The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5290 advisory.

  - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically     evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used     to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the     interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances     included interpolators that could result in arbitrary code execution or contact with remote servers. These     lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns
    - resolve dns records - url - load values from urls, including from remote servers Applications using     the interpolation defaults in the affected versions may be vulnerable to remote code execution or     unintentional contact with remote servers if untrusted configuration values are used. Users are     recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators     by default. (CVE-2022-33980)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory, including the following:

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics   (component: Analytics Server (Apache Spark)). The supported version that is affected is 6.4.0.0.0. Easily   exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle   Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence   Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks   of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.
  (CVE-2023-22946)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics   (component: Analytics Server (Apache Hadoop)). The supported version that is affected is 6.4.0.0.0. Easily   exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle   Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of   Oracle Business Intelligence Enterprise Edition. (CVE-2022-26612)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics   (component: Content Storage Service (Apache Commons Configuration)). Supported versions that are affected   are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network   access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this   vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2022-33980)   Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities:

  - Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the     SHA-1 hash of the script, making it vulnerable to collision attacks. (CVE-2022-45379)

  - Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to     clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability     exploitable by attackers with Item/Configure permission. (CVE-2022-45380)

  - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically     evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used     to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the     interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances     included interpolators that could result in arbitrary code execution or contact with remote servers. These     lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns
    - resolve dns records - url - load values from urls, including from remote servers Applications using     the interpolation defaults in the affected versions may be vulnerable to remote code execution or     unintentional contact with remote servers if untrusted configuration values are used. Users are     recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators     by default. (CVE-2022-33980)

  - Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix     interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix     interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the     Jenkins controller file system. (CVE-2022-45381)

  - Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that     were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability     exploitable by attackers able to edit build display names. (CVE-2022-45382)

  - An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows     attackers with Support/DownloadBundle permission to download a previously created support bundle     containing information limited to users with Overall/Administer permission. (CVE-2022-45383)

  - Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the     global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the     Jenkins controller file system. (CVE-2022-45384)

  - A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier     allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified     repository. (CVE-2022-45385)

  - Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted     in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read     permission, or access to the Jenkins controller file system. (CVE-2022-45392)

  - Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally     disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
    (CVE-2022-45391)

  - Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables     SSL/TLS certificate and hostname validation for several features. (CVE-2022-38666)

  - Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external     entity (XXE) attacks. (CVE-2022-45386)

  - Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it     on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. (CVE-2022-45387)

  - Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP     endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins     controller file system. (CVE-2022-45388)

  - A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to     trigger builds of jobs corresponding to an attacker-specified repository. (CVE-2022-45389)

  - A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with     Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. (CVE-2022-45390)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows     attackers to delete build logs. (CVE-2022-45393)

  - A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read     permission to delete build logs. (CVE-2022-45394)

  - Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE)     attacks. (CVE-2022-45395)

  - Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external     entity (XXE) attacks. (CVE-2022-45396)

  - Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to     prevent XML external entity (XXE) attacks. (CVE-2022-45397)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier     allows attackers to delete recorded Jenkins Cluster Statistics. (CVE-2022-45398)

  - A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to     delete recorded Jenkins Cluster Statistics. (CVE-2022-45399)

  - Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity     (XXE) attacks. (CVE-2022-45400)

  - Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in     a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
    (CVE-2022-45401)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.

  - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter     Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter     Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)

  - Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component:
    Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is     11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result     in takeover of Oracle Hyperion Infrastructure Technology. (CVE-2022-33980)   
  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware     (component: Analytics Web ADF Integration (Apache Commons Compress)). The supported version that is     affected is 5.9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access     via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2021-36090)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 and 7.0.0.0 installed on the remote host are affected by a vulnerability as referenced in the July 2023 CPU advisory. 

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0,     7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network     access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of     this vulnerability can result in unauthorized creation, deletion or modification access to critical data     or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to     critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.
    (CVE-2018-1282)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (jackson-databind)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2022-33980)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (CKEditor)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human     interaction from a person other than the attacker and while the vulnerability is in Oracle Business     Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read     access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2023-28439)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory, including the following:

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0,     7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network     access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of     this vulnerability can result in unauthorized creation, deletion or modification access to critical data     or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to     critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.
    (CVE-2018-1282)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (jackson-databind)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2022-33980)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (CKEditor)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human     interaction from a person other than the attacker and while the vulnerability is in Oracle Business     Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read     access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2023-28439)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2097 advisory.

    Red Hat Satellite is a systems management tool for Linux-based     infrastructure. It allows for provisioning, remote management, and     monitoring of multiple Linux deployments with a single centralized tool.

    Security Fix(es):
    * CVE-2022-1471 CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-38752 candlepin and     puppetserver: various flaws
    * CVE-2022-22577 tfm-rubygem-actionpack: rubygem-actionpack: Possible cross-site scripting vulnerability     in Action Pack
    * CVE-2022-23514 rubygem-loofah: inefficient regular expression leading to denial of service
    * CVE-2022-23515 rubygem-loofah: rubygem-loofah: Improper neutralization of data URIs leading to Cross     Site Scripting
    * CVE-2022-23516 rubygem-loofah: Uncontrolled Recursion leading to denial of service
    * CVE-2022-23517 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Inefficient Regular     Expression leading to denial of service
    * CVE-2022-23518 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Improper neutralization     of data URIs leading to Cross site scripting
    * CVE-2022-23519 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Cross site scripting     vulnerability with certain configurations
    * CVE-2022-23520 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Cross site scripting     vulnerability with certain configurations
    * CVE-2022-27777 tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag     helpers
    * CVE-2022-31163 rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution
    * CVE-2022-32224 tfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized     Columns in Active Record
    * CVE-2022-33980 candlepin: apache-commons-configuration2: Apache Commons Configuration insecure     interpolation defaults
    * CVE-2022-41323 satellite-capsule:el8/python-django: Potential denial-of-service vulnerability in     internationalized URLs
    * CVE-2022-41946 candlepin: postgresql-jdbc: Information leak of prepared statement data due to insecure     temporary file permissions
    * CVE-2022-42003 CVE-2022-42004 candlepin: various flaws
    * CVE-2022-42889 candlepin: apache-commons-text: variable interpolation RCE
    * CVE-2022-23514 rubygem-loofah: inefficient regular expression leading to denial of service
    * CVE-2023-23969 python-django: Potential denial-of-service via Accept-Language headers
    * CVE-2023-24580 python-django: Potential denial-of-service vulnerability in file uploads

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

    Additional Changes:

    The items above are not a complete list of changes. This update also fixes     several bugs and adds various enhancements. Documentation for these changes     is available from the Release Notes document.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.

  - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter     Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter     Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. (CVE-2022-24729)

  - Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component:
    Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is     11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result     in takeover of Oracle Hyperion Infrastructure Technology. (CVE-2022-33980)

  - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large     depth of nested objects. (CVE-2020-36518)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following:

  - CVE-2022-38751 on snakeyaml (fixed train 2.346.x.0.z) (BEE-23728)

  - CVE-2022-38749 on snakeyaml (fixed train 2.346.x.0.z) (BEE-23729)

  - Remote code execution vulnerability in Pipeline Utility Steps Plugin (CVE-2022-33980)

  - SSL/TLS certificate validation unconditionally disabled by NS-ND Integration Performance Publisher Plugin     (CVE-2022-38666)

  - Whole-script approval in Script Security Plugin vulnerable to SHA-1 collisions (CVE-2022-45379)

  - Stored XSS vulnerability in JUnit Plugin (CVE-2022-45380)

  - Arbitrary file read vulnerability in Pipeline Utility Steps Plugin (CVE-2022-45381)

  - Stored XSS vulnerability in Naginator Plugin (CVE-2022-45382)

  - Incorrect permission checks in Support Core Plugin (CVE-2022-45383)

  - Password stored in plain text by Reverse Proxy Auth Plugin (CVE-2022-45384)

  - Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin     (CVE-2022-45385)

  - XXE vulnerability on agents in Violations Plugin (CVE-2022-45386)

  - Stored XSS vulnerability in BART Plugin (CVE-2022-45387)

  - Arbitrary file read vulnerability in Config Rotator Plugin (CVE-2022-45388)

  - Lack of authentication mechanism for webhook in XP-Dev Plugin (CVE-2022-45389)

  - Missing permission check in loader.io Plugin allows enumerating credentials IDs (CVE-2022-45390)

  - SSL/TLS certificate validation globally and unconditionally disabled by NS-ND Integration Performance     Publisher Plugin (CVE-2022-45391)

  - Passwords stored in plain text by NS-ND Integration Performance Publisher Plugin (CVE-2022-45392)

  - CSRF vulnerability and missing permission check in Delete log Plugin (CVE-2022-45393, CVE-2022-45394)

  - XXE vulnerability on agents in CCCC Plugin (CVE-2022-45395)

  - XXE vulnerability on agents in SourceMonitor Plugin (CVE-2022-45396)

  - XXE vulnerability on agents in OSF Builder Suite :: XML Linter Plugin (CVE-2022-45397)

  - CSRF vulnerability and missing permission check in Cluster Statistics Plugin (CVE-2022-45398,     CVE-2022-45399)

  - XXE vulnerability in JAPEX Plugin (CVE-2022-45400)

  - Stored XSS vulnerability in Associated Files Plugin (CVE-2022-45401)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2097 advisory.

  - SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.
    Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using     SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend     upgrading to version 2.0 and beyond. (CVE-2022-1471)

  - An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for     non HTML like responses. (CVE-2022-22577)

  - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on     top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to     excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of     service through CPU resource consumption. This issue is patched in version 2.19.1. (CVE-2022-23514)

  - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on     top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml     media type in data URIs. This issue is patched in version 2.19.1. (CVE-2022-23515)

  - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on     top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it     susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of     service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to     upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are     sanitized. (CVE-2022-23516)

  - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain     configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible     to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of     service through CPU resource consumption. This issue has been patched in version 1.4.4. (CVE-2022-23517)

  - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >=     1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah     >= 2.1.0. This issue is patched in version 1.4.4. (CVE-2022-23518)

  - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version     1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an     attacker to inject content if the application developer has overridden the sanitizer's allowed tags in     either of the following ways: allow both math and style elements, or allow both svg and style     elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version     1.4.4. All users overriding the allowed tags to include math or svg and style should either upgrade     or use the following workaround immediately: Remove style from the overridden allowed tags, or remove     math and svg from the overridden allowed tags. (CVE-2022-23519)

  - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version     1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to     an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the     application developer has overridden the sanitizer's allowed tags to allow both select and style     elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version     1.4.4. All users overriding the allowed tags to include both select and style should either upgrade or     use this workaround: Remove either select or style from the overridden allowed tags. NOTE: Code is
    _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper     method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize. (CVE-2022-23520)

  - The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due     missing to nested depth limitation for collections. (CVE-2022-25857)

  - A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to     inject content if able to control input into specific attributes. (CVE-2022-27777)

  - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using     time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data     source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are     defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on     demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers     correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later,     `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby     process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions     2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path     if their name follows the rules for a valid time zone identifier and the file has a prefix of     `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files     are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated     before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression     `\A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z`. (CVE-2022-31163)

  - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record <     7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the     database (via means like SQL injection), the ability to escalate to an RCE. (CVE-2022-32224)

  - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically     evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used     to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the     interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances     included interpolators that could result in arbitrary code execution or contact with remote servers. These     lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns
    - resolve dns records - url - load values from urls, including from remote servers Applications using     the interpolation defaults in the affected versions may be vulnerable to remote code execution or     unintentional contact with remote servers if untrusted configuration values are used. Users are     recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators     by default. (CVE-2022-33980)

  - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the     parser is running on user supplied input, an attacker may supply content that causes the parser to crash     by stackoverflow. (CVE-2022-38749, CVE-2022-38750, CVE-2022-38751)

  - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the     parser is running on user supplied input, an attacker may supply content that causes the parser to crash     by stack-overflow. (CVE-2022-38752)

  - In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject     to a potential denial of service attack via the locale parameter, which is treated as a regular     expression. (CVE-2022-41323)

  - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either     `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create     a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable     by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory     is shared between all users on that system. Because of this, when files and directories are written into     this directory they are, by default, readable by other users on that same system. This vulnerability does     not allow other users to overwrite the contents of these directories or files. This is purely an     information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7,     this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this     vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to     patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a     directory that is exclusively owned by the executing user will mitigate this vulnerability.
    (CVE-2022-41946)

  - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a     check in primitive value deserializers to avoid deep wrapper array nesting, when the     UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1     (CVE-2022-42003)

  - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in     BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is     vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)

  - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and     expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an     instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with     version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that     could result in arbitrary code execution or contact with remote servers. These lookups are: - script -     execute expressions using the JVM script execution engine (javax.script) - dns - resolve dns records -     url - load values from urls, including from remote servers Applications using the interpolation defaults     in the affected versions may be vulnerable to remote code execution or unintentional contact with remote     servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons     Text 1.10.0, which disables the problematic interpolators by default. (CVE-2022-42889)

  - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language     headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service     vector via excessive memory usage if the raw value of Accept-Language headers is very large.
    (CVE-2023-23969)

  - An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10,     and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could     result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-     service attack. (CVE-2023-24580)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
168228	Debian DSA-5290-1 : commons-configuration2 - security update	Nessus	Debian Local Security Checks	11/28/2022	9/20/2023	critical
183507	Oracle Business Intelligence Enterprise Edition (OAS 6.4) (October 2023 CPU)	Nessus	Misc.	10/20/2023	10/23/2023	critical
179362	Jenkins plugins Multiple Vulnerabilities (2022-11-15)	Nessus	CGI abuses	8/4/2023	10/3/2024	critical
166337	Oracle Business Intelligence Publisher 5.9.x < 5.9.0(OAS) (Oct 2022 CPU)	Nessus	Misc.	10/20/2022	10/9/2023	critical
178710	Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)	Nessus	Misc.	7/21/2023	7/19/2024	critical
183508	Oracle Business Intelligence Enterprise Edition (OAS 7.0) (October 2023 CPU)	Nessus	Misc.	10/20/2023	10/23/2023	critical
194316	RHEL 8 : Satellite 6.13 Release (Important) (RHSA-2023:2097)	Nessus	Red Hat Local Security Checks	4/28/2024	11/7/2024	critical
166336	Oracle Business Intelligence Publisher 5.9.x < 5.9.0 (OAS) (Oct 2022 CPU)	Nessus	Misc.	10/20/2022	10/24/2023	critical
167634	Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.6 / 2.361.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-11-15)	Nessus	CGI abuses	11/16/2022	6/4/2024	critical
175139	Rocky Linux 8 : Satellite 6.13 Release (Important) (RLSA-2023:2097)	Nessus	Rocky Linux Local Security Checks	5/5/2023	1/22/2024	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical