Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f9e459c893 advisory.

    Automatic update for python-notebook-6.4.11-3.fc37.

    ##### **Changelog**

    ```
    * Wed Jul 13 2022 Miro Hronok <mhroncok@redhat.com> - 6.4.11-3
    - Fix CVE-2022-24785 and CVE-2022-31129 in bundled moment
    - Fixes: rhbz#2075263

    ```

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98190 advisory.

  - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path     traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1,     especially if a user-provided locale string is directly used to switch moment locale. This problem is     patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the     user-provided locale name before passing it to Moment.js. (CVE-2022-24785)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - Moment.js: Path traversal  in moment.locale (CVE-2022-24785)

  - ansi-regex is vulnerable to Inefficient Regular Expression Complexity (CVE-2021-3807)

  - Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may     cause catastrophic backtracking against some strings and lead to a regular expression denial of service     (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a     worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid     running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit     to prevent draining resources. (CVE-2022-21680)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory.

  - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet     side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending     highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As     a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but     there is no workaround to protect Eventlet process. (CVE-2021-21419)

  - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling     the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute     allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS     code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
    (CVE-2021-28957)

  - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path     traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1,     especially if a user-provided locale string is directly used to switch moment locale. This problem is     patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the     user-provided locale name before passing it to Moment.js. (CVE-2022-24785)

  - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected     versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date     parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2)     complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k     characters. Users who pass user-provided strings without sanity length checks to moment constructor are     vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected     versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider     limiting date lengths accepted from user input. (CVE-2022-31129)

  - A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an     insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check     if an IP address is invalid before making DBS requests allowing rebinding attacks. (CVE-2022-32212)

  - In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands     discovered in the system mailcap file. This may allow attackers to inject shell commands into applications     that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or     arguments). The fix is also back-ported to 3.7, 3.8, 3.9 (CVE-2015-20107)

  - There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker     who is able to supply a crafted file to be processed by an application linked with the affected     functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to     application availability, with some potential impact to confidentiality and integrity if an attacker is     able to use memory information to further exploit the application. (CVE-2021-3517)

  - A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while     parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery     mode and post-validated, the flaw could be used to crash the application. The highest threat from this     vulnerability is to system availability. (CVE-2021-3537)

  - There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to     be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact     from this flaw is to confidentiality, integrity, and availability. (CVE-2021-3518)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3256575fc8 advisory.

    Automatic update for python-notebook-7.0.0-1.fc39.

    ##### **Changelog**

    ```
    * Thu Jul 20 2023 Lumir Balhar <lbalhar@redhat.com> - 7.0.0-1
    - Update to 7.0.0 (rhbz#2224039)
    * Mon Jul 10 2023 Lumir Balhar <lbalhar@redhat.com> - 7.0.0rc2-1
    - Update to 7.0.0 RC2
    * Mon Jul 10 2023 Miro Hronok <miro@hroncok.cz> - 7.0.0b3-3
    - Workaround a possible Python 3.12 regression in importlib.resources
    * Tue Jul  4 2023 Python Maint <python-maint@redhat.com> - 7.0.0b3-2
    - Rebuilt for Python 3.12
    * Thu Jun  1 2023 Lumir Balhar <lbalhar@redhat.com> - 7.0.0b3-1
    - Update to 7.0.0 beta 3 (rhbz#2184443)
    * Wed Mar 29 2023 Lumir Balhar <lbalhar@redhat.com> - 7.0.0a18-1
    - Update to 7.0.0a18 (rhbz#2181597)
    * Wed Mar 22 2023 Lumir Balhar <lbalhar@redhat.com> - 7.0.0a17-1
    - Update to 7.0.0 alpha 17 (rhbz#2178583)
    * Fri Mar 10 2023 Lumir Balhar <lbalhar@redhat.com> - 7.0.0a15-1
    - Update to 7.0.0a15
    * Mon Mar  6 2023 Lumr Balhar <lbalhar@redhat.com> - 6.5.3-1
    - Update to 6.5.3 (rhbz#2062405)
    * Wed Feb  1 2023 Lumr Balhar <lbalhar@redhat.com> - 6.5.2-1
    - Update to 6.5.2 (#2062405)
    * Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 6.4.12-2
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
    * Wed Aug  3 2022 Karolina Surma <ksurma@redhat.com> - 6.4.12-1
    - Update to 6.4.12
    * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.4.11-4
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
    * Wed Jul 13 2022 Miro Hronok <mhroncok@redhat.com> - 6.4.11-3
    - Fix CVE-2022-24785 and CVE-2022-31129 in bundled moment
    - Fixes: rhbz#2075263
    * Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 6.4.11-2
    - Rebuilt for Python 3.11
    * Mon May 30 2022 Miro Hronok <mhroncok@redhat.com> - 6.4.11-1
    - Update to 6.4.11
    * Tue Mar 22 2022 Miro Hronok <mhroncok@redhat.com> - 6.4.10-1
    - Update to 6.4.10
    * Tue Jan 25 2022 Miro Hronok <mhroncok@redhat.com> - 6.4.8-1
    - Update to 6.4.8
    - Fixes: rhbz#2045852
    * Tue Jan 25 2022 Miro Hronok <mhroncok@redhat.com> - 6.4.7-1
    - Update to 6.4.7
    - Fixes: rhbz#2039905
    * Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.4.6-3
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
    * Mon Nov 29 2021 Karolina Surma <ksurma@redhat.com> - 6.4.6-2
    - Remove -s from Python shebang in `jupyter-*` executables       to let Jupyter see pip installed extensions
    * Wed Nov 24 2021 Karolina Surma <ksurma@redhat.com> - 6.4.6-1
    - Update to 6.4.6     Resolves: rhbz#2023994
    * Tue Oct 26 2021 Lumr Balhar <lbalhar@redhat.com> - 6.4.5-1
    - Update to 6.4.5     Resolves: rhbz#2004590
    * Wed Aug 11 2021 Tomas Hrnciar <thrnciar@redhat.com> - 6.4.3-1
    - Update to 6.4.3
    - Fixes: rhbz#1990615
    - Fixes: rhbz#1992573
    * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.4.0-3
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

    ```

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1044 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.2 on RHEL 8 serves as a replacement for Red Hat Single Sign-On     7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):
    * keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
    * Moment.js: Path traversal in moment.locale (CVE-2022-24785)
    * keycloak: missing email notification template allowlist (CVE-2022-1274)
    * keycloak: minimist: prototype pollution (CVE-2021-44906)
    * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
    * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations     (CVE-2022-2764)
    * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
    * loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
    * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
    * keycloak: path traversal via double URL encoding (CVE-2022-3782)
    * snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode     (CVE-2022-38749)
    * snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
    * snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject     (CVE-2022-38750)
    * keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
    * keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
    * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
    * keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
    * snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
    * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
    * rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip     (CVE-2018-14042)
    * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError     which may lead to dos (CVE-2022-45693)
    * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
    * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
    * jettison: parser crash by stackoverflow (CVE-2022-40149)
    * jackson-databind: use of deeply nested arrays (CVE-2022-42004)
    * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
    * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
    * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code     execution (CVE-2020-11023)
    * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
    * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution,     or property injection (CVE-2019-11358)
    * CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
    * keycloak: reflected XSS attack (CVE-2022-4137)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1043 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.2 on RHEL 7 serves as a replacement for Red Hat Single Sign-On     7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
    * Moment.js: Path traversal in moment.locale (CVE-2022-24785)
    * keycloak: missing email notification template allowlist (CVE-2022-1274)
    * keycloak: minimist: prototype pollution (CVE-2021-44906)
    * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
    * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations     (CVE-2022-2764)
    * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
    * loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
    * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
    * keycloak: path traversal via double URL encoding (CVE-2022-3782)
    * snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode     (CVE-2022-38749)
    * snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
    * snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject     (CVE-2022-38750)
    * keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
    * keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
    * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
    * keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
    * snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
    * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
    * rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip     (CVE-2018-14042)
    * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError     which may lead to dos (CVE-2022-45693)
    * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
    * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
    * jettison: parser crash by stackoverflow (CVE-2022-40149)
    * jackson-databind: use of deeply nested arrays (CVE-2022-42004)
    * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
    * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
    * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code     execution (CVE-2020-11023)
    * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
    * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution,     or property injection (CVE-2019-11358)
    * CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
    * keycloak: reflected XSS attack (CVE-2022-4137)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1045 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.2 on RHEL 9 serves as a replacement for Red Hat Single Sign-On     7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
    * Moment.js: Path traversal in moment.locale (CVE-2022-24785)
    * keycloak: missing email notification template allowlist (CVE-2022-1274)
    * keycloak: minimist: prototype pollution (CVE-2021-44906)
    * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
    * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations     (CVE-2022-2764)
    * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
    * loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
    * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
    * keycloak: path traversal via double URL encoding (CVE-2022-3782)
    * snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode     (CVE-2022-38749)
    * snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
    * snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject     (CVE-2022-38750)
    * keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
    * keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
    * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
    * keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
    * snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
    * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
    * rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip     (CVE-2018-14042)
    * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError     which may lead to dos (CVE-2022-45693)
    * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
    * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
    * jettison: parser crash by stackoverflow (CVE-2022-40149)
    * jackson-databind: use of deeply nested arrays (CVE-2022-42004)
    * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
    * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
    * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code     execution (CVE-2020-11023)
    * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
    * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution,     or property injection (CVE-2019-11358)
    * CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
    * keycloak: reflected XSS attack (CVE-2022-4137)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3295 advisory.

  - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path     traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1,     especially if a user-provided locale string is directly used to switch moment locale. This problem is     patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the     user-provided locale name before passing it to Moment.js. (CVE-2022-24785)

  - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected     versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date     parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2)     complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k     characters. Users who pass user-provided strings without sanity length checks to moment constructor are     vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected     versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider     limiting date lengths accepted from user input. (CVE-2022-31129)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Nessus Network Monitor (NNM) installed on the remote host is prior to 6.2.0. It is, therefore, affected by multiple vulnerabilities in third-party software. Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues.
Nessus Network Monitor 6.2.0 updates moment.js to version 2.29.4 and handlebars to version 4.7.7 to address the identified vulnerabilities.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0076 advisory.

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable     version of the Ceph storage system with a Ceph management platform, deployment utilities, and support     services.

    Security Fix(es):

    * Moment.js: Path traversal  in moment.locale (CVE-2022-24785)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    This update also fixes several bugs and adds various enhancements. Documentation for these changes is     available from the Release Notes document linked to in the References section.

    Bug Fix(es)

    These new packages include numerous bug fixes and enhancements. Space precludes documenting all of these     changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on     the most significant of these changes:

    https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

    All users of Red Hat Ceph Storage are advised to upgrade to these updated packages that provide numerous     enhancements and bug fixes.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.x prior to 10.3.1. It is, therefore, affected by multiple vulnerabilities, including:

  - A use-after-free vulnerability in the doContent function in xmlparse.c in libexpat. (CVE-2022-40674)

  - A path traversal vulnerability in the locale string handling functionality of Moment.js. (CVE-2022-24785)

  - A denial of service vulnerability in the string-to-date parsing functinality in Moment.js (CVE-2022-31129)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6272 advisory.

    Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for     installation into an OpenShift Container Platform installation.

    This advisory covers the RPM packages for the release.

    Security Fix(es):

    * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
    * Moment.js: Path traversal in moment.locale (CVE-2022-24785)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6277 advisory.

    Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for     installation into an OpenShift Container Platform installation.

    This advisory covers the RPM packages for the release.

    Security Fix(es):

    * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
    * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
    * moment: Moment.js: Path traversal in moment.locale (CVE-2022-24785)
    * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
    * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
    * golang: syscall: faccessat checks wrong group (CVE-2022-29526)
    * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5559-1 advisory.

    It was discovered that Moment.js incorrectly handled certain input paths. An

    attacker could possibly use this issue to cause a loss of integrity by

    changing the correct path to one of their choice. (CVE-2022-24785)

    It was discovered that Moment.js incorrectly handled certain input. An attacker

    could possibly use this issue to cause a denial of service. (CVE-2022-31129)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4918 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss     Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes     and enhancements included in this release.

    Security Fix(es):

    * h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)

    * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

    * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)

    * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an     unnecessary way (CVE-2021-37137)

    * h2: Remote Code Execution in Console (CVE-2021-42392)

    * netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)

    * xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)

    * wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security     enabled (CVE-2022-0866)

    * undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)

    * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)     (CVE-2022-21299)

    * mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network     access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)

    * xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)

    * artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)

    * Moment.js: Path traversal in moment.locale (CVE-2022-24785)

    * jboss-client: memory leakage in remote client transaction (CVE-2022-0853)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4919 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss     Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes     and enhancements included in this release.

    Security Fix(es):

    * h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)

    * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

    * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)

    * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an     unnecessary way (CVE-2021-37137)

    * h2: Remote Code Execution in Console (CVE-2021-42392)

    * netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)

    * xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)

    * wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security     enabled (CVE-2022-0866)

    * undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)

    * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)     (CVE-2022-21299)

    * mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network     access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)

    * xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)

    * artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)

    * Moment.js: Path traversal in moment.locale (CVE-2022-24785)

    * jboss-client: memory leakage in remote client transaction (CVE-2022-0853)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
211241	Fedora 37 : python-notebook (2022-f9e459c893)	Nessus	Fedora Local Security Checks	high
209237	Atlassian Confluence 7.19.x < 7.19.26 (CONFSERVER-98190)	Nessus	CGI abuses	high
202217	RHEL 8 : ceph (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
194924	Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)	Nessus	CGI abuses	high
185336	Fedora 39 : python-notebook (2023-3256575fc8)	Nessus	Fedora Local Security Checks	high
172042	RHEL 8 : Red Hat Single Sign-On 7.6.2 security update on RHEL 8 (Important) (RHSA-2023:1044)	Nessus	Red Hat Local Security Checks	critical
172041	RHEL 7 : Red Hat Single Sign-On 7.6.2 security update on RHEL 7 (Important) (RHSA-2023:1043)	Nessus	Red Hat Local Security Checks	critical
172039	RHEL 9 : Red Hat Single Sign-On 7.6.2 security update on RHEL 9 (Important) (RHSA-2023:1045)	Nessus	Red Hat Local Security Checks	critical
170880	Debian DLA-3295-1 : node-moment - LTS security update	Nessus	Debian Local Security Checks	high
170688	Nessus Network Monitor < 6.2.0 Multiple Vulnerabilities (TNS-2022-28)	Nessus	Misc.	critical
169920	RHEL 8 / 9 : Red Hat Ceph Storage 5.3 security update and Bug Fix (Moderate) (RHSA-2023:0076)	Nessus	Red Hat Local Security Checks	high
166600	Tenable Nessus 10.x < 10.3.1 Multiple Vulnerabilities (TNS-2022-20)	Nessus	Misc.	critical
164616	RHEL 8 : Red Hat OpenShift Service Mesh 2.0.11 (RHSA-2022:6272)	Nessus	Red Hat Local Security Checks	high
164615	RHEL 8 : Red Hat OpenShift Service Mesh 2.1.5 (RHSA-2022:6277)	Nessus	Red Hat Local Security Checks	high
164015	Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Moment.js vulnerabilities (USN-5559-1)	Nessus	Ubuntu Local Security Checks	high
161911	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7 (Moderate) (RHSA-2022:4918)	Nessus	Red Hat Local Security Checks	critical
161910	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8 (Moderate) (RHSA-2022:4919)	Nessus	Red Hat Local Security Checks	critical

Detections

Analytics

CVE-2022-24785

high

Tenable Plugins

high

high

high

high

high

critical

critical

critical

high

critical

high

critical

high

high

high

critical

critical