CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-25108link is external Soliton Systems K.K. FileZen OS Command Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713link is external Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550link is external Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883lin...

GLSA-202412-14 : HashiCorp Consul: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202412-14 HashiCorp Consul: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding descriptio...

RockyLinux 8 : thunderbird (RLSA-2024:8024)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:8024 advisory. firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 Tenable has extracted the preceding description block directly from the RockyLin...

Slackware Linux 15.0 php81 Multiple Vulnerabilities (SSA:2024-297-01)

The version of php81 installed on the remote host is prior to 8.1.30. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-297-01 advisory. New php81 packages are available for Slackware 15.0 to fix security issues. Tenable has extracted the preceding description...

Fedora 39 : thunderbird (2024-18ac02a385)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-18ac02a385 advisory. Update to 115.16.0 https://www.thunderbird.net/en-US/thunderbird/115.16.0esr/releasenotes/ Tenable has extracted the preceding description block directly fro...

SUSE: Security Advisory (SUSE-SU-2024:3341-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-20123link is external Draytek VigorConnect Path Traversal Vulnerability CVE-2021-20124link is external Draytek VigorConnect Path Traversal Vulnerability...

SolarWinds Web Help Desk < 12.8.3 HF 1 Deserialization RCE

The version of SolarWinds Web Help Desk installed on the remote host is prior to 12.8.3 HF1. It is, therefore, affected by a remote code execution vulnerability, that, if exploited, would allow an attacker to run commands on the host machine. Note that Nessus has not tested for these issues but h...

Photon OS 3.0: Linux PHSA-2023-3.0-0527

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0527. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Openresty PHSA-2024-5.0-0185

An update of the openresty package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0185. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

FreeBSD : chromium -- security fix (6926d038-1db4-11ef-9f97-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6926d038-1db4-11ef-9f97-a8a1599412c6 advisory. Chrome Releases reports: This update includes 1 security fix: Tenable has extracted the preceding...

Fortinet FortiProxy Out-of-bound Write in sslvpnd (FG-IR-24-015)

The version of FortiProxy installed on the remote host affected by an out-of-bounds write vulnerability in sslvpnd that can allow an attacker to execute unauthorized code or commands via specifically crafted requests. Note that Nessus has not tested for this issue but has instead relied only on t...

Apple TV < 17.3 Multiple Vulnerabilities (HT214055)

According to its banner, the version of Apple TV on the remote device is prior to 17.3. It is therefore affected by multiple vulnerabilities as described in the HT214055 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid189535; scriptversion"1.5";...

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added six security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. This includes CVE-2023-27524 CVSS score: 8.9, a high-severity vulnerability impacting the Apache Superset...

Google Chrome < 120.0.6099.129 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.129. It is, therefore, affected by a vulnerability as referenced in the 202312stable-channel-update-for-desktop20 advisory. - Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a...

Debian DSA-5575-1 : webkit2gtk - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5575 advisory. - An out-of-bounds read was addressed with improved input validation. CVE-2023-42916 - A memory corruption vulnerability was addressed with improved locking...

Rocky Linux 9 : nginx:1.22 (RLSA-2023:6120)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:6120 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

Oracle Linux 9 : nginx:1.22 (ELSA-2023-6120)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6120 advisory. 1:1.22.1-3.0.1.1 - Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack CVE-2023-44487 Tenable has extracted the preceding description block...

Rocky Linux 8 : tomcat (RLSA-2023:5928)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5928 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...