FreeBSD : Gitlab -- vulnerabilities (acb4eab6-3f6d-11ef-8657-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the acb4eab6-3f6d-11ef-8657-001b217b3468 advisory. Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with...

SUSE SLES15 Security Update : skopeo (SUSE-SU-2024:2383-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2383-1 advisory. - CVE-2024-3727: Added missing image digest verification bsc1224123. Tenable has extracted the preceding description block directly from the...

CBL Mariner 2.0 Security Update: mysql (CVE-2024-20967)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-20967 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions...

CBL Mariner 2.0 Security Update: python-pip / python-urllib3 / python3 (CVE-2024-37891)

The version of python-pip / python-urllib3 / python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37891 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3...

AlmaLinux 8 : dotnet6.0 (ALSA-2024:4438)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4438 advisory. dotnet: DoS when parsing X.509 Content and ObjectIdentifiers CVE-2024-38095 Tenable has extracted the preceding description block directly from the AlmaLinux...

Fedora 40 : qt6-qtbase (2024-9bf3ff4133)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9bf3ff4133 advisory. Fix CVE-2024-39936. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for thi...

CBL Mariner 2.0 Security Update: fluent-bit / nghttp2 / nodejs / nodejs18 (CVE-2024-28182)

The version of fluent-bit / nghttp2 / nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28182 advisory. - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 ...

GitLab 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-5470)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to...

CBL Mariner 2.0 Security Update: nano (CVE-2024-5742)

The version of nano installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5742 advisory. - A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary...

CBL Mariner 2.0 Security Update: mysql (CVE-2024-20985)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-20985 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: UDF. Supported versions that are...

CBL Mariner 2.0 Security Update: mysql (CVE-2024-20973)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-20973 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions th...

Omron NJ Series CPU Unit Insufficient Verification of Data Authenticity (CVE-2024-33687)

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration. This plugin only works with Tenable.ot. Please visit...

Fedora 40 : squid (2024-110b39017e)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-110b39017e advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Security Updates for Microsoft Office Products C2R (July 2024)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-38021 - A session spoofing...

The Stark Truth Behind the Resurgence of Russia’s Fin7

The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands o...

AlmaLinux 8 : pki-core (ALSA-2024:4367)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4367 advisory. dogtag ca: token authentication bypass vulnerability CVE-2023-4727 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Microsoft Azure Network Watcher VM Extension < 1.4.3320.1 Elevation of Privilege (CVE-2024-35261)

The version of Microsoft Azure Network Watcher VM Extension installed on the remote Windows host is prior to 1.4.3320.1. It is, therefore, affected by an unspecified elevation of privilege vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the...

Juniper Junos OS Vulnerability (JSA82993)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82993 advisory. - An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based...

Adobe Bridge 13.x < 13.0.8 / 14.x < 14.1.1 Multiple Vulnerabilities (APSB24-51)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 13.0.8 or 14.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-51 advisory. - Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or...

AlmaLinux 9 : gvisor-tap-vsock (ALSA-2024:4379)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:4379 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Tenable has extracted the preceding description block directly from...