The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d32fd0e2d1 advisory.

    This update fixes CVE-2024-55565 by updating the vendored JavaScript to include a version of nanoid     without the security issue.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-01e170c1ac advisory.

    This update fixes CVE-2024-55565 by updating the vendored JavaScript to include a version of nanoid     without the security issue.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4003 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4003-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     December 26, 2024                             https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : node-postcss     Version        : 8.2.1+~cs5.3.23-8+deb11u1     CVE ID         : CVE-2021-23566 CVE-2023-44270 CVE-2024-55565     Debian Bug     : 1053282

    Multiple vulnerabilities were fixed in node-postcss a     tool for transforming styles with JS plugins.

    CVE-2021-23566

        nanoid package is vulnerable to Information Exposure via the         valueOf() function which allows to reproduce the last id generated.

    CVE-2023-44270

        The vulnerability affects linters using PostCSS to parse external         untrusted CSS. An attacker can prepare CSS in such a way that it will         contains parts parsed by PostCSS as a CSS comment. After processing         by PostCSS, it will be included in the PostCSS output in CSS nodes         (rules, properties) despite being included in a comment.

    CVE-2024-55565

        nanoid package mishandles non-integer values of size parameter.

    For Debian 11 bullseye, these problems have been fixed in version     8.2.1+~cs5.3.23-8+deb11u1.

    We recommend that you upgrade your node-postcss packages.

    For the detailed security status of node-postcss please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/node-postcss

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c17ef0f176 advisory.

    **phpMyAdmin 5.2.2 is released**

    Welcome to the release of phpMyAdmin version 5.2.2, the I should have released this sooner release. This     is primarily a bugfix release but also contains a few security fixes as noted below.

    *    fix possible security issue in sql-parser which could cause long execution times that could create a     DOS attack (thanks to Maximilian Krg)
    *    fix an XSS vulnerability in the check tables feature (**PMASA-2025-1**, thanks to bluebird)
    *    fix an XSS vulnerability in the Insert tab (**PMASA-2025-2**, thanks to frequent contributor Kamil     Tekiela)
    *    fix possible security issue with library code slim/psr7 (**CVE-2023-30536**)
    *    fix possible security issue relating to iconv (**CVE-2024-2961, PMASA-2025-3**)
    *    fix a full path disclosure in the Monitoring tab
    *    issue #18268 Fix UI issue the theme manager is disabled
    *    issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
    *    issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling
    *    issue #18106 Fix renaming database with a view
    *    issue #18120 Fix bug with numerical tables during renaming database
    *    issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin     4.2.0
    *    issue #18258 Speed improvements when exporting a database
    *    issue #18769 Improved collations support for MariaDB 10.10

    There are many, many more fixes that you can see in the ChangeLog file included with this release or     [online](https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_2_2/ChangeLog)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-cd98f29570 advisory.

    Update to 4.3.3 (rhbz#2331357)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0c952fc516 advisory.

    Update to 4.3.3 (rhbz#2331357)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4013 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4013-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     January 11, 2025                              https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : node-mocha     Version        : 8.2.1+ds1+~cs29.4.27-3+deb11u1     CVE ID         : CVE-2021-23566 CVE-2024-55565     Debian Bug     :

    mocha a javascript test framework was affected by two     vulnerabilities in nanoid component.


    CVE-2021-23566

        nanoid package is vulnerable to Information Exposure via the         valueOf() function which allows to reproduce the last id generated.


    CVE-2024-55565

        nanoid package mishandles non-integer values of size parameter.

    For Debian 11 bullseye, these problems have been fixed in version     8.2.1+ds1+~cs29.4.27-3+deb11u1.

    We recommend that you upgrade your node-mocha packages.

    For the detailed security status of node-mocha please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/node-mocha

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ccb6313749 advisory.

    Fix CVE-2024-55565.

    ----

    Update to 3.40.5.

    ----

    Update to 3.40.4.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0340 advisory.

    Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing     IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to     individual teams, while automation developers retain the freedom to write tasks that leverage existing     knowledge without the overhead. Ansible Automation Platform makes it possible for users across an     organization to share, vet, and manage automation content by means of a simple, powerful, and agentless     language.

    Security Fix(es):
    * automation-controller: Potential SQL injection in HasKey(lhs, rhs) on Oracle (CVE-2024-53908)
    * automation-controller: Potential denial-of-service in django.utils.html.strip_tags() (CVE-2024-53907)
    * automation-controller: Denial of Service through Data corruption in gRPC-C++ (CVE-2024-11407)
    * automation-gateway: nanoid mishandles non-integer values (CVE-2024-55565)
    * python3.11-aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions     (CVE-2024-52304)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Updates and fixes included:

    Platform
    * Fixed 'not found' error that occurred occasionally when navigating form wizards (AAP-37495)
    * Fixed an issue where ID_KEY attribute was improperly used to determine the username field in social auth     pipelines (AAP-38300)
    * Fixed an issue where the X-DAB-JW-TOKEN header message would flood logs (AAP-38169)
    * Fixed an issue where authenticator could create a userid and return a non-viable authenticator_uid     (AAP-38021)
    * Enhanced the status API, /api/gateway/v1/status/, from the services property within the JSON to an array     (AAP-37903)
    * Fixes an issue where a private key was displayed in plain text when downloading the OpenAPI schema file.
    NOTE: This was not the private key used by gateway, just a random default key (AAP-37843)

    Automation controller
    * Added 'job_lifecycle' as a choice in loggers to send externally and added 'organization_id' field to     logs related to a job (AAP-37537)
    * Fixed date comparison mismatch for traceback from 'host_metric_summary_monthly' task (AAP-37487)
    * Fixed scheduled jobs with count set to a non-zero value to no longer run unexpectedly (AAP-37290)
    * Fixed the POST operation to '/api/controller/login/' via gateway to no longer result in a fatal error     (AAP-37235)
    * Fixed the behavior of the project's 'requirements.yml' to no longer revert to a prior state in a cluster     (AAP-37228)
    * Fixed occasional error while creating event partition table before starting a job, when lots of jobs are     launched quickly (AAP-37227)
    * Fixed the named URL to no longer return a 404 error code while launching a job template (AAP-37025)
    * Updated receptor to clean up temporary receptor files after a job completes on nodes (AAP-36904)
    * Fixed the POST operation to '/api/controller/login/' via gateway to no longer result in a fatal error     (AAP-33911)
    * automation-controller has been updated to 4.6.6

    Container-based Ansible Automation Platform
    * Fixed an issue where the provided inventory file sample for growth inventories could cause the     installation to stall on low resource systems (AAP-38372)
    * Fixed an issue where the throttle capacity of controller in growth topology installation would allow for     performance degradation (AAP-38207)
    * Fixed an issue where the receptor TLS certificate content was not validated during the preflight role     execution ensuring that the x509 Subject Alt Name (SAN) field contains the required ISO Object Identifier     (OID) (AAP-37880)
    * TLS certificate and key files are now validated during the preflight role execution (AAP-37845)
    * Fixed an issue where the Postgresql SSL mode variables were not validated during the preflight role     execution (AAP-37352)
    * containerized installer setup has been updated to 2.5-8

    RPM-based Ansible Automation Platform
    * Fixed an issue where adding a new automation hub host to upgraded environment has caused the     installation to fail (AAP-38204)
    * Fixed an issue where the link to the documents in the installer README.md was broken (AAP-37627)
    * Updated nginx configuration to properly return API status for Event-Driven Ansible event stream service     (AAP-32816)
    * ansible-automation-platform-installer and installer setup have been updated to 2.5-7

    Additional changes:
    * Installing ansible-core no longer installs python3-jmespath on RHEL 8 (AAP-18251)
    * ansible-core has been updated to 2.16.14-2
    * automation-gateway has been updated to 2.5.20250115
    * python3.11-aiohttp has been updated to 3.10.11 along with its dependencies
    * python3.11-django-ansible-base has been updated to 2.5.20250115
    * python3.11-galaxy-importer has been updated to 0.4.27
    * python3.11-pulpcore has been updated to 3.49.29

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
    (CVE-2024-55565)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4b8ab3834c advisory.

    **phpMyAdmin 5.2.2 is released**

    Welcome to the release of phpMyAdmin version 5.2.2, the I should have released this sooner release. This     is primarily a bugfix release but also contains a few security fixes as noted below.

    *    fix possible security issue in sql-parser which could cause long execution times that could create a     DOS attack (thanks to Maximilian Krg)
    *    fix an XSS vulnerability in the check tables feature (**PMASA-2025-1**, thanks to bluebird)
    *    fix an XSS vulnerability in the Insert tab (**PMASA-2025-2**, thanks to frequent contributor Kamil     Tekiela)
    *    fix possible security issue with library code slim/psr7 (**CVE-2023-30536**)
    *    fix possible security issue relating to iconv (**CVE-2024-2961, PMASA-2025-3**)
    *    fix a full path disclosure in the Monitoring tab
    *    issue #18268 Fix UI issue the theme manager is disabled
    *    issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
    *    issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling
    *    issue #18106 Fix renaming database with a view
    *    issue #18120 Fix bug with numerical tables during renaming database
    *    issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin     4.2.0
    *    issue #18258 Speed improvements when exporting a database
    *    issue #18769 Improved collations support for MariaDB 10.10

    There are many, many more fixes that you can see in the ChangeLog file included with this release or     [online](https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_5_2_2/ChangeLog)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
213232	Fedora 40 : python-nbdime (2024-d32fd0e2d1)	Nessus	Fedora Local Security Checks	12/19/2024	12/19/2024	medium
213236	Fedora 41 : python-nbdime (2024-01e170c1ac)	Nessus	Fedora Local Security Checks	12/19/2024	12/19/2024	medium
213394	Debian dla-4003 : node-postcss - security update	Nessus	Debian Local Security Checks	12/26/2024	12/26/2024	medium
214840	Fedora 40 : phpMyAdmin (2025-c17ef0f176)	Nessus	Fedora Local Security Checks	1/31/2025	2/3/2025	medium
213284	Fedora 40 : jupyterlab (2024-cd98f29570)	Nessus	Fedora Local Security Checks	12/20/2024	12/20/2024	medium
213298	Fedora 41 : jupyterlab (2024-0c952fc516)	Nessus	Fedora Local Security Checks	12/20/2024	12/20/2024	medium
213988	Debian dla-4013 : mocha - security update	Nessus	Debian Local Security Checks	1/11/2025	1/11/2025	medium
233632	Fedora 41 : qgis (2025-ccb6313749)	Nessus	Fedora Local Security Checks	4/1/2025	4/1/2025	medium
214232	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:0340)	Nessus	Red Hat Local Security Checks	1/15/2025	1/15/2025	medium
231975	Linux Distros Unpatched Vulnerability : CVE-2024-55565	Nessus	Misc.	3/6/2025	3/6/2025	medium
214839	Fedora 41 : phpMyAdmin (2025-4b8ab3834c)	Nessus	Fedora Local Security Checks	1/31/2025	2/3/2025	medium

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium