CBL Mariner 2.0 Security Update: openslp (CVE-2019-5544)

The version of openslp installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-5544 advisory. - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the...

CentOS 8 : libssh (CESA-2024:3233)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3233 advisory. - A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue...

Rocky Linux 8 : git-lfs (RLSA-2024:2699)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2699 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK stat...

Rocky Linux 8 : nodejs:16 (RLSA-2024:1444)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1444 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited i...

Fedora 39 : fonttools (2024-6d1d9f70d2)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6d1d9f70d2 advisory. Security fix for CVE-2023-45139 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Amazon Linux 2 : mono (ALASMONO-2023-001)

It is, therefore, affected by a vulnerability as referenced in the ALAS2MONO-2023-001 advisory. SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file...

openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2023:3556-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3556-1 advisory. - The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3...

Amazon Linux 2023 : ca-certificates (ALAS2023-2023-061)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-061 advisory. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from...

CentOS 7 : firefox (RHSA-2020:2381)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2381 advisory. - When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerabili...

PHP 7.2.x < 7.2.10 Transfer-Encoding Parameter XSS Vulnerability

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.38, 7.0.x prior to 7.0.32, 7.1.x prior to 7.1.22 or 7.2.x prior to 7.2.10. It is, therefore, affected by a cross-site scripting vulnerability. An attacker could leverage this vulnerability to inject...