FreeBSD : chromium -- multiple security fixes (2f82696c-adad-447b-9938-c99441805fa3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2f82696c-adad-447b-9938-c99441805fa3 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-41007)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41007 advisory. - In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets I...

CBL Mariner 2.0 Security Update: edk2 / hvloader (CVE-2023-45230)

The version of edk2 / hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45230 advisory. - EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID optio...

F5 Networks BIG-IP : BIG-IP IPsec vulnerability (K000138728)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000138728 advisory. - When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to...

GitLab 16.7 < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-4597)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker...

SUSE SLED12 / SLES12 Security Update : avahi (SUSE-SU-2024:1500-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1500-1 advisory. - A vulnerability was found in Avahi. A reachable assertion exists in the avahiescapelabel function...

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3299)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3299 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Oracle Linux 9 : skopeo (ELSA-2024-1149)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1149 advisory. 2:1.13.3-4 - Rebuild with golang 1.20.12: golang:net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 Tenable has...

GitLab 1.0 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39899)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE, an attacker with physical access to a user's machine may brute force the user's password via the change password function. There is a rate limit in place, but the atta...

GitLab 14.0 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39919)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user...

AlmaLinux 8 : avahi (ALSA-2023:7836)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7836 advisory. - A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not...

SUSE SLES15 Security Update : util-linux (SUSE-SU-2023:4512-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4512-1 advisory. - In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint...

SAP NetWeaver AS ABAP Information Disclosure (3362849)

SAP NetWeaver Application Server ABAP and ABAP Platform are affected by an information disclosure vulnerability. Under certain conditions SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to access unintended data due to a lack of applied restrictions, which may lead to low...

NewStart CGSL MAIN 6.06 : c-ares Vulnerability (NS-SA-2023-0136)

The remote NewStart CGSL host, running version MAIN 6.06, has c-ares packages installed that are affected by a vulnerability: - c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet wit...

Fedora 39 : tacacs (2023-96c21ed09c)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-96c21ed09c advisory. Update to git snapshot 4fdf178 for CVE-2023-45239; Fixes: RHBZ2242402 Tenable has extracted the preceding description block directly from the Fedora security...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-3945-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3945-1 advisory. It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary...

CBL Mariner 2.0 Security Update: edk2 / hvloader / nodejs18 / openssl (CVE-2023-0464)

The version of edk2 / hvloader / nodejs18 / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0464 advisory. - A security vulnerability has been identified in all supported versions of OpenS...

FreeBSD : redis -- Possible bypassing ACL configuration (6c72b13f-4d1d-11ee-a7f1-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6c72b13f-4d1d-11ee-a7f1-080027f5fec9 advisory. - Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed...

Amazon Linux 2023 : nerdctl (ALAS2023-2023-313)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-313 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...