Security Update for Microsoft .NET Core (May 2024)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the vendor advisory. - .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-30045 Note that Nessus has not tested for this issue but...

Microsoft Azure CLI Confcom Extension < 0.3.4 Privilege Escalation

An elevation of privilege vulnerability exists in Microsoft Azure CLI Confcom extension. An unauthenticated, remote attacker can exploit this, to gain elevated privileges. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the existence of a security hole...

Foxit PDF Reader for Mac < 2024.2 Vulnerability

According to its version, the Foxit PDF Reader for Mac application previously named Foxit Reader for Mac installed on the remote macOS host is prior to 2024.2. It is, therefore affected by vulnerability: Note that Nessus has not tested for this issue but has instead relied only on the application...

Hanwha Vision NVR和DVR 安全漏洞

Hanwha Vision NVR and Hanwha Vision DVR are both products of Hanwha Vision, a South Korean company.Hanwha Vision NVR is a series of network video recorder devices.Hanwha Vision DVR is a series of digital video recorder devices. A security vulnerability exists in Hanwha Vision NVRs and DVRs that...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the existence of a security hole...

GHSA-X4X5-JV3X-9C7M `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code

Summary deserializing json data using qiskitibmruntime.RuntimeDecoder can be made to execute arbitrary code given a correctly formatted input string Details RuntimeDecoder is supposed to be able to deserialize JSON strings containing various special types encoded via RuntimeEncoder. However, one...

BIT-POSTGRESQL-JDBC-DRIVER-2022-21724 Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

Mikro Tik (CVE-2022-45315)

Mikrotik RouterOs before stable v7.6 was discovered to contain an out- of-bounds read in the snmp process. This vulnerability allows authenticated attackers to execute arbitrary code via a crafted packet. This plugin only works with Tenable.ot. Please visit...

Citrix Virtual Apps and Desktops RCE (CTX583930)

The version of Citrix Virtual Apps and Desktops installed on the remote Windows host is affected by a remote code execution vulnerability. A remote, authenticated attacker must possess admin privileges to the Session Recording server, if exploited, may result in an authenticated user being able t...

TeamCity Server < 2023.11.1 CSRF

According to its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.1. It is, therefore, affected by a cross-site request forgery vulnerabilty. Note that Nessus did not actually test for these issues, but instead has relied on...

WordPress 6.0 < 6.4.2

WordPress versions 6.0 6.4.2 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory wordpress-6-4-2-maintenance-security-release. include'compat.inc'; if description...

Google Chrome < 118.0.5993.88 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 118.0.5993.88. It is, therefore, affected by a vulnerability as referenced in the 202310stable-channel-update-for-desktop17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the...

PaperCut NG < 20.1.9 / 21.x < 21.2.13 / 22.x < 22.1.3 Multiple Vulnerabilities

The version of PaperCut NG installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - An authentication bypass exists that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut host’s file storage. This could exhaust system...

Moxa EDR-810 Web Server ping Command Injection (CVE-2017-12120)

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...

ARM Mali GPU Kernel Driver < r24p0 / < r30p0 Use After Free (CVE-2022-28349)

The version of the Mali GPU Kernel Driver installed on the remote system is prior to r24p0 running on Bifrost or Valhall architecture or prior to r30p0 running on Midgard architecture. It is, therefore affected by a use-after-free error. A non-privileged user can obtain access to already freed...

ARM Mali GPU Kernel Driver < r42p0 Use After Free (CVE-2022-46394)

The version of the Mali GPU Kernel Driver installed on the remote system is prior to r42p0 running on Valhall or 5th Gen architecture. It is, therefore affected by a use-after-free error. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. Not...

GlobalSCAPE EFT Recursive Deflate Stream DoS (CVE-2023-2990)

The version of GlobalSCAPE EFT installed on the remote host is 8.0.x prior to 8.0.0.38. A denial of service DoS vulnerability exists due to improper handling of a recursively compressed packet. An unauthenticated, remote attacker can exploit this issue, via specially crafted packeet, to cause the...

The Security Hole at the Heart of ChatGPT and Bing

Indirect prompt-injection attacks can leave people vulnerable to scams and data theft when they use the AI chatbots...

HP LaserJet Printers Elevation of Privilege (HPSBPI03839)

According to its model number and firmware revision, the remote HP LaserJet printer is affected by a buffer overflow / elevation of privilege vulnerability. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. include'compat.inc'; if description scriptid174335; scriptversion"1.6";...