The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8678 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5790 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5790-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     October 13, 2024                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : node-dompurify     CVE ID         : CVE-2024-47875

    It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was     susceptible to nesting-based mXSS.

    For the stable distribution (bookworm), this problem has been fixed in     version 2.4.1+dfsg+~2.4.0-2.

    We recommend that you upgrade your node-dompurify packages.

    For the detailed security status of node-dompurify please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/node-dompurify

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9473 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can     cause a panic due to stack exhaustion (CVE-2024-34156)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8327 advisory.

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)
    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8678 advisory.

    - Resolves RHEL-62309: CVE-2024-47875

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9473 advisory.

    - Resolves RHEL-62308: CVE-2024-47875

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8678 advisory.

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8327 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8327 advisory.

    - Resolves RHEL-62307: CVE-2024-47875

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8327 advisory.

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8678 advisory.

    * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)
      * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
209914	RHEL 9 : grafana (RHSA-2024:8678)	Nessus	Red Hat Local Security Checks	10/30/2024	11/5/2024	medium
208927	Debian dsa-5790 : node-dompurify - security update	Nessus	Debian Local Security Checks	10/13/2024	10/13/2024	critical
210841	RHEL 9 : grafana (RHSA-2024:9473)	Nessus	Red Hat Local Security Checks	11/12/2024	11/12/2024	critical
209563	AlmaLinux 8 : grafana (ALSA-2024:8327)	Nessus	Alma Linux Local Security Checks	10/23/2024	10/23/2024	medium
210015	Oracle Linux 9 : grafana (ELSA-2024-8678)	Nessus	Oracle Linux Local Security Checks	10/31/2024	10/31/2024	medium
211664	Oracle Linux 9 : grafana (ELSA-2024-9473)	Nessus	Oracle Linux Local Security Checks	11/20/2024	11/20/2024	critical
210617	RockyLinux 9 : grafana (RLSA-2024:8678)	Nessus	Rocky Linux Local Security Checks	11/8/2024	11/8/2024	medium
209522	RHEL 8 : grafana (RHSA-2024:8327)	Nessus	Red Hat Local Security Checks	10/22/2024	11/5/2024	medium
209540	Oracle Linux 8 : grafana (ELSA-2024-8327)	Nessus	Oracle Linux Local Security Checks	10/23/2024	10/23/2024	medium
209691	RockyLinux 8 : grafana (RLSA-2024:8327)	Nessus	Rocky Linux Local Security Checks	10/25/2024	10/25/2024	medium
210138	AlmaLinux 9 : grafana (ALSA-2024:8678)	Nessus	Alma Linux Local Security Checks	11/4/2024	11/4/2024	medium

Detections

Analytics

Plugins Search

medium

critical

critical

medium

medium

critical

medium

medium

medium

medium

medium