CBL Mariner 2.0 Security Update: kernel (CVE-2024-42080)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42080 advisory. - In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid...

openSUSE 15 Security Update : libnbd (SUSE-SU-2024:2789-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2789-1 advisory. - CVE-2024-7383: Fixed incorrect verification of a NBD server's certificate when using TLS to connect to the server bsc1228872 Other fixes: - Update to versi...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-39476)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39476 advisory. - In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix deadlock that raid5d wait...

CBL Mariner 2.0 Security Update: rust / tensorflow / curl / mysql (CVE-2023-28319)

The version of rust / tensorflow / curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-28319 advisory. - A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a...

CBL Mariner 2.0 Security Update: rust / tensorflow / cmake / mysql (CVE-2023-27537)

The version of rust / tensorflow / cmake / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27537 advisory. - A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data betwee...

FreeBSD : chromium -- multiple security fixes (2b68c86a-32d5-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2b68c86a-32d5-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...

CentOS 9 : tang-11-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the tang-11-1.el9 build changelog. - A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. CVE-2021-4076 Note that Nessus has not...

Oracle Linux 9 : python-wheel (ELSA-2023-6712)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6712 advisory. - Security fix for CVE-2022-40898 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has n...

AlmaLinux 8 : libcap (ALSA-2023:4524)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4524 advisory. - A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an...

PHP 8.1.x < 8.1.16

The version of PHP installed on the remote host is prior to 8.1.16. It is, therefore, affected by a vulnerability as referenced in the Version 8.1.16 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high...

Fedora 36 : apptainer (2022-0be906c02d)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-0be906c02d advisory. Update to 1.1.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

AlmaLinux 9 : openssl (ALSA-2022:6224)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6224 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

RHEL 8 : expat (RHSA-2022:6878)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6878 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For mo...

Fortinet Fortigate xss (FG-IR-21-222)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-222 advisory. - An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.2.0, version 6.4.0...

RHEL 8 : firefox (RHSA-2022:0816)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0816 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Scientific Linux Security Update : openldap on SL7.x i686/x86_64 (2022:0621)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0621-1 advisory. - openldap: assertion failure in Certificate List syntax validation CVE-2020-25709 - openldap: assertion failure in CSN normalization with invali...

NewStart CGSL CORE 5.04 / MAIN 5.04 : pango Vulnerability (NS-SA-2019-0191)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pango packages installed that are affected by a vulnerability: - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is:...

Joomla! 3.x < 3.4.5 Multiple Vulnerabilities

According to its self-reported version number, the Joomla! installation running on the remote web server is 3.x prior to 3.4.5. It is, therefore, affected by multiple vulnerabilities : - A SQL injection vulnerability exists in comcontenthistory due to improper sanitization of input to the...

OpenSSL 1.0.1 < 1.0.1f Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.1f. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1f advisory. - The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NUL...

Oracle Linux 5 / 6 : gimp (ELSA-2013-1778)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1778 advisory. - fix overflow in XWD loader CVE-2013-1913, CVE-2013-1978 Tenable has extracted the preceding description block directly from the Oracle Linux...