AlmaLinux 9 : kernel (ALSA-2025:8333)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:8333 advisory. kernel: Use after Free in grusetcontextoption leading to kernel panic CVE-2022-3424 kernel: ndisc: use RCU protection in ndiscallocskb CVE-2025-21764...

SEO Automatic Seo Tools Plugin for WordPress Cross-Site Scripting

The WordPress SEO Automatic Seo Tools Plugin installed on the remote host is affected by a Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Mastodon < 4.1.17 Multiples Vulnerabilities

According to its self-reported version number, the Mastodon application running on the remote host is prior to 4.1.17 or 4.2.x prior to 4.2.9. It is, therefore, affected by multiples vulnerabilities : - Private mention filtering can be bypassed - Missing rate-limit to password change endpoint -...

Apple iOS < 18.1 Multiple Vulnerabilities (121563)

Binary data appleios181check.nbin...

Amazon Corretto Java 17.x < 17.0.13.11.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.13.11.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2024-Oct-15 advisory. - core-libs/java.net CVE-2024-21208 - hotspot/compiler CVE-2024-21210, CVE-2024-21235 -...

Amazon Corretto Java 11.x < 11.0.25.9.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 11 11.0.25.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-11-2024-Oct-15 advisory. - core-libs/java.net CVE-2024-21208 - hotspot/compiler CVE-2024-21210, CVE-2024-21235 -...

GLSA-202408-11 : aiohttp: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202408-11 aiohttp: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

WordPress 6.1.x < 6.1.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

Dell Client BIOS Multiple Vulnerabilities (DSA-2024-124)

Dell Client Platform BIOS contains multiple Improper Input Validation vulnerabilities in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has...

RHEL 7 : dovecot (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dovecot: IMAP hibernation function allows mail access CVE-2020-24386 - dovecot: Privilege escalation when...

RHEL 5 : java-1.4.2-ibm-sap (RHSA-2011:1265)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1265 advisory. - IBM JDK Class file parsing denial-of-service CVE-2011-0311 - Oracle/IBM JDK: unspecified vulnerabilities fixed in 6u26 Sound CVE-2011-0802...

Apple iOS < 17.4.1 Vulnerability (HT214097)

Binary data appleios1741check.nbin...

WordPress 4.7.x < 4.7.28 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...

WordPress 6.3.x < 6.3.3 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...

Webmin < 1.997 Remote Code Execution

According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.997. It is, therefore, affected by a Remote Code Execution Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No...

Webmin < 2.003 Multiple Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.003. It is, therefore, affected by a multiples vulnerabilities : - A Cross-Site Scripting via the Cluster Cron Job tab Input field - A Cross-Site Scripting in an unknown function of the file...

Kibana 7.8.0 < 7.15.2 Multiple Vulnerabilities

According to its self-reported version number, the Kibana application running on the remote host is 7.8.0 prior to 7.15.2. It is, therefore, affected by : - Path Traversal on Windows operating systems specifically CVE-2021-37938 - Information Disclosure in Kibana's JIRA connector & IBM Resilient...

Microsoft Edge (Chromium) < 106.0.1370.34 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.34. It is, therefore, affected by multiple vulnerabilities as referenced in the October 3, 2022 advisory. - Use after free in CSS. CVE-2022-3304 - Use after free in Media. CVE-2022-3307 - Insufficient policy...

WordPress 4.5.x < 4.5.26 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists via wpfilterglobalstylespost. - A prototype pollution exists via the Gutenberg wordpress/url package. Note that the...

WordPress 5.2.x < 5.2.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists via wpfilterglobalstylespost. - A prototype pollution exists via the Gutenberg wordpress/url package. Note that the...