RHEL 8 : qemu-kvm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - QEMU: usbredir: free call on invalid pointer in bufpalloc CVE-2021-3682 - qemu-bridge-helper.c in QEMU 3....

Dell EMC iDRAC9 < 7.00.00.172 / 7.10.00.00 < 7.10.50.00 (DSA-2024-099)

The version of Dell EMC iDRAC9 installed on the remote host is 7.00.00.172 or earlier or 7.10.0.0 prior to 7.10.50.00. It is, therefore, affected by a session hijacking vulnerability in IPMI. A malicious attacker could use this vulnerability to execute arbitrary code in the vulnerable application...

Fedora 40 : mingw-python3 (2024-1ecab28e50)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1ecab28e50 advisory. Backport fix for CVE-2024-4032. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

SAP NetWeaver AS ABAP Information Disclosure (3454858)

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on...

Citrix Workspace App for HTML5 Multiple Vulnerabilities (CTX678037)

The version of Citrix Workspace App for HTML5 installed on the remote host is prior to 2404.1. It is therefore affected by multiple vulnerabilities as described in the CTX678037 advisory: - Bypass of GACS Policy Configuration settings CVE-2024-6148 - Redirection of users to a vulnerable URL...

SUSE SLED15: MozillaFirefox / MozillaFirefox-branding-upstream / etc (SUSE-SU-2024:2399-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2399-1 advisory. Update to Firefox Extended Support Release 115.13.0 ESR MFSA 2024-30, bsc1226316: - CVE-2024-660...

RHEL 7 : etcd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net: lookup functions may return invalid host names CVE-2021-33195 - In Go before 1.15.13 and...

WordPress Barcode Scanner and Inventory manager plugin <= 1.6.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.6.1...

Ruby Programming Language Installed (Linux)

Binary data rubynixinstalled.nbin...

Fedora 40 : onnx (2024-d9c7181a19)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d9c7181a19 advisory. Security fix for CVE-2024-5187 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

AlmaLinux 8 : dotnet8.0 (ALSA-2024:4451)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4451 advisory. dotnet: DoS in System.Text.Json CVE-2024-30105 dotnet: DoS in ASP.NET Core 8 CVE-2024-35264 dotnet: DoS when parsing X.509 Content and ObjectIdentifiers...

JetBrains TeamCity < 2024.03.3 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2024.03.3. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection CVE-2024-39878...

WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.6.1 is vulnerable to SQL Injection

Software Barcode Scanner with Inventory & Order Manager Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38708 Patch priority High CVSS severity High 8.5 Developer DMitry PSID 81055d795069 Credits justakazh Required...

VulnCheck KEV: CVE-2024-38708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory...

RHEL 8 : mcg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-29923...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2024:4420)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4420 advisory. qemu-kvm: QEMU: 'qemu-img info' leads to host file read/write CVE-2024-4467 Tenable has extracted the preceding description block directly from the AlmaLinux...

GitLab 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-5257)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may hav...

Fedora 39 : squid (2024-8ca9261bdd)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-8ca9261bdd advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Fedora 39 : firefox (2024-fc815ee65f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fc815ee65f advisory. - Updated to latest upstream 128.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

FreeBSD : Gitlab -- vulnerabilities (acb4eab6-3f6d-11ef-8657-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the acb4eab6-3f6d-11ef-8657-001b217b3468 advisory. Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with...