Fedora 42 : flatpak-builder (2026-631b9d535c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-631b9d535c advisory. This update includes a fix for CVE-2026-39977. See also: the upstream advisory Tenable has extracted the preceding description block directly from the Fedora...

RHEL 9 : gimp (RHSA-2026:1587)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1587 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

RHEL 10 : git (RHSA-2025:7482)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7482 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-serv...

Oracle Linux 9 : nodejs:20 (ELSA-2025-8468)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8468 advisory. nodejs 1:20.19.2-1 - Update to version 20.19.2 Resolves: RHEL-92865 RHEL-88876 RHEL-91597 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...

Slackware Linux 15.0 / current python3 Multiple Vulnerabilities (SSA:2025-155-02)

The version of python3 installed on the remote host is prior to 3.12.11 / 3.9.23. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-155-02 advisory. New python3 packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted...

Fedora 40 : matrix-synapse (2025-cef83410f7)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-cef83410f7 advisory. Backport fixes from v1.127.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

Schneider Electric End-of-Life Devices Detection

The current plugin identifies Schneider devices that are end-of-life, i.e., still supported but have a discontinued date announced. Schneider Lifecycle Statuses: - Active: Most current offering within a product category. - End of Life: Discontinued date announced - actively execute migrations and...

Schneider Electric Discontinued Devices Detection

The current plugin identifies Schneider devices that are currently discontinued. Schneider Lifecycle Statuses: - Active: Most current offering within a product category. - End of Life: Discontinued date announced - actively execute migrations and last time buys. Product generally orderable until...

Oracle Linux 7 : firefox (ELSA-2024-6838)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-6838 advisory. 128.2.0-1.0.1 - Remove nomerge annotation from abort calls Orabug: 37079143 - Update to 128.2.0 Orabug: 37079143 Tenable has extracted the preceding...

RHEL 9 : python3.9 (RHSA-2024:8446)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8446 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2024:3733-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3733-1 advisory. - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not...

SUSE SLES15 Security Update : kernel RT (Live Patch 15 for SLE 15 SP5) (SUSE-SU-2024:3625-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3625-1 advisory. This update for the Linux Kernel 5.14.21-1505001355 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed...

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP6) (SUSE-SU-2024:3628-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3628-1 advisory. This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potentia...

Qnap QTS OS Command Injection (CVE-2023-39294)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578...

Qnap QTS Command Injection (CVE-2017-7876)

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions. This plugin only works with Tenable.ot. Please visit...

Qnap QTS OS Command Injection (CVE-2024-38641)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823...

Amazon Linux 2 : unbound (ALASUNBOUND-2024-003)

The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-003 advisory. NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2024-735)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-735 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2024-730)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-730 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2024-729)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-729 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However...