RHEL 8 : nodejs:16 (RHSA-2024:4353)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4353 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

RHEL 8 : python3 (RHSA-2024:4370)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4370 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

FreeBSD : traefik -- Bypassing IP allow-lists via HTTP/3 early data requests (767dfb2d-3c9e-11ef-a829-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 767dfb2d-3c9e-11ef-a829-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Traefik that allows bypassing IP allow-lists vi...

IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.21 RCE (7159825)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7159825 advisory. - IBM WebSphere Application Server could allow a remote authenticated attacker, who has authorized access to the administrative...

CentOS 9 : cockpit-320-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the cockpit-320-1.el9 build changelog. - A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pamenv's userreadenv option,...

Fedora 40 : yt-dlp (2024-0ba1c1a435)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0ba1c1a435 advisory. Update to 2024.07.02 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

GLSA-202407-20 : KDE Plasma Workspaces: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202407-20 KDE Plasma Workspaces: Privilege Escalation Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding...

SUSE SLES15 Security Update : krb5 (SUSE-SU-2024:2305-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2305-1 advisory. - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted bsc1227186. -...

GLSA-202407-19 : Mozilla Thunderbird: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202407-19 Mozilla Thunderbird: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding...

Fedora 39 : python3-docs / python3.12 (2024-b3d904cade)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-b3d904cade advisory. Update to 3.12.44, fix CVE-2024-4032 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

Juniper Session Smart Router Detection

Binary data junipersessionsmartrouterversion.nbin...

openSUSE 15 Security Update : openssh (SUSE-SU-2024:2275-2)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2275-2 advisory. - CVE-2024-6387: Fixed race condition in a signal handler bsc1226642 Tenable has extracted the preceding description block directly from the SUSE security...

HuggingFace Git Repo Detection for Linux/UNIX

Binary data huggingfacegitdetectnix.nbin...

Apache 2.4.60 Source Code Disclosure

According to its banner, the version of Apache running on the remote host is 2.4.60. It is, therefore, affected by a source code disclosure with handlers configured via AddType. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

Fedora 39 : python-astropy (2024-d8ac19de55)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d8ac19de55 advisory. Security fix for CVE-2023-41334 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6879-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6879-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL...

FreeBSD : Apache httpd -- source code disclosure (5d921a8c-3a43-11ef-b611-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5d921a8c-3a43-11ef-b611-84a93843eb75 advisory. The Apache httpd project reports: isource code disclosure with handlers configured via AddType...

Fedora 40 : python3-docs / python3.12 (2024-486cb71423)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-486cb71423 advisory. Update to 3.12.4, fix CVE-2024-4032 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

GLSA-202407-16 : GNU Coreutils: Buffer Overflow Vulnerability

The remote host is affected by the vulnerability described in GLSA-202407-16 GNU Coreutils: Buffer Overflow Vulnerability A vulnerability has been discovered in the Coreutils split program that can lead to a heap buffer overflow and possibly arbitrary code execution. Tenable has extracted the...

SUSE SLES12: krb5 / krb5-32bit / krb5-client / krb5-devel / krb5-doc / etc (SUSE-SU-2024:2300-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2300-1 advisory. - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted bsc1227186. -...