58858 matches found
Palo Alto GlobalProtect Agent Encrypted Credential Exposure (CVE-2024-5908)
A credential exposure vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices could enable a remote attacker to gain encrypted user credentials, used for connecting to GlobalProtect, from the exposure of application logs. Note that Nessus has not tested for this issue but has...
Zyxel NAS Multiple Vulnerabilities
The Zyxel NAS is potentially affected by multiple vulnerabilities. - This command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request. CVE-2024-29973 - Th...
Keycloak Installed (Linux)
Binary data keycloaknixinstalled.nbin...
Keycloak < 24.0.5 Unauthorized Access (CVE-2024-3656)
In Keycloak prior to 24.0.5, users with low privileges just plain users in the realm are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators,...
SolarWinds Serv-U < 15.4.2 HF 2 Directory Traversal
SolarWinds Serv-U versions prior to 15.4.2 HF 2 is vulnerable to a directory traversal allowing an unauthenticated attacker to access sensitive files via a specially crafted request. No source data...
Rejetto HTTP File Server 2.x Remote Code Execution
Rejetto HTTP File Server 2.x, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. No source data...
Mongo-Express < 0.54.0 RCE (CVE-2019-10758)
Binary data mongoexpressCVE-2019-10758dc.nbin...
Rocky Linux 8 : Image builder components bug fix, enhancement and (RLSA-2024:2961)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2961 advisory. osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 Tenable has extracted the preceding description block direct...
Rocky Linux 9 : podman (RLSA-2024:3826)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3826 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...
Rocky Linux 8 : pki-core:10.6 and pki-deps:10.6 (RLSA-2024:3061)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3061 advisory. jackson-databind: denial of service via a large depth of nested objects CVE-2020-36518 Tenable has extracted the preceding description block directly from the...
Fortinet FortiClient Arbitrary file deletion from unprivileged users (FG-IR-22-299)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-299 advisory. - A incorrect authorization in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10...
Rocky Linux 8 : .NET 8.0 (RLSA-2024:3345)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3345 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...
Rocky Linux 8 : glibc (RLSA-2024:3344)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3344 advisory. glibc: stack-based buffer overflow in netgroup cache CVE-2024-33599 glibc: null pointer dereferences after failed netgroup cache insertion CVE-2024-3360...
Rocky Linux 8 : xorg-x11-server (RLSA-2024:3258)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3258 advisory. xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents CVE-2024-31080 xorg-x11-server: Heap buffer overread/data leakage in...
GitLab 16.10.0 < 16.10.6 / 16.11.0 < 16.11.3 (CVE-2024-5469)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. CVE-2024-5469 Note that Nessus h...
RHEL 8 / 9 : Red Hat Ceph Storage 7.1 (RHSA-2024:3925)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3925 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...
Apple TV < 16.3 Multiple Vulnerabilities (HT213601)
According to its banner, the version of Apple TV on the remote device is prior to 16.3. It is therefore affected by multiple vulnerabilities as described in the HT213601 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid200523; scriptversion"1.1";...
RockyLinux 8 : kernel (RLSA-2024:3138)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3138 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: For more details about the security issues, includi...
Fedora 39 : cyrus-imapd (2024-123f2b3666)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-123f2b3666 advisory. - Security fix for CVE-2024-34055 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
Apple TV < 19K53 Multiple Vulnerabilities (HT212980)
According to its banner, the version of Apple TV on the remote device is prior to 19K53. It is therefore affected by multiple vulnerabilities as described in the HT212980 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid200519; scriptversion"1.3";...