-7bba7e65d3)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7bba7e65d3 advisory. Security fix for CVE-2024-4032 rhbz2293394 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

CBL Mariner 2.0 Security Update: libgit2 / rust (CVE-2023-22742)

The version of libgit2 / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-22742 advisory. - libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with t...

CBL Mariner 2.0 Security Update: kernel (CVE-2021-3847)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3847 advisory. - An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel Overlay...

RHEL 7 : etcd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net: lookup functions may return invalid host names CVE-2021-33195 - In Go before 1.15.13 and...

RHEL 8 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - expat: Stack exhaustion in doctype parsing CVE-2022-25313 - libexpat through 2.5.0 allows recursive XML...

RHEL 8 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - onigmo: out-of-bounds read in nextstateval in regparse.c CVE-2019-16162 - Onigmo through 6.2.0 has a NULL...

RHEL 7 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - onigmo: out-of-bounds read in nextstateval in regparse.c CVE-2019-16162 - Onigmo through 6.2.0 has a NULL...

Citrix Workspace HTML5 Client Installed (Windows)

Binary data citrixworkspacehtml5wininstalled.nbin...

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - tomcat: Open Redirect vulnerability in...

SAP NetWeaver AS ABAP Protection Mechanism Failure (3456952)

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability. Note that...

Amazon Linux 2 : ipa (ALAS-2024-2585)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2585 advisory. A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session, which protects it from brute force attacks...