Oracle Linux 9 : golang (ELSA-2024-6913)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6913 advisory. - Rebase to Go1.21.13 to pick the fix for CVE-2024-24791 Tenable has extracted the preceding description block directly from the Oracle Linux security...

AlmaLinux 9 : buildah (ALSA-2024:6189)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:6189 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 Tenable has extracted the preceding description block direct...

Dell iDRAC Service Module < 5.3.1.0 Multiple Vulnerabilities

Dell iDRAC Service Module version 5.3.0.0 and prior, contains multiple Out-of-bound Write Vulnerabilities. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. Note that Nessus has not tested for this issue but has instead relied only on the...

Photon OS 4.0: Postgresql14 PHSA-2023-4.0-0513

An update of the postgresql14 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0513. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Vim PHSA-2023-3.0-0645

An update of the vim package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0645. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20391...

Photon OS 4.0: Vim PHSA-2023-4.0-0467

An update of the vim package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0467. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20457...

SUSE SLES12 Security Update : xen (SUSE-SU-2023:4486-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4486-1 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

Oracle Linux 8 : nghttp2 (ELSA-2023-5837)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5837 advisory. - fix HTTP/2 Rapid Reset CVE-2023-44487 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

Security Updates for Microsoft Visual Studio Products (October 2023)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple denial of service vulnerabilities: - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services...

IBM DB2 11.1 < 11.1.4 FP6 41246 / 11.5 < 11.5.8 FP0 26513 Denial of Service (Unix)

According to its self-reported version number, IBM Db2 is affected by a denial of service when executing a specially crafted 'Load' command. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable,...

IBM DB2 10.5 < 10.5.0 FP11 41247 / 11.1 < 11.1.4 FP6 41246 / 11.5 < 11.5.8 FP0 26513 Information Disclosure (Unix)

According to its self-reported version number, IBM Db2 is affected by an information disclosure due to improper privilege management when a specially crafted table access is used. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

No memory limit for dom0less domUs (XSA-383)

The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allows a domain to allocate memory beyond what an administrator originally configured. Note that Nessus has not tested for this issue...

FreeBSD : go -- archive/zip: overflow in preallocation check can cause OOM panic (4ea1082a-1259-11ec-b4fa-dd5a552bdd17)

The Go project reports : An oversight in the previous fix still allows for an OOM panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is...

RHEL 7 : dhcp (RHSA-2021:2469)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2469 advisory. The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network configuration...

Tenable Nessus Agent < 8.2.5 Multiple Vulnerabilities (TNS-2021-12)

According to its self-reported version, the Tenable Nessus agent running on the remote Windows host is prior to 8.2.5. It is, therefore, affected by multiple vulnerabilities: - Multiple local privilege escalation vulnerabilities. A local attacker can exploit these to gain administrator privileges...

Adobe FrameMaker 2019 <= 15.0.8 (2019.0.8) / Adobe FrameMaker 2020 <= 16.0.1 (2020.0.1) Arbitrary Code Execution (APSB21-14)

The version of Adobe FrameMaker installed on the remote Windows host is prior or equal to Adobe FrameMaker 2019 15.0.8 / Adobe FrameMaker 2020 16.0.1. It is, therefore, affected by a vulnerability as referenced in the apsb21-14 advisory. - Adobe Framemaker version 2020.0.1 and earlier is affected...

Xen OOM DoS (XSA-349)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue with the watch event queue. A malicious guest can exploit this, by abusing the unbounded queue, to cause an out-of-memory error in the...

XENMEM_aquire_resources Error Path DoS (XSA-334)

A denial of service DoS vulnerability exists in Xen servers XENMEMacquireresource due to an error path exiting without releasing an RCU Read, Copy, Update reference. An authenticated, local attacker can exploit this issue, via a malicious HVM stubdomain which can cause an RCU reference to be...

Xen Management Tool DoS (XSA-323)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to a bad path name limit in oxenstored. A malicious guest administrator can exploit this, by creating paths in the guest's own namespace that are too...

RHEL 8 : libpq (RHSA-2020:5401)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5401 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following...