The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8678 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5790 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5790-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     October 13, 2024                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : node-dompurify     CVE ID         : CVE-2024-47875

    It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was     susceptible to nesting-based mXSS.

    For the stable distribution (bookworm), this problem has been fixed in     version 2.4.1+dfsg+~2.4.0-2.

    We recommend that you upgrade your node-dompurify packages.

    For the detailed security status of node-dompurify please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/node-dompurify

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9473 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can     cause a panic due to stack exhaustion (CVE-2024-34156)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9473 advisory.

    * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can     cause a panic due to stack exhaustion (CVE-2024-34156)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8678 advisory.

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9473 advisory.

    - Resolves RHEL-62308: CVE-2024-47875

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 12.8.4 release notes.

  - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does     not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as     demonstrated by nesting of FORM elements. (CVE-2020-26870)

  - SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires     the software be installed on Linux and configured to use non-default development/test mode making exposure     to the vulnerability very limited. (CVE-2024-45709)

  - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been     discovered that malicious HTML using special nesting techniques can bypass the depth checking added to     DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check.
    This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed     in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds     for this vulnerability. (CVE-2024-45801)

  - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was     vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. (CVE-2024-47875)

  - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was     vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. (CVE-2024-48910)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8327 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8327 advisory.

    - Resolves RHEL-62307: CVE-2024-47875

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8327 advisory.

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8678 advisory.

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)
      * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8327 advisory.

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)
    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8678 advisory.

    - Resolves RHEL-62309: CVE-2024-47875

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4048 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4048-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     February 10, 2025                             https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : cacti     Version        : 1.2.16+ds1-2+deb11u5     CVE ID         : CVE-2024-43362 CVE-2024-43363 CVE-2024-43364 CVE-2024-43365                      CVE-2024-45598 CVE-2024-47875 CVE-2024-48910 CVE-2024-54145                      CVE-2025-22604 CVE-2025-24367 CVE-2025-24368


    Multiple security vulnerabilities have been discovered in Cacti, a web     interface for graphing of monitoring systems, which could result in     cross-site scripting, SQL injection, or command injection.

    For Debian 11 bullseye, these problems have been fixed in version     1.2.16+ds1-2+deb11u5.

    We recommend that you upgrade your cacti packages.

    For the detailed security status of cacti please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/cacti

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
209914	RHEL 9 : grafana (RHSA-2024:8678)	Nessus	Red Hat Local Security Checks	10/30/2024	3/10/2025	critical
208927	Debian dsa-5790 : node-dompurify - security update	Nessus	Debian Local Security Checks	10/13/2024	10/13/2024	critical
210841	RHEL 9 : grafana (RHSA-2024:9473)	Nessus	Red Hat Local Security Checks	11/12/2024	3/6/2025	critical
232879	RockyLinux 9 : grafana (RLSA-2024:9473)	Nessus	Rocky Linux Local Security Checks	3/19/2025	3/19/2025	critical
210617	RockyLinux 9 : grafana (RLSA-2024:8678)	Nessus	Rocky Linux Local Security Checks	11/8/2024	3/10/2025	critical
211664	Oracle Linux 9 : grafana (ELSA-2024-9473)	Nessus	Oracle Linux Local Security Checks	11/20/2024	1/24/2025	critical
213005	SolarWinds Web Help Desk < 12.8.4 Multiple Vulnerabilities	Nessus	CGI abuses	12/13/2024	3/21/2025	medium
209522	RHEL 8 : grafana (RHSA-2024:8327)	Nessus	Red Hat Local Security Checks	10/22/2024	3/10/2025	critical
209540	Oracle Linux 8 : grafana (ELSA-2024-8327)	Nessus	Oracle Linux Local Security Checks	10/23/2024	3/10/2025	critical
209691	RockyLinux 8 : grafana (RLSA-2024:8327)	Nessus	Rocky Linux Local Security Checks	10/25/2024	3/10/2025	critical
210138	AlmaLinux 9 : grafana (ALSA-2024:8678)	Nessus	Alma Linux Local Security Checks	11/4/2024	3/10/2025	critical
209563	AlmaLinux 8 : grafana (ALSA-2024:8327)	Nessus	Alma Linux Local Security Checks	10/23/2024	3/10/2025	critical
210015	Oracle Linux 9 : grafana (ELSA-2024-8678)	Nessus	Oracle Linux Local Security Checks	10/31/2024	3/10/2025	critical
216095	Debian dla-4048 : cacti - security update	Nessus	Debian Local Security Checks	2/11/2025	4/18/2025	high

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

medium

critical

critical

critical

critical

critical

critical

high