F5 BIG-IP Next Central Manager 20.0.1 < 20.2.0 SQL Injection (K000138733)

The version of the Big-IP Next Central Manager installed on the remote Windows host is between 20.0.1 and 20.1.0. It is, therefore, affected by an SQL Injection vulnerability as referenced in the K000138733 advisory. An unauthenticated attacker can exploit this vulnerability to execute malicious...

Rocky Linux 9 : nginx:1.22 (RLSA-2023:6120)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:6120 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

Oracle Linux 9 : nginx:1.22 (ELSA-2023-6120)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6120 advisory. 1:1.22.1-3.0.1.1 - Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack CVE-2023-44487 Tenable has extracted the preceding description block...

Rocky Linux 8 : tomcat (RLSA-2023:5928)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5928 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

Security Updates for Microsoft Visual Studio Products (October 2023)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple denial of service vulnerabilities: - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services...

Atlassian Confluence Command Injection (CONFSERVER-79016)

According to its self-reported version number, the Atlassian Confluence running on the remote host is affected by a command injection vulnerability. A remote, unauthenticated attacker can use this to execute arbitrary code. Note that Nessus has not tested for this issue but has instead relied onl...

Apache Solr 7.4.0 <= 7.7.3 / 8.0.0 <= 8.11.0 RCE

The version of Apache Solr running on the remote host is at least 7.4.0 through 7.7.3 or 8.0.0 through 8.11.0. It is, therefore, affected by a remote code execution vulnerability due to using a bundled version of the Apache Log4J library vulnerable to RCE. For full impact and additional detail...

Cisco Security Manager Java Deserialization (cisco-sa-csm-java-rce-mWJEedcD)

A remote code execution vulnerability exists in Cisco Security Manager due to insecure deserialization of user-supplied content. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Note that Nessus has not tested for this issue but has...

ArubaOS-Switch Ripple20 Multiple Vulnerabilities (ARUBA-PSA-2020-006)

The version of ArubaOS-Switch installed on the remote host is affected by multiple vulnerabilities in the Treck IP stack implementation. The vulnerabilities are collectively known as Ripple20, and can result in remote code execution, denial of service DoS, and information disclosure by remote,...

Cisco Firepower Threat Defense Software Web Services Interface Multiple Vulnerabilities (cisco-sa-asaftd-xss-multiple-FCB3vPZe)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by multiple vulnerabilities. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

KB5003646: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2021)

The remote Windows host is missing security update 5003646. It is, therefore, affected by multiple vulnerabilities %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Microsoft Security Updates API. The text itself is...

FreeBSD : chromium -- heap buffer overflow in V8 (3e01aad2-680e-11eb-83e2-e09467587c17)

Chrome Releases reports : 1170176 High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24. Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Security Updates for Microsoft SQL Server (January 2021)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability. An authenticated, remote attacker can exploit this issue, to gain elevated privileges. Note that Nessus has not tested for this issue but h...

SolarWinds Orion Platform < 2019.4 HF6 / 2020.2 < 2020.2.1 HF2 Authentication Bypass (SUPERNOVA)

The version of SolarWinds Orion Platform running on the remote host is prior to 2019.4 HF6 or 2020.2 prior to 2020.2.1 HF 2. It is, therefore, affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this, via a specially crafted web request, to bypass...

RHEL 8 : openssl (RHSA-2020:5476)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5476 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Fedora 33 : 1:openssl (2020-ef1870065a)

New upstream release 1.1.1i with important security fix for possible server DoS issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

Fedora 33 : 1:nodejs (2020-43d5a372fc)

Update to 14.15.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

Photon OS 1.0: Curl PHSA-2020-1.0-0346

An update of the curl package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0346. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid144082;...

Photon OS 3.0: Curl PHSA-2020-3.0-0174

An update of the curl package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0174. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid144069;...

GLSA-202011-17 : MIT Kerberos 5: Denial of service

The remote host is affected by the vulnerability described in GLSA-202011-17 MIT Kerberos 5: Denial of service It was discovered that MIT Kerberos network authentication system, krb5, did not properly handle ASN.1-encoded Kerberos messages. Impact : A remote attacker could send a specially crafte...