Fedora 40 : mysql8.0 (2024-5d9dc19f2d)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d9dc19f2d advisory. MySQL 8.0.39 Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-38.html...

CBL Mariner 2.0 Security Update: mysql (CVE-2024-20985)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-20985 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: UDF. Supported versions that are...

AlmaLinux 9 : golang (ALSA-2024:4212)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4212 advisory. golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6...

AlmaLinux 9 : ruby:3.3 (ALSA-2024:3671)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3671 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

Fedora 40 : python3.12 (2023-f3498cc9ee)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f3498cc9ee advisory. Automatic update for python3.12-3.12.1-2.fc40. Changelog Mon Dec 18 2023 Lumr Balhar - 3.12.1-2 - Security fix for CVE-2023-27043 rhbz2196190 Tenable has...

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-018)

The version of tomcat installed on the remote host is prior to 8.5.95-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2024-018 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through...

SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2024:0840-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0840-1 advisory. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack...

RHEL 7 : rhc-worker-script (RHSA-2024:1244)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1244 advisory. The rhc-worker-script packages provide Remote Host Configuration rhc worker for executing an interpreted programming language script on hosts managed...

AlmaLinux 8 : postgresql:13 (ALSA-2024:0975)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0975 advisory. postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 Tenable has extracted the preceding description block directly...

Amazon Linux 2 : postgresql (ALAS-2024-2462)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2462 advisory. This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser...

Fedora 38 : python-aiohttp / python-pysqueezebox / python-wled (2023-1f06098c71)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-1f06098c71 advisory. Security fix for CVE-2023-49081, CVE-2023-49082. Update python-aiohttp to 3.9.1. Patch python-pysqeezebox and python-wled so they do not have an...

Rocky Linux 8 : libjpeg-turbo (RLSA-2019:3705)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:3705 advisory. - get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service heap-based buffer over-read and...

Fedora 39 : magicmirror (2023-3a06c965b4)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3a06c965b4 advisory. Automatic update for magicmirror-2.24.0-1.fc39. Changelog Sun Jul 9 2023 Davide Cavalca - 2.24.0-1 - Update to 2.24.0; Fixes: RHBZ2184597,...

Fedora 39 : golang-honnef-tools (2023-65f2712f28)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-65f2712f28 advisory. Automatic update for golang-honnef-tools-2023.1.3-1.20230802git0e3cc29.fc39. Changelog Wed Aug 2 2023 Mikel Olasagasti Uranga - 2023.1.3-1 - Update to 2023.1...

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2023:0099)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0099 advisory. - An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to...

Oracle Linux 9 : 18 (ELSA-2023-5849)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5849 advisory. - Rebase to version 18.18.2 Resolves: CVE-2023-44487 CVE-2023-45143 CVE-2023-38552 CVE-2023-39333 nodejs-nodemon - Resolves: CVE-2022-25883...

CentOS 8 : go-toolset:rhel8 (CESA-2023:5721)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:5721 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...

Sirius - First Truly Open-Source General Purpose Vulnerability Scanner

Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Sca...

Google Chrome < 116.0.5845.96 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 116.0.5845.96. It is, therefore, affected by multiple vulnerabilities as referenced in the 202308stable-channel-update-for-desktop15 advisory. - Insufficient policy enforcement in Extensions API in Google Chrome prior t...

Mozilla Firefox ESR < 102.12

The version of Firefox ESR installed on the remote Windows host is prior to 102.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-19 advisory. - Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng,...