<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><title>Huawei Local Security Checks Plugins<!-- --> | Tenable®</title><meta name="description" content="Listing all plugins in the Huawei Local Security Checks family"/><meta property="og:title" content="Huawei Local Security Checks Plugins"/><meta property="og:description" content="Listing all plugins in the Huawei Local Security Checks family"/><meta name="twitter:title" content="Huawei Local Security Checks Plugins"/><meta name="twitter:description" content="Listing all plugins in the Huawei Local Security Checks family"/><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="apple-touch-icon" sizes="180x180" href="https://www.tenable.com/themes/custom/tenable/img/favicons/apple-touch-icon.png"/><link rel="manifest" href="https://www.tenable.com/themes/custom/tenable/img/favicons/manifest.json"/><link rel="mask-icon" href="https://www.tenable.com/themes/custom/tenable/img/favicons/safari-pinned-tab.svg" color="#0071dd"/><link rel="icon" href="https://www.tenable.com/favicon.ico" sizes="any"/><link rel="icon" href="https://www.tenable.com/themes/custom/tenable/img/favicons/favicon.svg" type="image/svg+xml"/><meta name="msapplication-config" content="https://www.tenable.com/themes/custom/tenable/img/favicons/browserconfig.xml"/><meta name="theme-color" content="#ffffff"/><link rel="canonical" href="https://www.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks"/><link rel="alternate" hrefLang="x-default" href="https://www.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks"/><link rel="alternate" hrefLang="en" href="https://www.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks"/><link rel="alternate" hrefLang="de" href="https://de.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks"/><link rel="alternate" hrefLang="es" href="https://es-la.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks"/><link rel="alternate" hrefLang="fr" href="https://fr.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks"/><link rel="alternate" hrefLang="ja" href="https://jp.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks"/><link rel="alternate" hrefLang="ko" href="https://kr.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks"/><link rel="alternate" hrefLang="zh-CN" href="https://www.tenablecloud.cn/plugins/nessus/families/Huawei%20Local%20Security%20Checks"/><link rel="alternate" hrefLang="zh-TW" href="https://zh-tw.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks"/><meta name="next-head-count" content="26"/><script type="text/javascript">window.NREUM||(NREUM={});NREUM.info = {"agent":"","beacon":"bam.nr-data.net","errorBeacon":"bam.nr-data.net","licenseKey":"5febff3e0e","applicationID":"96358297","agentToken":null,"applicationTime":106.116367,"transactionName":"MVBabEEHChVXU0IIXggab11RIBYHW1VBDkMNYEpRHCgBHkJaRU52I2EXF0MKEQFfXkVOahJMSF1uSQIHW1laCFQVGmNeUgsNCk9t","queueTime":0,"ttGuid":"e2edba6c8525f0b4"}; (window.NREUM||(NREUM={})).init={ajax:{deny_list:["bam.nr-data.net"]}};(window.NREUM||(NREUM={})).loader_config={licenseKey:"5febff3e0e",applicationID:"96358297"};;/*! For license information please see nr-loader-rum-1.274.0.min.js.LICENSE.txt */ (()=>{var e,t,r={8122:(e,t,r)=>{"use strict";r.d(t,{a:()=>i});var n=r(944);function i(e,t){try{if(!e||"object"!=typeof e)return(0,n.R)(3);if(!t||"object"!=typeof t)return(0,n.R)(4);const r=Object.create(Object.getPrototypeOf(t),Object.getOwnPropertyDescriptors(t)),o=0===Object.keys(r).length?e:r;for(let a in o)if(void 0!==e[a])try{if(null===e[a]){r[a]=null;continue}Array.isArray(e[a])&&Array.isArray(t[a])?r[a]=Array.from(new Set([...e[a],...t[a]])):"object"==typeof e[a]&&"object"==typeof t[a]?r[a]=i(e[a],t[a]):r[a]=e[a]}catch(e){(0,n.R)(1,e)}return r}catch(e){(0,n.R)(2,e)}}},2555:(e,t,r)=>{"use strict";r.d(t,{Vp:()=>c,fn:()=>s,x1:()=>u});var n=r(384),i=r(8122);const o={beacon:n.NT.beacon,errorBeacon:n.NT.errorBeacon,licenseKey:void 0,applicationID:void 0,sa:void 0,queueTime:void 0,applicationTime:void 0,ttGuid:void 0,user:void 0,account:void 0,product:void 0,extra:void 0,jsAttributes:{},userAttributes:void 0,atts:void 0,transactionName:void 0,tNamePlain:void 0},a={};function s(e){try{const t=c(e);return!!t.licenseKey&&!!t.errorBeacon&&!!t.applicationID}catch(e){return!1}}function c(e){if(!e)throw new Error("All info objects require an agent identifier!");if(!a[e])throw new Error("Info for ".concat(e," was never set"));return a[e]}function u(e,t){if(!e)throw new Error("All info objects require an agent identifier!");a[e]=(0,i.a)(t,o);const r=(0,n.nY)(e);r&&(r.info=a[e])}},9417:(e,t,r)=>{"use strict";r.d(t,{D0:()=>g,gD:()=>h,xN:()=>p});var n=r(993);const i=e=>{if(!e||"string"!=typeof e)return!1;try{document.createDocumentFragment().querySelector(e)}catch{return!1}return!0};var o=r(2614),a=r(944),s=r(384),c=r(8122);const u="[data-nr-mask]",d=()=>{const e={mask_selector:"*",block_selector:"[data-nr-block]",mask_input_options:{color:!1,date:!1,"datetime-local":!1,email:!1,month:!1,number:!1,range:!1,search:!1,tel:!1,text:!1,time:!1,url:!1,week:!1,textarea:!1,select:!1,password:!0}};return{ajax:{deny_list:void 0,block_internal:!0,enabled:!0,harvestTimeSeconds:10,autoStart:!0},distributed_tracing:{enabled:void 0,exclude_newrelic_header:void 0,cors_use_newrelic_header:void 0,cors_use_tracecontext_headers:void 0,allowed_origins:void 0},feature_flags:[],generic_events:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},harvest:{tooManyRequestsDelay:60},jserrors:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},logging:{enabled:!0,harvestTimeSeconds:10,autoStart:!0,level:n.p_.INFO},metrics:{enabled:!0,autoStart:!0},obfuscate:void 0,page_action:{enabled:!0},page_view_event:{enabled:!0,autoStart:!0},page_view_timing:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},performance:{capture_marks:!1,capture_measures:!1},privacy:{cookies_enabled:!0},proxy:{assets:void 0,beacon:void 0},session:{expiresMs:o.wk,inactiveMs:o.BB},session_replay:{autoStart:!0,enabled:!1,harvestTimeSeconds:60,preload:!1,sampling_rate:10,error_sampling_rate:100,collect_fonts:!1,inline_images:!1,fix_stylesheets:!0,mask_all_inputs:!0,get mask_text_selector(){return e.mask_selector},set mask_text_selector(t){i(t)?e.mask_selector="".concat(t,",").concat(u):""===t||null===t?e.mask_selector=u:(0,a.R)(5,t)},get block_class(){return"nr-block"},get ignore_class(){return"nr-ignore"},get mask_text_class(){return"nr-mask"},get block_selector(){return e.block_selector},set block_selector(t){i(t)?e.block_selector+=",".concat(t):""!==t&&(0,a.R)(6,t)},get mask_input_options(){return e.mask_input_options},set mask_input_options(t){t&&"object"==typeof t?e.mask_input_options={...t,password:!0}:(0,a.R)(7,t)}},session_trace:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},soft_navigations:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},spa:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},ssl:void 0,user_actions:{enabled:!0}}},l={},f="All configuration objects require an agent identifier!";function g(e){if(!e)throw new Error(f);if(!l[e])throw new Error("Configuration for ".concat(e," was never set"));return l[e]}function p(e,t){if(!e)throw new Error(f);l[e]=(0,c.a)(t,d());const r=(0,s.nY)(e);r&&(r.init=l[e])}function h(e,t){if(!e)throw new Error(f);var r=g(e);if(r){for(var n=t.split("."),i=0;i<n.length-1;i++)if("object"!=typeof(r=r[n[i]]))return;r=r[n[n.length-1]]}return r}},3371:(e,t,r)=>{"use strict";r.d(t,{V:()=>f,f:()=>l});var n=r(8122),i=r(384),o=r(6154),a=r(9324);let s=0;const c={buildEnv:a.F3,distMethod:a.Xs,version:a.xv,originTime:o.WN},u={customTransaction:void 0,disabled:!1,isolatedBacklog:!1,loaderType:void 0,maxBytes:3e4,onerror:void 0,ptid:void 0,releaseIds:{},appMetadata:{},session:void 0,denyList:void 0,timeKeeper:void 0,obfuscator:void 0},d={};function l(e){if(!e)throw new Error("All runtime objects require an agent identifier!");if(!d[e])throw new Error("Runtime for ".concat(e," was never set"));return d[e]}function f(e,t){if(!e)throw new Error("All runtime objects require an agent identifier!");d[e]={...(0,n.a)(t,u),...c},Object.hasOwnProperty.call(d[e],"harvestCount")||Object.defineProperty(d[e],"harvestCount",{get:()=>++s});const r=(0,i.nY)(e);r&&(r.runtime=d[e])}},9324:(e,t,r)=>{"use strict";r.d(t,{F3:()=>i,Xs:()=>o,xv:()=>n});const n="1.274.0",i="PROD",o="CDN"},6154:(e,t,r)=>{"use strict";r.d(t,{OF:()=>c,RI:()=>i,WN:()=>d,bv:()=>o,gm:()=>a,mw:()=>s,sb:()=>u});var n=r(1863);const i="undefined"!=typeof window&&!!window.document,o="undefined"!=typeof WorkerGlobalScope&&("undefined"!=typeof self&&self instanceof WorkerGlobalScope&&self.navigator instanceof WorkerNavigator||"undefined"!=typeof globalThis&&globalThis instanceof WorkerGlobalScope&&globalThis.navigator instanceof WorkerNavigator),a=i?window:"undefined"!=typeof WorkerGlobalScope&&("undefined"!=typeof self&&self instanceof WorkerGlobalScope&&self||"undefined"!=typeof globalThis&&globalThis instanceof WorkerGlobalScope&&globalThis),s=Boolean("hidden"===a?.document?.visibilityState),c=/iPad|iPhone|iPod/.test(a.navigator?.userAgent),u=c&&"undefined"==typeof SharedWorker,d=((()=>{const e=a.navigator?.userAgent?.match(/Firefox[/\s](\d+\.\d+)/);Array.isArray(e)&&e.length>=2&&e[1]})(),Date.now()-(0,n.t)())},1687:(e,t,r)=>{"use strict";r.d(t,{Ak:()=>c,Ze:()=>l,x3:()=>u});var n=r(7836),i=r(3606),o=r(860),a=r(2646);const s={};function c(e,t){const r={staged:!1,priority:o.P3[t]||0};d(e),s[e].get(t)||s[e].set(t,r)}function u(e,t){e&&s[e]&&(s[e].get(t)&&s[e].delete(t),g(e,t,!1),s[e].size&&f(e))}function d(e){if(!e)throw new Error("agentIdentifier required");s[e]||(s[e]=new Map)}function l(e="",t="feature",r=!1){if(d(e),!e||!s[e].get(t)||r)return g(e,t);s[e].get(t).staged=!0,f(e)}function f(e){const t=Array.from(s[e]);t.every((([e,t])=>t.staged))&&(t.sort(((e,t)=>e[1].priority-t[1].priority)),t.forEach((([t])=>{s[e].delete(t),g(e,t)})))}function g(e,t,r=!0){const o=e?n.ee.get(e):n.ee,s=i.i.handlers;if(!o.aborted&&o.backlog&&s){if(r){const e=o.backlog[t],r=s[t];if(r){for(let t=0;e&&t<e.length;++t)p(e[t],r);Object.entries(r).forEach((([e,t])=>{Object.values(t||{}).forEach((t=>{t[0]?.on&&t[0]?.context()instanceof a.y&&t[0].on(e,t[1])}))}))}}o.isolatedBacklog||delete s[t],o.backlog[t]=null,o.emit("drain-"+t,[])}}function p(e,t){var r=e[1];Object.values(t[r]||{}).forEach((t=>{var r=e[0];if(t[0]===r){var n=t[1],i=e[3],o=e[2];n.apply(i,o)}}))}},7836:(e,t,r)=>{"use strict";r.d(t,{P:()=>c,ee:()=>u});var n=r(384),i=r(8990),o=r(3371),a=r(2646),s=r(5607);const c="nr@context:".concat(s.W),u=function e(t,r){var n={},s={},d={},l=!1;try{l=16===r.length&&(0,o.f)(r).isolatedBacklog}catch(e){}var f={on:p,addEventListener:p,removeEventListener:function(e,t){var r=n[e];if(!r)return;for(var i=0;i<r.length;i++)r[i]===t&&r.splice(i,1)},emit:function(e,r,n,i,o){!1!==o&&(o=!0);if(u.aborted&&!i)return;t&&o&&t.emit(e,r,n);for(var a=g(n),c=h(e),d=c.length,l=0;l<d;l++)c[l].apply(a,r);var p=m()[s[e]];p&&p.push([f,e,r,a]);return a},get:v,listeners:h,context:g,buffer:function(e,t){const r=m();if(t=t||"feature",f.aborted)return;Object.entries(e||{}).forEach((([e,n])=>{s[n]=t,t in r||(r[t]=[])}))},abort:function(){f._aborted=!0,Object.keys(f.backlog).forEach((e=>{delete f.backlog[e]}))},isBuffering:function(e){return!!m()[s[e]]},debugId:r,backlog:l?{}:t&&"object"==typeof t.backlog?t.backlog:{},isolatedBacklog:l};return Object.defineProperty(f,"aborted",{get:()=>{let e=f._aborted||!1;return e||(t&&(e=t.aborted),e)}}),f;function g(e){return e&&e instanceof a.y?e:e?(0,i.I)(e,c,(()=>new a.y(c))):new a.y(c)}function p(e,t){n[e]=h(e).concat(t)}function h(e){return n[e]||[]}function v(t){return d[t]=d[t]||e(f,t)}function m(){return f.backlog}}(void 0,"globalEE"),d=(0,n.Zm)();d.ee||(d.ee=u)},2646:(e,t,r)=>{"use strict";r.d(t,{y:()=>n});class n{constructor(e){this.contextId=e}}},9908:(e,t,r)=>{"use strict";r.d(t,{d:()=>n,p:()=>i});var n=r(7836).ee.get("handle");function i(e,t,r,i,o){o?(o.buffer([e],i),o.emit(e,t,r)):(n.buffer([e],i),n.emit(e,t,r))}},3606:(e,t,r)=>{"use strict";r.d(t,{i:()=>o});var n=r(9908);o.on=a;var i=o.handlers={};function o(e,t,r,o){a(o||n.d,i,e,t,r)}function a(e,t,r,i,o){o||(o="feature"),e||(e=n.d);var a=t[o]=t[o]||{};(a[r]=a[r]||[]).push([e,i])}},3878:(e,t,r)=>{"use strict";function n(e,t){return{capture:e,passive:!1,signal:t}}function i(e,t,r=!1,i){window.addEventListener(e,t,n(r,i))}function o(e,t,r=!1,i){document.addEventListener(e,t,n(r,i))}r.d(t,{DD:()=>o,jT:()=>n,sp:()=>i})},5607:(e,t,r)=>{"use strict";r.d(t,{W:()=>n});const n=(0,r(9566).bz)()},9566:(e,t,r)=>{"use strict";r.d(t,{LA:()=>s,bz:()=>a});var n=r(6154);const i="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx";function o(e,t){return e?15&e[t]:16*Math.random()|0}function a(){const e=n.gm?.crypto||n.gm?.msCrypto;let t,r=0;return e&&e.getRandomValues&&(t=e.getRandomValues(new Uint8Array(30))),i.split("").map((e=>"x"===e?o(t,r++).toString(16):"y"===e?(3&o()|8).toString(16):e)).join("")}function s(e){const t=n.gm?.crypto||n.gm?.msCrypto;let r,i=0;t&&t.getRandomValues&&(r=t.getRandomValues(new Uint8Array(e)));const a=[];for(var s=0;s<e;s++)a.push(o(r,i++).toString(16));return a.join("")}},2614:(e,t,r)=>{"use strict";r.d(t,{BB:()=>a,H3:()=>n,g:()=>u,iL:()=>c,tS:()=>s,uh:()=>i,wk:()=>o});const n="NRBA",i="SESSION",o=144e5,a=18e5,s={STARTED:"session-started",PAUSE:"session-pause",RESET:"session-reset",RESUME:"session-resume",UPDATE:"session-update"},c={SAME_TAB:"same-tab",CROSS_TAB:"cross-tab"},u={OFF:0,FULL:1,ERROR:2}},1863:(e,t,r)=>{"use strict";function n(){return Math.floor(performance.now())}r.d(t,{t:()=>n})},944:(e,t,r)=>{"use strict";function n(e,t){"function"==typeof console.debug&&console.debug("New Relic Warning: https://github.com/newrelic/newrelic-browser-agent/blob/main/docs/warning-codes.md#".concat(e),t)}r.d(t,{R:()=>n})},5284:(e,t,r)=>{"use strict";r.d(t,{t:()=>c,B:()=>s});var n=r(7836),i=r(6154);const o="newrelic";const a=new Set,s={};function c(e,t){const r=n.ee.get(t);s[t]??={},e&&"object"==typeof e&&(a.has(t)||(r.emit("rumresp",[e]),s[t]=e,a.add(t),function(e={}){try{i.gm.dispatchEvent(new CustomEvent(o,{detail:e}))}catch(e){}}({loaded:!0})))}},8990:(e,t,r)=>{"use strict";r.d(t,{I:()=>i});var n=Object.prototype.hasOwnProperty;function i(e,t,r){if(n.call(e,t))return e[t];var i=r();if(Object.defineProperty&&Object.keys)try{return Object.defineProperty(e,t,{value:i,writable:!0,enumerable:!1}),i}catch(e){}return e[t]=i,i}},6389:(e,t,r)=>{"use strict";function n(e,t=500,r={}){const n=r?.leading||!1;let i;return(...r)=>{n&&void 0===i&&(e.apply(this,r),i=setTimeout((()=>{i=clearTimeout(i)}),t)),n||(clearTimeout(i),i=setTimeout((()=>{e.apply(this,r)}),t))}}function i(e){let t=!1;return(...r)=>{t||(t=!0,e.apply(this,r))}}r.d(t,{J:()=>i,s:()=>n})},5289:(e,t,r)=>{"use strict";r.d(t,{GG:()=>o,sB:()=>a});var n=r(3878);function i(){return"undefined"==typeof document||"complete"===document.readyState}function o(e,t){if(i())return e();(0,n.sp)("load",e,t)}function a(e){if(i())return e();(0,n.DD)("DOMContentLoaded",e)}},384:(e,t,r)=>{"use strict";r.d(t,{NT:()=>o,US:()=>d,Zm:()=>a,bQ:()=>c,dV:()=>s,nY:()=>u,pV:()=>l});var n=r(6154),i=r(1863);const o={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net"};function a(){return n.gm.NREUM||(n.gm.NREUM={}),void 0===n.gm.newrelic&&(n.gm.newrelic=n.gm.NREUM),n.gm.NREUM}function s(){let e=a();return e.o||(e.o={ST:n.gm.setTimeout,SI:n.gm.setImmediate,CT:n.gm.clearTimeout,XHR:n.gm.XMLHttpRequest,REQ:n.gm.Request,EV:n.gm.Event,PR:n.gm.Promise,MO:n.gm.MutationObserver,FETCH:n.gm.fetch,WS:n.gm.WebSocket}),e}function c(e,t){let r=a();r.initializedAgents??={},t.initializedAt={ms:(0,i.t)(),date:new Date},r.initializedAgents[e]=t}function u(e){let t=a();return t.initializedAgents?.[e]}function d(e,t){a()[e]=t}function l(){return function(){let e=a();const t=e.info||{};e.info={beacon:o.beacon,errorBeacon:o.errorBeacon,...t}}(),function(){let e=a();const t=e.init||{};e.init={...t}}(),s(),function(){let e=a();const t=e.loader_config||{};e.loader_config={...t}}(),a()}},2843:(e,t,r)=>{"use strict";r.d(t,{u:()=>i});var n=r(3878);function i(e,t=!1,r,i){(0,n.DD)("visibilitychange",(function(){if(t)return void("hidden"===document.visibilityState&&e());e(document.visibilityState)}),r,i)}},3434:(e,t,r)=>{"use strict";r.d(t,{YM:()=>c});var n=r(7836),i=r(5607);const o="nr@original:".concat(i.W);var a=Object.prototype.hasOwnProperty,s=!1;function c(e,t){return e||(e=n.ee),r.inPlace=function(e,t,n,i,o){n||(n="");const a="-"===n.charAt(0);for(let s=0;s<t.length;s++){const c=t[s],u=e[c];d(u)||(e[c]=r(u,a?c+n:n,i,c,o))}},r.flag=o,r;function r(t,r,n,s,c){return d(t)?t:(r||(r=""),nrWrapper[o]=t,function(e,t,r){if(Object.defineProperty&&Object.keys)try{return Object.keys(e).forEach((function(r){Object.defineProperty(t,r,{get:function(){return e[r]},set:function(t){return e[r]=t,t}})})),t}catch(e){u([e],r)}for(var n in e)a.call(e,n)&&(t[n]=e[n])}(t,nrWrapper,e),nrWrapper);function nrWrapper(){var o,a,d,l;try{a=this,o=[...arguments],d="function"==typeof n?n(o,a):n||{}}catch(t){u([t,"",[o,a,s],d],e)}i(r+"start",[o,a,s],d,c);try{return l=t.apply(a,o)}catch(e){throw i(r+"err",[o,a,e],d,c),e}finally{i(r+"end",[o,a,l],d,c)}}}function i(r,n,i,o){if(!s||t){var a=s;s=!0;try{e.emit(r,n,i,t,o)}catch(t){u([t,r,n,i],e)}s=a}}}function u(e,t){t||(t=n.ee);try{t.emit("internal-error",e)}catch(e){}}function d(e){return!(e&&"function"==typeof e&&e.apply&&!e[o])}},993:(e,t,r)=>{"use strict";r.d(t,{ET:()=>o,p_:()=>i});var n=r(860);const i={ERROR:"ERROR",WARN:"WARN",INFO:"INFO",DEBUG:"DEBUG",TRACE:"TRACE"},o="log";n.K7.logging},3969:(e,t,r)=>{"use strict";r.d(t,{TZ:()=>n,XG:()=>s,rs:()=>i,xV:()=>a,z_:()=>o});const n=r(860).K7.metrics,i="sm",o="cm",a="storeSupportabilityMetrics",s="storeEventMetrics"},6630:(e,t,r)=>{"use strict";r.d(t,{T:()=>n});const n=r(860).K7.pageViewEvent},782:(e,t,r)=>{"use strict";r.d(t,{T:()=>n});const n=r(860).K7.pageViewTiming},6344:(e,t,r)=>{"use strict";r.d(t,{G4:()=>i});var n=r(2614);r(860).K7.sessionReplay;const i={RECORD:"recordReplay",PAUSE:"pauseReplay",REPLAY_RUNNING:"replayRunning",ERROR_DURING_REPLAY:"errorDuringReplay"};n.g.ERROR,n.g.FULL,n.g.OFF},4234:(e,t,r)=>{"use strict";r.d(t,{W:()=>o});var n=r(7836),i=r(1687);class o{constructor(e,t){this.agentIdentifier=e,this.ee=n.ee.get(e),this.featureName=t,this.blocked=!1}deregisterDrain(){(0,i.x3)(this.agentIdentifier,this.featureName)}}},7603:(e,t,r)=>{"use strict";r.d(t,{j:()=>P});var n=r(860),i=r(2555),o=r(3371),a=r(9908),s=r(7836),c=r(1687),u=r(5289),d=r(6154),l=r(944),f=r(3969),g=r(384),p=r(6344);const h=["setErrorHandler","finished","addToTrace","addRelease","addPageAction","setCurrentRouteName","setPageViewName","setCustomAttribute","interaction","noticeError","setUserId","setApplicationVersion","start",p.G4.RECORD,p.G4.PAUSE,"log","wrapLogger"],v=["setErrorHandler","finished","addToTrace","addRelease"];var m=r(1863),b=r(2614),y=r(993);var w=r(2646),A=r(3434);function R(e,t,r,n){if("object"!=typeof t||!t||"string"!=typeof r||!r||"function"!=typeof t[r])return(0,l.R)(29);const i=function(e){return(e||s.ee).get("logger")}(e),o=(0,A.YM)(i),a=new w.y(s.P);return a.level=n.level,a.customAttributes=n.customAttributes,o.inPlace(t,[r],"wrap-logger-",a),i}function E(){const e=(0,g.pV)();h.forEach((t=>{e[t]=(...r)=>function(t,...r){let n=[];return Object.values(e.initializedAgents).forEach((e=>{e&&e.api?e.exposed&&e.api[t]&&n.push(e.api[t](...r)):(0,l.R)(38,t)})),n.length>1?n:n[0]}(t,...r)}))}const x={};function _(e,t,g=!1){t||(0,c.Ak)(e,"api");const h={};var w=s.ee.get(e),A=w.get("tracer");x[e]=b.g.OFF,w.on(p.G4.REPLAY_RUNNING,(t=>{x[e]=t}));var E="api-",_=E+"ixn-";function N(t,r,n,o){const a=(0,i.Vp)(e);return null===r?delete a.jsAttributes[t]:(0,i.x1)(e,{...a,jsAttributes:{...a.jsAttributes,[t]:r}}),j(E,n,!0,o||null===r?"session":void 0)(t,r)}function T(){}h.log=function(e,{customAttributes:t={},level:r=y.p_.INFO}={}){(0,a.p)(f.xV,["API/log/called"],void 0,n.K7.metrics,w),function(e,t,r={},i=y.p_.INFO){(0,a.p)(f.xV,["API/logging/".concat(i.toLowerCase(),"/called")],void 0,n.K7.metrics,e),(0,a.p)(y.ET,[(0,m.t)(),t,r,i],void 0,n.K7.logging,e)}(w,e,t,r)},h.wrapLogger=(e,t,{customAttributes:r={},level:i=y.p_.INFO}={})=>{(0,a.p)(f.xV,["API/wrapLogger/called"],void 0,n.K7.metrics,w),R(w,e,t,{customAttributes:r,level:i})},v.forEach((e=>{h[e]=j(E,e,!0,"api")})),h.addPageAction=j(E,"addPageAction",!0,n.K7.genericEvents),h.setPageViewName=function(t,r){if("string"==typeof t)return"/"!==t.charAt(0)&&(t="/"+t),(0,o.f)(e).customTransaction=(r||"http://custom.transaction")+t,j(E,"setPageViewName",!0)()},h.setCustomAttribute=function(e,t,r=!1){if("string"==typeof e){if(["string","number","boolean"].includes(typeof t)||null===t)return N(e,t,"setCustomAttribute",r);(0,l.R)(40,typeof t)}else(0,l.R)(39,typeof e)},h.setUserId=function(e){if("string"==typeof e||null===e)return N("enduser.id",e,"setUserId",!0);(0,l.R)(41,typeof e)},h.setApplicationVersion=function(e){if("string"==typeof e||null===e)return N("application.version",e,"setApplicationVersion",!1);(0,l.R)(42,typeof e)},h.start=()=>{try{(0,a.p)(f.xV,["API/start/called"],void 0,n.K7.metrics,w),w.emit("manual-start-all")}catch(e){(0,l.R)(23,e)}},h[p.G4.RECORD]=function(){(0,a.p)(f.xV,["API/recordReplay/called"],void 0,n.K7.metrics,w),(0,a.p)(p.G4.RECORD,[],void 0,n.K7.sessionReplay,w)},h[p.G4.PAUSE]=function(){(0,a.p)(f.xV,["API/pauseReplay/called"],void 0,n.K7.metrics,w),(0,a.p)(p.G4.PAUSE,[],void 0,n.K7.sessionReplay,w)},h.interaction=function(e){return(new T).get("object"==typeof e?e:{})};const S=T.prototype={createTracer:function(e,t){var r={},i=this,o="function"==typeof t;return(0,a.p)(f.xV,["API/createTracer/called"],void 0,n.K7.metrics,w),g||(0,a.p)(_+"tracer",[(0,m.t)(),e,r],i,n.K7.spa,w),function(){if(A.emit((o?"":"no-")+"fn-start",[(0,m.t)(),i,o],r),o)try{return t.apply(this,arguments)}catch(e){const t="string"==typeof e?new Error(e):e;throw A.emit("fn-err",[arguments,this,t],r),t}finally{A.emit("fn-end",[(0,m.t)()],r)}}}};function j(e,t,r,i){return function(){return(0,a.p)(f.xV,["API/"+t+"/called"],void 0,n.K7.metrics,w),i&&(0,a.p)(e+t,[(0,m.t)(),...arguments],r?null:this,i,w),r?void 0:this}}function k(){r.e(296).then(r.bind(r,8778)).then((({setAPI:t})=>{t(e),(0,c.Ze)(e,"api")})).catch((e=>{(0,l.R)(27,e),w.abort()}))}return["actionText","setName","setAttribute","save","ignore","onEnd","getContext","end","get"].forEach((e=>{S[e]=j(_,e,void 0,g?n.K7.softNav:n.K7.spa)})),h.setCurrentRouteName=g?j(_,"routeName",void 0,n.K7.softNav):j(E,"routeName",!0,n.K7.spa),h.noticeError=function(t,r){"string"==typeof t&&(t=new Error(t)),(0,a.p)(f.xV,["API/noticeError/called"],void 0,n.K7.metrics,w),(0,a.p)("err",[t,(0,m.t)(),!1,r,!!x[e]],void 0,n.K7.jserrors,w)},d.RI?(0,u.GG)((()=>k()),!0):k(),h}var N=r(9417),T=r(8122);const S={accountID:void 0,trustKey:void 0,agentID:void 0,licenseKey:void 0,applicationID:void 0,xpid:void 0},j={};var k=r(5284);const I=e=>{const t=e.startsWith("http");e+="/",r.p=t?e:"https://"+e};let O=!1;function P(e,t={},r,n){let{init:a,info:c,loader_config:u,runtime:l={},exposed:f=!0}=t;l.loaderType=r;const p=(0,g.pV)();c||(a=p.init,c=p.info,u=p.loader_config),(0,N.xN)(e.agentIdentifier,a||{}),function(e,t){if(!e)throw new Error("All loader-config objects require an agent identifier!");j[e]=(0,T.a)(t,S);const r=(0,g.nY)(e);r&&(r.loader_config=j[e])}(e.agentIdentifier,u||{}),c.jsAttributes??={},d.bv&&(c.jsAttributes.isWorker=!0),(0,i.x1)(e.agentIdentifier,c);const h=(0,N.D0)(e.agentIdentifier),v=[c.beacon,c.errorBeacon];O||(h.proxy.assets&&(I(h.proxy.assets),v.push(h.proxy.assets)),h.proxy.beacon&&v.push(h.proxy.beacon),E(),(0,g.US)("activatedFeatures",k.B),e.runSoftNavOverSpa&&=!0===h.soft_navigations.enabled&&h.feature_flags.includes("soft_nav")),l.denyList=[...h.ajax.deny_list||[],...h.ajax.block_internal?v:[]],l.ptid=e.agentIdentifier,(0,o.V)(e.agentIdentifier,l),e.ee=s.ee.get(e.agentIdentifier),void 0===e.api&&(e.api=_(e.agentIdentifier,n,e.runSoftNavOverSpa)),void 0===e.exposed&&(e.exposed=f),O=!0}},8374:(e,t,r)=>{r.nc=(()=>{try{return document?.currentScript?.nonce}catch(e){}return""})()},860:(e,t,r)=>{"use strict";r.d(t,{$J:()=>o,K7:()=>n,P3:()=>i});const n={ajax:"ajax",genericEvents:"generic_events",jserrors:"jserrors",logging:"logging",metrics:"metrics",pageAction:"page_action",pageViewEvent:"page_view_event",pageViewTiming:"page_view_timing",sessionReplay:"session_replay",sessionTrace:"session_trace",softNav:"soft_navigations",spa:"spa"},i={[n.pageViewEvent]:1,[n.pageViewTiming]:2,[n.metrics]:3,[n.jserrors]:4,[n.spa]:5,[n.ajax]:6,[n.sessionTrace]:7,[n.softNav]:8,[n.sessionReplay]:9,[n.logging]:10,[n.genericEvents]:11},o={[n.pageViewTiming]:"events",[n.ajax]:"events",[n.spa]:"events",[n.softNav]:"events",[n.metrics]:"jserrors",[n.jserrors]:"jserrors",[n.sessionTrace]:"browser/blobs",[n.sessionReplay]:"browser/blobs",[n.logging]:"browser/logs",[n.genericEvents]:"ins"}}},n={};function i(e){var t=n[e];if(void 0!==t)return t.exports;var o=n[e]={exports:{}};return r[e](o,o.exports,i),o.exports}i.m=r,i.d=(e,t)=>{for(var r in t)i.o(t,r)&&!i.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},i.f={},i.e=e=>Promise.all(Object.keys(i.f).reduce(((t,r)=>(i.f[r](e,t),t)),[])),i.u=e=>"nr-rum-1.274.0.min.js",i.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),e={},t="NRBA-1.274.0.PROD:",i.l=(r,n,o,a)=>{if(e[r])e[r].push(n);else{var s,c;if(void 0!==o)for(var u=document.getElementsByTagName("script"),d=0;d<u.length;d++){var l=u[d];if(l.getAttribute("src")==r||l.getAttribute("data-webpack")==t+o){s=l;break}}if(!s){c=!0;var f={296:"sha512-gkYkZDAwQ9PwaDXs2YM+rNIdRej1Ac1mupWobRJ8eahQcXz6/sunGZCKklrzi5kWxhOGRZr2tn0rEKuLTXzfAA=="};(s=document.createElement("script")).charset="utf-8",s.timeout=120,i.nc&&s.setAttribute("nonce",i.nc),s.setAttribute("data-webpack",t+o),s.src=r,0!==s.src.indexOf(window.location.origin+"/")&&(s.crossOrigin="anonymous"),f[a]&&(s.integrity=f[a])}e[r]=[n];var g=(t,n)=>{s.onerror=s.onload=null,clearTimeout(p);var i=e[r];if(delete e[r],s.parentNode&&s.parentNode.removeChild(s),i&&i.forEach((e=>e(n))),t)return t(n)},p=setTimeout(g.bind(null,void 0,{type:"timeout",target:s}),12e4);s.onerror=g.bind(null,s.onerror),s.onload=g.bind(null,s.onload),c&&document.head.appendChild(s)}},i.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.p="https://js-agent.newrelic.com/",(()=>{var e={840:0,374:0};i.f.j=(t,r)=>{var n=i.o(e,t)?e[t]:void 0;if(0!==n)if(n)r.push(n[2]);else{var o=new Promise(((r,i)=>n=e[t]=[r,i]));r.push(n[2]=o);var a=i.p+i.u(t),s=new Error;i.l(a,(r=>{if(i.o(e,t)&&(0!==(n=e[t])&&(e[t]=void 0),n)){var o=r&&("load"===r.type?"missing":r.type),a=r&&r.target&&r.target.src;s.message="Loading chunk "+t+" failed.\n("+o+": "+a+")",s.name="ChunkLoadError",s.type=o,s.request=a,n[1](s)}}),"chunk-"+t,t)}};var t=(t,r)=>{var n,o,[a,s,c]=r,u=0;if(a.some((t=>0!==e[t]))){for(n in s)i.o(s,n)&&(i.m[n]=s[n]);if(c)c(i)}for(t&&t(r);u<a.length;u++)o=a[u],i.o(e,o)&&e[o]&&e[o][0](),e[o]=0},r=self["webpackChunk:NRBA-1.274.0.PROD"]=self["webpackChunk:NRBA-1.274.0.PROD"]||[];r.forEach(t.bind(null,0)),r.push=t.bind(null,r.push.bind(r))})(),(()=>{"use strict";i(8374);var e=i(944),t=i(6344),r=i(9566);class n{agentIdentifier;constructor(e=(0,r.LA)(16)){this.agentIdentifier=e}#e(t,...r){if("function"==typeof this.api?.[t])return this.api[t](...r);(0,e.R)(35,t)}addPageAction(e,t){return this.#e("addPageAction",e,t)}setPageViewName(e,t){return this.#e("setPageViewName",e,t)}setCustomAttribute(e,t,r){return this.#e("setCustomAttribute",e,t,r)}noticeError(e,t){return this.#e("noticeError",e,t)}setUserId(e){return this.#e("setUserId",e)}setApplicationVersion(e){return this.#e("setApplicationVersion",e)}setErrorHandler(e){return this.#e("setErrorHandler",e)}addRelease(e,t){return this.#e("addRelease",e,t)}log(e,t){return this.#e("log",e,t)}}class o extends n{#e(t,...r){if("function"==typeof this.api?.[t])return this.api[t](...r);(0,e.R)(35,t)}start(){return this.#e("start")}finished(e){return this.#e("finished",e)}recordReplay(){return this.#e(t.G4.RECORD)}pauseReplay(){return this.#e(t.G4.PAUSE)}addToTrace(e){return this.#e("addToTrace",e)}setCurrentRouteName(e){return this.#e("setCurrentRouteName",e)}interaction(){return this.#e("interaction")}wrapLogger(e,t,r){return this.#e("wrapLogger",e,t,r)}}var a=i(860),s=i(9417);const c=Object.values(a.K7);function u(e){const t={};return c.forEach((r=>{t[r]=function(e,t){return!0===(0,s.gD)(t,"".concat(e,".enabled"))}(r,e)})),t}var d=i(7603);var l=i(1687),f=i(4234),g=i(5289),p=i(6154),h=i(384);const v=e=>p.RI&&!0===(0,s.gD)(e,"privacy.cookies_enabled");function m(e){return!!(0,h.dV)().o.MO&&v(e)&&!0===(0,s.gD)(e,"session_trace.enabled")}var b=i(6389);class y extends f.W{constructor(e,t,r=!0){super(e.agentIdentifier,t),this.auto=r,this.abortHandler=void 0,this.featAggregate=void 0,this.onAggregateImported=void 0,!1===e.init[this.featureName].autoStart&&(this.auto=!1),this.auto?(0,l.Ak)(e.agentIdentifier,t):this.ee.on("manual-start-all",(0,b.J)((()=>{(0,l.Ak)(e.agentIdentifier,this.featureName),this.auto=!0,this.importAggregator(e)})))}importAggregator(t,r={}){if(this.featAggregate||!this.auto)return;let n;this.onAggregateImported=new Promise((e=>{n=e}));const o=async()=>{let o;try{if(v(this.agentIdentifier)){const{setupAgentSession:e}=await i.e(296).then(i.bind(i,3861));o=e(t)}}catch(t){(0,e.R)(20,t),this.ee.emit("internal-error",[t]),this.featureName===a.K7.sessionReplay&&this.abortHandler?.()}try{if(t.sharedAggregator)await t.sharedAggregator;else{t.sharedAggregator=i.e(296).then(i.bind(i,9337));const{EventAggregator:e}=await t.sharedAggregator;t.sharedAggregator=new e}if(!this.#t(this.featureName,o))return(0,l.Ze)(this.agentIdentifier,this.featureName),void n(!1);const{lazyFeatureLoader:e}=await i.e(296).then(i.bind(i,6103)),{Aggregate:a}=await e(this.featureName,"aggregate");this.featAggregate=new a(t,r),n(!0)}catch(t){(0,e.R)(34,t),this.abortHandler?.(),(0,l.Ze)(this.agentIdentifier,this.featureName,!0),n(!1),this.ee&&this.ee.abort()}};p.RI?(0,g.GG)((()=>o()),!0):o()}#t(e,t){switch(e){case a.K7.sessionReplay:return m(this.agentIdentifier)&&!!t;case a.K7.sessionTrace:return!!t;default:return!0}}}var w=i(6630);class A extends y{static featureName=w.T;constructor(e,t=!0){super(e,w.T,t),this.importAggregator(e)}}var R=i(9908),E=i(2843),x=i(3878),_=i(782),N=i(1863);class T extends y{static featureName=_.T;constructor(e,t=!0){super(e,_.T,t),p.RI&&((0,E.u)((()=>(0,R.p)("docHidden",[(0,N.t)()],void 0,_.T,this.ee)),!0),(0,x.sp)("pagehide",(()=>(0,R.p)("winPagehide",[(0,N.t)()],void 0,_.T,this.ee))),this.importAggregator(e))}}var S=i(3969);class j extends y{static featureName=S.TZ;constructor(e,t=!0){super(e,S.TZ,t),this.importAggregator(e)}}new class extends o{constructor(t,r){super(r),p.gm?(this.features={},(0,h.bQ)(this.agentIdentifier,this),this.desiredFeatures=new Set(t.features||[]),this.desiredFeatures.add(A),this.runSoftNavOverSpa=[...this.desiredFeatures].some((e=>e.featureName===a.K7.softNav)),(0,d.j)(this,t,t.loaderType||"agent"),this.run()):(0,e.R)(21)}get config(){return{info:this.info,init:this.init,loader_config:this.loader_config,runtime:this.runtime}}run(){try{const t=u(this.agentIdentifier),r=[...this.desiredFeatures];r.sort(((e,t)=>a.P3[e.featureName]-a.P3[t.featureName])),r.forEach((r=>{if(!t[r.featureName]&&r.featureName!==a.K7.pageViewEvent)return;if(this.runSoftNavOverSpa&&r.featureName===a.K7.spa)return;if(!this.runSoftNavOverSpa&&r.featureName===a.K7.softNav)return;const n=function(e){switch(e){case a.K7.ajax:return[a.K7.jserrors];case a.K7.sessionTrace:return[a.K7.ajax,a.K7.pageViewEvent];case a.K7.sessionReplay:return[a.K7.sessionTrace];case a.K7.pageViewTiming:return[a.K7.pageViewEvent];default:return[]}}(r.featureName).filter((e=>!(e in this.features)));n.length>0&&(0,e.R)(36,{targetFeature:r.featureName,missingDependencies:n}),this.features[r.featureName]=new r(this)}))}catch(t){(0,e.R)(22,t);for(const e in this.features)this.features[e].abortHandler?.();const r=(0,h.Zm)();delete r.initializedAgents[this.agentIdentifier]?.api,delete r.initializedAgents[this.agentIdentifier]?.features,delete this.sharedAggregator;return r.ee.get(this.agentIdentifier).abort(),!1}}}({features:[A,T,j],loaderType:"lite"})})()})();</script><link data-next-font="size-adjust" rel="preconnect" href="/" crossorigin="anonymous"/><link nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" rel="preload" href="/_next/static/css/ffa80ed36c27c549.css" as="style"/><link nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" rel="stylesheet" href="/_next/static/css/ffa80ed36c27c549.css" data-n-g=""/><noscript data-n-css="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz"></noscript><script defer="" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" nomodule="" src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js"></script><script src="/_next/static/chunks/webpack-a707e99c69361791.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/chunks/framework-b0ec748c7a4c483a.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/chunks/main-dbb03be72fb978ea.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/chunks/pages/_app-db8f48fde056b518.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/chunks/9177-dfdc6421d8bd40ea.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/chunks/pages/plugins/%5Btype%5D/families/%5Bfamily%5D-f765c4b37fa0da30.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/l4vcnKDxIXiOkUtvMoFnX/_buildManifest.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/l4vcnKDxIXiOkUtvMoFnX/_ssgManifest.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script></head><body data-base-url="https://www.tenable.com" data-ga4-tracking-id=""><div id="__next"><div class="app__wrapper"><header class="banner"><div class="nav-wrapper"><ul class="list-inline nav-brand"><li class="list-inline-item"><a href="https://www.tenable.com"><img class="logo" src="https://www.tenable.com/themes/custom/tenable/img/logo.png" alt="Tenable"/></a></li><li class="list-inline-item"><a class="app-name" href="https://www.tenable.com/plugins">Plugins</a></li></ul><ul class="nav-dropdown nav"><li class="d-none d-md-block dropdown nav-item"><a aria-haspopup="true" href="#" class="dropdown-toggle nav-link" aria-expanded="false">Settings</a><div tabindex="-1" role="menu" aria-hidden="true" class="dropdown-menu dropdown-menu-right"><h6 tabindex="-1" class="dropdown-header">Links</h6><a href="https://cloud.tenable.com" role="menuitem" class="dropdown-item">Tenable Cloud<!-- --> <i class="fas fa-external-link-alt external-link"></i></a><a href="https://community.tenable.com/login" role="menuitem" class="dropdown-item">Tenable Community &amp; Support<!-- --> <i class="fas fa-external-link-alt external-link"></i></a><a href="https://university.tenable.com/lms/index.php?r=site/sso&amp;sso_type=saml" role="menuitem" class="dropdown-item">Tenable University<!-- --> <i class="fas fa-external-link-alt external-link"></i></a><div tabindex="-1" class="dropdown-divider"></div><span tabindex="-1" class="dropdown-item-text"><div class="d-flex justify-content-between toggle-btn-group flex-column"><div class="label mb-2">Severity<!-- --> <i class="fas fa-info-circle" id="preferredSeverity"></i></div><div role="group" class="btn-group-sm btn-group"><button type="button" class="toggle-btn btn btn-outline-primary">VPR</button><button type="button" class="toggle-btn btn btn-outline-primary">CVSS v2</button><button type="button" class="toggle-btn btn btn-outline-primary">CVSS v3</button><button type="button" class="toggle-btn btn btn-outline-primary active">CVSS v4</button></div></div></span><div tabindex="-1" class="dropdown-divider"></div><span tabindex="-1" class="dropdown-item-text"><div class="d-flex justify-content-between toggle-btn-group flex-row"><div class="label">Theme</div><div role="group" class="ml-3 btn-group-sm btn-group"><button type="button" class="toggle-btn btn btn-outline-primary active">Light</button><button type="button" class="toggle-btn btn btn-outline-primary">Dark</button><button type="button" class="toggle-btn btn btn-outline-primary">Auto</button></div></div></span><div tabindex="-1" class="dropdown-divider"></div><button type="button" tabindex="0" role="menuitem" class="dropdown-item-link dropdown-item">Help</button></div></li></ul><div class="d-block d-md-none"><button type="button" aria-label="Toggle Overlay" class="btn btn-link nav-toggle"><i class="fas fa-bars fa-2x"></i></button></div></div></header><div class="mobile-nav closed"><ul class="flex-column nav"><li class="mobile-header nav-item"><a href="https://www.tenable.com" class="float-left nav-link"><img class="logo" src="https://www.tenable.com/themes/custom/tenable/img/logo-teal.png" alt="Tenable"/></a><a class="float-right mr-2 nav-link"><i class="fas fa-times fa-lg"></i></a></li><li class="nav-item"><a class="nav-link">Plugins<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins">Overview</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/pipeline">Plugins Pipeline</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/newest">Newest</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/updated">Updated</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/search">Search</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/nessus/families?type=nessus">Nessus Families</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/was/families?type=was">WAS Families</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/nnm/families?type=nnm">NNM Families</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/lce/families?type=lce">LCE Families</a></li><li class="no-capitalize nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/ot/families?type=ot">Tenable OT Security Families</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/families/about">About Plugin Families</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/release-notes">Release Notes</a></li></div></div><li class="nav-item"><a class="nav-link">Audits<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits">Overview</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/newest">Newest</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/updated">Updated</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/search">Search Audit Files</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/items/search">Search Items</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/references">References</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/authorities">Authorities</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/documentation">Documentation</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/downloads/download-all-compliance-audit-files">Download All Audit Files</a></li></div></div><li class="nav-item"><a class="nav-link">Indicators<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/indicators">Overview</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/indicators/search">Search</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/indicators/ioa">Indicators of Attack</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/indicators/ioe">Indicators of Exposure</a></li></div></div><li class="nav-item"><a class="nav-link">CVEs<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/cve">Overview</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/cve/newest">Newest</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/cve/updated">Updated</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/cve/search">Search</a></li></div></div><li class="nav-item"><a class="nav-link">Attack Path Techniques<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/attack-path-techniques">Overview</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/attack-path-techniques/search">Search</a></li></div></div><ul id="links-nav" class="flex-column mt-5 nav"><li class="nav-item"><a class="nav-link">Links<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a href="https://cloud.tenable.com" class="nav-link">Tenable Cloud</a></li><li class="nav-item"><a href="https://community.tenable.com/login" class="nav-link">Tenable Community &amp; Support</a></li><li class="nav-item"><a href="https://university.tenable.com/lms/index.php?r=site/sso&amp;sso_type=saml" class="nav-link">Tenable University</a></li></div></div><li class="nav-item"><a class="nav-link">Settings<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse py-3"><li class="nav-item"><div class="d-flex justify-content-between toggle-btn-group flex-column"><div class="label mb-2">Severity</div><div role="group" class="btn-group-sm btn-group"><button type="button" class="toggle-btn btn btn-outline-primary">VPR</button><button type="button" class="toggle-btn btn btn-outline-primary">CVSS v2</button><button type="button" class="toggle-btn btn btn-outline-primary">CVSS v3</button><button type="button" class="toggle-btn btn btn-outline-primary active">CVSS v4</button></div></div></li><li class="nav-item"><div class="d-flex justify-content-between toggle-btn-group flex-row"><div class="label">Theme</div><div role="group" class="ml-3 btn-group-sm btn-group"><button type="button" class="toggle-btn btn btn-outline-primary active">Light</button><button type="button" class="toggle-btn btn btn-outline-primary">Dark</button><button type="button" class="toggle-btn btn btn-outline-primary">Auto</button></div></div></li></div></div></ul></ul></div><div class="app__container"><div class="app__content"><div class="card callout callout-alert callout-bg-danger mb-4"><div class="card-body"><h5 class="mb-2 text-white">Your browser is no longer supported</h5><p class="text-white">Please update or use another browser for this application to function correctly.</p></div></div><div class="row"><div class="col-3 col-xl-2 d-none d-md-block"><h6 class="side-nav-heading">Detections</h6><ul class="side-nav bg-white sticky-top nav flex-column"><li class="nav-item"><a type="button" class="nav-link">Plugins<i class="float-right mt-1 fas fa-chevron-down"></i></a></li><div class="side-nav-collapse collapse show"><li class="false nav-item"><a href="/plugins" class="nav-link"><span>Overview</span></a></li><li class="false nav-item"><a href="/plugins/pipeline" class="nav-link"><span>Plugins Pipeline</span></a></li><li class="false nav-item"><a href="/plugins/release-notes" class="nav-link"><span>Release Notes</span></a></li><li class="false nav-item"><a href="/plugins/newest" class="nav-link"><span>Newest</span></a></li><li class="false nav-item"><a href="/plugins/updated" class="nav-link"><span>Updated</span></a></li><li class="false nav-item"><a href="/plugins/search" class="nav-link"><span>Search</span></a></li><li class="false nav-item"><a href="/plugins/nessus/families" class="nav-link"><span>Nessus Families</span></a></li><li class="false nav-item"><a href="/plugins/was/families" class="nav-link"><span>WAS Families</span></a></li><li class="false nav-item"><a href="/plugins/nnm/families" class="nav-link"><span>NNM Families</span></a></li><li class="false nav-item"><a href="/plugins/lce/families" class="nav-link"><span>LCE Families</span></a></li><li class="false nav-item"><a href="/plugins/ot/families" class="nav-link"><span>Tenable OT Security Families</span></a></li><li class="false nav-item"><a href="/plugins/families/about" class="nav-link"><span>About Plugin Families</span></a></li></div><li class="nav-item"><a type="button" class="nav-link">Audits<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="side-nav-collapse collapse"><li class="false nav-item"><a href="/audits" class="nav-link"><span>Overview</span></a></li><li class="false nav-item"><a href="/audits/newest" class="nav-link"><span>Newest</span></a></li><li class="false nav-item"><a href="/audits/updated" class="nav-link"><span>Updated</span></a></li><li class="false nav-item"><a href="/audits/search" class="nav-link"><span>Search Audit Files</span></a></li><li class="false nav-item"><a href="/audits/items/search" class="nav-link"><span>Search Items</span></a></li><li class="false nav-item"><a href="/audits/references" class="nav-link"><span>References</span></a></li><li class="false nav-item"><a href="/audits/authorities" class="nav-link"><span>Authorities</span></a></li><li class="false nav-item"><a href="/audits/documentation" class="nav-link"><span>Documentation</span></a></li><li class="nav-item"><a class="nav-link" href="https://www.tenable.com/downloads/download-all-compliance-audit-files">Download All Audit Files</a></li></div><li class="nav-item"><a type="button" class="nav-link">Indicators<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="side-nav-collapse collapse"><li class="false nav-item"><a href="/indicators" class="nav-link"><span>Overview</span></a></li><li class="false nav-item"><a href="/indicators/search" class="nav-link"><span>Search</span></a></li><li class="false nav-item"><a href="/indicators/ioa" class="nav-link"><span>Indicators of Attack</span></a></li><li class="false nav-item"><a href="/indicators/ioe" class="nav-link"><span>Indicators of Exposure</span></a></li></div></ul><h6 class="side-nav-heading">Analytics</h6><ul class="side-nav bg-white sticky-top nav flex-column"><li class="nav-item"><a type="button" class="nav-link">CVEs<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="side-nav-collapse collapse"><li class="false nav-item"><a href="/cve" class="nav-link"><span>Overview</span></a></li><li class="false nav-item"><a href="/cve/newest" class="nav-link"><span>Newest</span></a></li><li class="false nav-item"><a href="/cve/updated" class="nav-link"><span>Updated</span></a></li><li class="false nav-item"><a href="/cve/search" class="nav-link"><span>Search</span></a></li></div><li class="nav-item"><a type="button" class="nav-link">Attack Path Techniques<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="side-nav-collapse collapse"><li class="false nav-item"><a href="/attack-path-techniques" class="nav-link"><span>Overview</span></a></li><li class="false nav-item"><a href="/attack-path-techniques/search" class="nav-link"><span>Search</span></a></li></div></ul></div><div class="col-12 col-md-9 col-xl-10"><h1 class="mb-3 h2">Huawei Local Security Checks Family for Nessus</h1><nav class="d-none d-md-block" aria-label="breadcrumb"><ol class="breadcrumb"><li class="breadcrumb-item"><a href="https://www.tenable.com/plugins">Plugins</a></li><li class="breadcrumb-item"><a href="https://www.tenable.com/plugins/nessus/families?type=nessus">Nessus Plugin Families</a></li><li class="active breadcrumb-item" aria-current="page">Huawei Local Security Checks</li></ol></nav><nav class="d-md-none" aria-label="breadcrumb"><ol class="breadcrumb"><li class="breadcrumb-item"><a href="https://www.tenable.com/plugins/nessus/families?type=nessus"><i class="fas fa-chevron-left"></i> <!-- -->Nessus Plugin Families</a></li></ol></nav><div class="card"><div class="p-3 card-body"><nav class="" aria-label="pagination"><ul class="justify-content-between pagination pagination"><li class="page-item disabled"><a class="page-link page-previous" href="https://www.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks?page=0">‹‹ <!-- -->Previous<span class="sr-only"> <!-- -->Previous</span></a></li><li class="page-item disabled"><a class="page-link page-text">Page 1 of 245<!-- --> <span class="d-none d-sm-inline">• <!-- -->12247 Total</span></a></li><li class="page-item"><a class="page-link page-next" href="https://www.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks?page=2"><span class="sr-only">Next</span>Next<!-- --> ››</a></li></ul></nav><div class="table-responsive"><table class="results-table table"><thead><tr><th>ID</th><th>Name</th><th>Severity</th></tr></thead><tbody><tr><td><a href="https://www.tenable.com/plugins/nessus/211812">211812</a></td><td>EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-2924)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211811">211811</a></td><td>EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2923)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211810">211810</a></td><td>EulerOS 2.0 SP12 : jbig2dec (EulerOS-SA-2024-2928)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211809">211809</a></td><td>EulerOS 2.0 SP12 : vim (EulerOS-SA-2024-2931)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211808">211808</a></td><td>EulerOS 2.0 SP12 : golang (EulerOS-SA-2024-2927)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211807">211807</a></td><td>EulerOS 2.0 SP12 : vim (EulerOS-SA-2024-2925)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211806">211806</a></td><td>EulerOS 2.0 SP12 : golang (EulerOS-SA-2024-2921)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211805">211805</a></td><td>EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2929)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211804">211804</a></td><td>EulerOS 2.0 SP12 : gdk-pixbuf2 (EulerOS-SA-2024-2920)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211803">211803</a></td><td>EulerOS 2.0 SP12 : jbig2dec (EulerOS-SA-2024-2922)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211802">211802</a></td><td>EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-2930)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/211801">211801</a></td><td>EulerOS 2.0 SP12 : gdk-pixbuf2 (EulerOS-SA-2024-2926)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210703">210703</a></td><td>EulerOS 2.0 SP9 : openjpeg2 (EulerOS-SA-2024-2835)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210702">210702</a></td><td>EulerOS 2.0 SP9 : gdk-pixbuf2 (EulerOS-SA-2024-2828)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210701">210701</a></td><td>EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-2807)</td><td><h6 class="m-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210700">210700</a></td><td>EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-2829)</td><td><h6 class="m-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210699">210699</a></td><td>EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2024-2810)</td><td><h6 class="m-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210698">210698</a></td><td>EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-2887)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210697">210697</a></td><td>EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2024-2808)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210696">210696</a></td><td>EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-2815)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210695">210695</a></td><td>EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-2812)</td><td><h6 class="m-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210694">210694</a></td><td>EulerOS 2.0 SP9 : vim (EulerOS-SA-2024-2841)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210693">210693</a></td><td>EulerOS 2.0 SP10 : curl (EulerOS-SA-2024-2882)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210692">210692</a></td><td>EulerOS 2.0 SP9 : ruby (EulerOS-SA-2024-2821)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210691">210691</a></td><td>EulerOS 2.0 SP9 : golang (EulerOS-SA-2024-2830)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210690">210690</a></td><td>EulerOS 2.0 SP9 : gtk3 (EulerOS-SA-2024-2814)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210689">210689</a></td><td>EulerOS 2.0 SP9 : golang (EulerOS-SA-2024-2813)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210688">210688</a></td><td>EulerOS 2.0 SP10 : docker-runc (EulerOS-SA-2024-2883)</td><td><h6 class="m-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210687">210687</a></td><td>EulerOS 2.0 SP10 : expat (EulerOS-SA-2024-2884)</td><td><h6 class="m-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210686">210686</a></td><td>EulerOS 2.0 SP9 : OpenIPMI (EulerOS-SA-2024-2817)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210685">210685</a></td><td>EulerOS 2.0 SP9 : gdk-pixbuf2 (EulerOS-SA-2024-2811)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210684">210684</a></td><td>EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-2825)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210683">210683</a></td><td>EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-2906)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210682">210682</a></td><td>EulerOS 2.0 SP10 : vim (EulerOS-SA-2024-2898)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210681">210681</a></td><td>EulerOS 2.0 SP9 : unbound (EulerOS-SA-2024-2840)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210680">210680</a></td><td>EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-2827)</td><td><h6 class="m-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210679">210679</a></td><td>EulerOS 2.0 SP10 : uboot-tools (EulerOS-SA-2024-2896)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210678">210678</a></td><td>EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2024-2816)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210677">210677</a></td><td>EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-2895)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210676">210676</a></td><td>EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-2809)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210675">210675</a></td><td>EulerOS 2.0 SP9 : vim (EulerOS-SA-2024-2823)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210674">210674</a></td><td>EulerOS 2.0 SP10 : gdk-pixbuf2 (EulerOS-SA-2024-2904)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210673">210673</a></td><td>EulerOS 2.0 SP9 : python-setuptools (EulerOS-SA-2024-2837)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210672">210672</a></td><td>EulerOS 2.0 SP10 : unbound (EulerOS-SA-2024-2897)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210671">210671</a></td><td>EulerOS 2.0 SP10 : python-cryptography (EulerOS-SA-2024-2912)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210670">210670</a></td><td>EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2024-2886)</td><td><h6 class="m-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210669">210669</a></td><td>EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2024-2881)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210668">210668</a></td><td>EulerOS 2.0 SP10 : libtiff (EulerOS-SA-2024-2889)</td><td><h6 class="m-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210667">210667</a></td><td>EulerOS 2.0 SP9 : openjpeg2 (EulerOS-SA-2024-2818)</td><td><h6 class="m-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td><a href="https://www.tenable.com/plugins/nessus/210666">210666</a></td><td>EulerOS 2.0 SP10 : xmlrpc-c (EulerOS-SA-2024-2919)</td><td><h6 class="m-1"><span class="badge badge-critical">critical</span></h6></td></tr></tbody></table></div><nav class="" aria-label="pagination"><ul class="justify-content-between pagination pagination"><li class="page-item disabled"><a class="page-link page-previous" href="https://www.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks?page=0">‹‹ <!-- -->Previous<span class="sr-only"> <!-- -->Previous</span></a></li><li class="page-item disabled"><a class="page-link page-text">Page 1 of 245<!-- --> <span class="d-none d-sm-inline">• <!-- -->12247 Total</span></a></li><li class="page-item"><a class="page-link page-next" href="https://www.tenable.com/plugins/nessus/families/Huawei%20Local%20Security%20Checks?page=2"><span class="sr-only">Next</span>Next<!-- --> ››</a></li></ul></nav></div></div></div></div></div></div><footer class="footer"><div class="container"><ul class="footer-nav"><li class="footer-nav-item"><a href="https://www.tenable.com/">Tenable.com</a></li><li class="footer-nav-item"><a href="https://community.tenable.com">Community &amp; Support</a></li><li class="footer-nav-item"><a href="https://docs.tenable.com">Documentation</a></li><li class="footer-nav-item"><a href="https://university.tenable.com">Education</a></li></ul><ul class="footer-nav footer-nav-secondary"><li class="footer-nav-item">© <!-- -->2024<!-- --> <!-- -->Tenable®, Inc. All Rights Reserved</li><li class="footer-nav-item"><a href="https://www.tenable.com/privacy-policy">Privacy Policy</a></li><li class="footer-nav-item"><a href="https://www.tenable.com/legal">Legal</a></li><li class="footer-nav-item"><a href="https://www.tenable.com/section-508-voluntary-product-accessibility">508 Compliance</a></li></ul></div></footer><div class="Toastify"></div></div></div><script id="__NEXT_DATA__" type="application/json" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz">{"props":{"pageProps":{"plugins":[{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211812","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-43168","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43168"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?8394934d"}],"description":"According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption.This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution.This could result in a denial of service or unauthorized actions on the system.(CVE-2024-43168)\n\nTenable has extracted the preceding description block directly from the EulerOS unbound security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"211812","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-2924)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected unbound packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":4.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P","cvssv3_temporal_score":4.2,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:S/C:P/I:P/A:P","cvssv3_vector_base":"AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","cvssv4_vector":null,"cvssv2_temporal_score":3.2,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.3,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"4.2","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Medium"},"sort":[1732492800000,"211812"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211811","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2022-48790","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48790"},{"id_type":"cve","id":"CVE-2022-48828","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48828"},{"id_type":"cve","id":"CVE-2022-48899","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48899"},{"id_type":"cve","id":"CVE-2022-48910","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48910"},{"id_type":"cve","id":"CVE-2022-48911","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48911"},{"id_type":"cve","id":"CVE-2022-48912","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48912"},{"id_type":"cve","id":"CVE-2022-48924","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48924"},{"id_type":"cve","id":"CVE-2022-48930","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48930"},{"id_type":"cve","id":"CVE-2022-48933","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48933"},{"id_type":"cve","id":"CVE-2022-48935","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48935"},{"id_type":"cve","id":"CVE-2022-48937","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48937"},{"id_type":"cve","id":"CVE-2023-52898","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52898"},{"id_type":"cve","id":"CVE-2023-52903","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52903"},{"id_type":"cve","id":"CVE-2024-39509","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39509"},{"id_type":"cve","id":"CVE-2024-40901","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40901"},{"id_type":"cve","id":"CVE-2024-40966","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40966"},{"id_type":"cve","id":"CVE-2024-41035","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035"},{"id_type":"cve","id":"CVE-2024-41042","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41042"},{"id_type":"cve","id":"CVE-2024-41087","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41087"},{"id_type":"cve","id":"CVE-2024-41089","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41089"},{"id_type":"cve","id":"CVE-2024-41098","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41098"},{"id_type":"cve","id":"CVE-2024-42145","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42145"},{"id_type":"cve","id":"CVE-2024-42232","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42232"},{"id_type":"cve","id":"CVE-2024-42244","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42244"},{"id_type":"cve","id":"CVE-2024-42265","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42265"},{"id_type":"cve","id":"CVE-2024-42283","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42283"},{"id_type":"cve","id":"CVE-2024-42284","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42284"},{"id_type":"cve","id":"CVE-2024-42285","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42285"},{"id_type":"cve","id":"CVE-2024-42289","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42289"},{"id_type":"cve","id":"CVE-2024-42302","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42302"},{"id_type":"cve","id":"CVE-2024-42304","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42304"},{"id_type":"cve","id":"CVE-2024-42305","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42305"},{"id_type":"cve","id":"CVE-2024-42306","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42306"},{"id_type":"cve","id":"CVE-2024-42321","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42321"},{"id_type":"cve","id":"CVE-2024-42322","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322"},{"id_type":"cve","id":"CVE-2024-43828","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43828"},{"id_type":"cve","id":"CVE-2024-43830","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43830"},{"id_type":"cve","id":"CVE-2024-43840","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43840"},{"id_type":"cve","id":"CVE-2024-43846","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43846"},{"id_type":"cve","id":"CVE-2024-43853","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43853"},{"id_type":"cve","id":"CVE-2024-43861","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43861"},{"id_type":"cve","id":"CVE-2024-43866","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43866"},{"id_type":"cve","id":"CVE-2024-43882","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43882"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?28cf03a9"}],"description":"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n RDMA/ib_srp: Fix a deadlock(CVE-2022-48930)\n\n netfilter: fix use-after-free in __nf_register_net_hook()(CVE-2022-48912)\n\n protect the fetch of -fd[fd] in do_dup2() from mispredictions(CVE-2024-42265)\n\n io_uring: add a schedule point in io_add_buffers()(CVE-2022-48937)\n\n ext4: check dot and dotdot of dx_root before making dir indexed(CVE-2024-42305)\n\n netfilter: nf_queue: fix possible use-after-free(CVE-2022-48911)\n\n cgroup/cpuset: Prevent UAF in proc_cpuset_show()(CVE-2024-43853)\n\n net: ipv6: ensure we call ipv6_mc_down() at most once(CVE-2022-48910)\n\n netfilter: nf_tables: fix memory leak during stateful obj update(CVE-2022-48933)\n\n netfilter: nf_tables: unregister flowtable hooks on netns exit(CVE-2022-48935)\n\n thermal: int340x: fix memory leak in int3400_notify()(CVE-2022-48924)\n\n scsi: qla2xxx: During vport delete send async logout explicitly(CVE-2024-42289)\n\n udf: Avoid using corrupted block bitmap buffer(CVE-2024-42306)\n\n lib: objagg: Fix general protection fault(CVE-2024-43846)\n\n net/mlx5: Always drain health in shutdown callback(CVE-2024-43866)\n\n exec: Fix ToCToU between perm check and set-uid/gid usage(CVE-2024-43882)\n\n net: usb: qmi_wwan: fix memory leak for not ip packets(CVE-2024-43861)\n\n io_uring: lock overflowing for IOPOLL(CVE-2023-52903)\n\n drm/virtio: Fix GEM handle creation UAF(CVE-2022-48899)\n\n xhci: Fix null pointer dereference when host dies(CVE-2023-52898)\n\n nvme: fix a possible use-after-free in controller reset during load(CVE-2022-48790)\n\n drm/ nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes(CVE-2024-41089)\n\n ipvs: properly dereference pe in ip_vs_add_service(CVE-2024-42322)\n\n bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG(CVE-2024-43840)\n\n net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE(CVE-2024-42321)\n\n RDMA/iwcm: Fix a use-after-free related to destroying CM IDs(CVE-2024-42285)\n\n tipc: Return non-zero value from tipc_udp_addr2str() on error(CVE-2024-42284)\n\n ext4: fix infinite loop when replaying fast_commit(CVE-2024-43828)\n\n ext4: make sure the first directory block is not a hole(CVE-2024-42304)\n\n PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal(CVE-2024-42302)\n\n net: nexthop: Initialize all fields in dumped nexthops(CVE-2024-42283)\n\n leds: trigger: Unregister sysfs attributes before calling deactivate()(CVE-2024-43830)\n\n IB/core: Implement a limit on UMAD receive List(CVE-2024-42145)\n\n NFSD: Fix ia_size underflow(CVE-2022-48828)\n\n netfilter: nf_tables: prefer nft_chain_validate(CVE-2024-41042)\n\n HID: core: remove unnecessary WARN_ON() in implement()(CVE-2024-39509)\n\n USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor(CVE-2024-41035)\n\n tty: add the option to have a tty reject a new ldisc(CVE-2024-40966)\n\n libceph: fix race between delayed_work() and ceph_monc_stop()(CVE-2024-42232)\n\n ata: libata-core: Fix null pointer dereference on error(CVE-2024-41098)\n\n USB: serial: mos7840: fix crash on resume(CVE-2024-42244)\n\n ata: libata-core: Fix double free on error(CVE-2024-41087)\n\n scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory(CVE-2024-40901)\n\nTenable has extracted the preceding description block directly from the EulerOS kernel security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"211811","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2923)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected kernel packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":7.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C","cvssv3_temporal_score":6.8,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:S/C:C/I:C/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":6.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Medium"},"sort":[1732492800000,"211811"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211810","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2023-46361","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46361"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?6e26c5dc"}],"description":"According to the versions of the jbig2dec packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.(CVE-2023-46361)\n\nTenable has extracted the preceding description block directly from the EulerOS jbig2dec security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"211810","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP12 : jbig2dec (EulerOS-SA-2024-2928)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected jbig2dec packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":6.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":5.9,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":6.1,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"4.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Medium","severity":"High"},"sort":[1732492800000,"211810"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211809","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-43374","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43374"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?0451275d"}],"description":"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling.When adding a new file to the argument list, this triggers `Buf*` autocommands.If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying.Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free.Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim.The issue has been fixed as of Vim patch v9.1.0678.(CVE-2024-43374)\n\nTenable has extracted the preceding description block directly from the EulerOS vim security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Low","script_id":"211809","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP12 : vim (EulerOS-SA-2024-2931)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected vim packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":4.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P","cvssv3_temporal_score":3.9,"rating":null,"cvssv2_vector_base":"AV:L/AC:H/Au:N/C:P/I:P/A:P","cvssv3_vector_base":"AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","cvssv4_vector":null,"cvssv2_temporal_score":2.7,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":3.7,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Low","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"3.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Low","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Low","severity":"Low"},"sort":[1732492800000,"211809"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211808","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-24791","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?73ed260e"}],"description":"According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an 'Expect:\n 100-continue' header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending 'Expect: 100-continue' requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.(CVE-2024-24791)\n\nTenable has extracted the preceding description block directly from the EulerOS golang security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"211808","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP12 : golang (EulerOS-SA-2024-2927)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected golang packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":7.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C","cvssv3_temporal_score":6.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:S/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":6.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Low","severity":"Medium"},"sort":[1732492800000,"211808"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211807","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-43374","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43374"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?6015aeed"}],"description":"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling.When adding a new file to the argument list, this triggers `Buf*` autocommands.If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying.Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free.Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim.The issue has been fixed as of Vim patch v9.1.0678.(CVE-2024-43374)\n\nTenable has extracted the preceding description block directly from the EulerOS vim security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Low","script_id":"211807","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP12 : vim (EulerOS-SA-2024-2925)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected vim packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":4.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P","cvssv3_temporal_score":3.9,"rating":null,"cvssv2_vector_base":"AV:L/AC:H/Au:N/C:P/I:P/A:P","cvssv3_vector_base":"AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","cvssv4_vector":null,"cvssv2_temporal_score":2.7,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":3.7,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Low","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"3.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Low","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Low","severity":"Low"},"sort":[1732492800000,"211807"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211806","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-24791","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?78e86fd7"}],"description":"According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an 'Expect:\n 100-continue' header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending 'Expect: 100-continue' requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.(CVE-2024-24791)\n\nTenable has extracted the preceding description block directly from the EulerOS golang security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"211806","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP12 : golang (EulerOS-SA-2024-2921)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected golang packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":7.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C","cvssv3_temporal_score":6.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:S/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":6.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Low","severity":"Medium"},"sort":[1732492800000,"211806"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211805","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2022-48790","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48790"},{"id_type":"cve","id":"CVE-2022-48828","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48828"},{"id_type":"cve","id":"CVE-2022-48899","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48899"},{"id_type":"cve","id":"CVE-2022-48910","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48910"},{"id_type":"cve","id":"CVE-2022-48911","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48911"},{"id_type":"cve","id":"CVE-2022-48912","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48912"},{"id_type":"cve","id":"CVE-2022-48924","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48924"},{"id_type":"cve","id":"CVE-2022-48930","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48930"},{"id_type":"cve","id":"CVE-2022-48933","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48933"},{"id_type":"cve","id":"CVE-2022-48935","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48935"},{"id_type":"cve","id":"CVE-2022-48937","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48937"},{"id_type":"cve","id":"CVE-2023-52898","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52898"},{"id_type":"cve","id":"CVE-2023-52903","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52903"},{"id_type":"cve","id":"CVE-2024-39509","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39509"},{"id_type":"cve","id":"CVE-2024-40901","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40901"},{"id_type":"cve","id":"CVE-2024-40966","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40966"},{"id_type":"cve","id":"CVE-2024-41035","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035"},{"id_type":"cve","id":"CVE-2024-41042","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41042"},{"id_type":"cve","id":"CVE-2024-41087","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41087"},{"id_type":"cve","id":"CVE-2024-41089","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41089"},{"id_type":"cve","id":"CVE-2024-41098","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41098"},{"id_type":"cve","id":"CVE-2024-42145","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42145"},{"id_type":"cve","id":"CVE-2024-42232","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42232"},{"id_type":"cve","id":"CVE-2024-42244","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42244"},{"id_type":"cve","id":"CVE-2024-42265","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42265"},{"id_type":"cve","id":"CVE-2024-42283","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42283"},{"id_type":"cve","id":"CVE-2024-42284","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42284"},{"id_type":"cve","id":"CVE-2024-42285","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42285"},{"id_type":"cve","id":"CVE-2024-42289","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42289"},{"id_type":"cve","id":"CVE-2024-42302","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42302"},{"id_type":"cve","id":"CVE-2024-42304","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42304"},{"id_type":"cve","id":"CVE-2024-42305","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42305"},{"id_type":"cve","id":"CVE-2024-42306","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42306"},{"id_type":"cve","id":"CVE-2024-42321","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42321"},{"id_type":"cve","id":"CVE-2024-42322","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322"},{"id_type":"cve","id":"CVE-2024-43828","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43828"},{"id_type":"cve","id":"CVE-2024-43830","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43830"},{"id_type":"cve","id":"CVE-2024-43840","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43840"},{"id_type":"cve","id":"CVE-2024-43846","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43846"},{"id_type":"cve","id":"CVE-2024-43853","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43853"},{"id_type":"cve","id":"CVE-2024-43861","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43861"},{"id_type":"cve","id":"CVE-2024-43866","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43866"},{"id_type":"cve","id":"CVE-2024-43882","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43882"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?6590bcb0"}],"description":"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n RDMA/ib_srp: Fix a deadlock(CVE-2022-48930)\n\n netfilter: fix use-after-free in __nf_register_net_hook()(CVE-2022-48912)\n\n protect the fetch of -fd[fd] in do_dup2() from mispredictions(CVE-2024-42265)\n\n io_uring: add a schedule point in io_add_buffers()(CVE-2022-48937)\n\n ext4: check dot and dotdot of dx_root before making dir indexed(CVE-2024-42305)\n\n netfilter: nf_queue: fix possible use-after-free(CVE-2022-48911)\n\n cgroup/cpuset: Prevent UAF in proc_cpuset_show()(CVE-2024-43853)\n\n net: ipv6: ensure we call ipv6_mc_down() at most once(CVE-2022-48910)\n\n netfilter: nf_tables: fix memory leak during stateful obj update(CVE-2022-48933)\n\n netfilter: nf_tables: unregister flowtable hooks on netns exit(CVE-2022-48935)\n\n thermal: int340x: fix memory leak in int3400_notify()(CVE-2022-48924)\n\n scsi: qla2xxx: During vport delete send async logout explicitly(CVE-2024-42289)\n\n udf: Avoid using corrupted block bitmap buffer(CVE-2024-42306)\n\n lib: objagg: Fix general protection fault(CVE-2024-43846)\n\n net/mlx5: Always drain health in shutdown callback(CVE-2024-43866)\n\n exec: Fix ToCToU between perm check and set-uid/gid usage(CVE-2024-43882)\n\n net: usb: qmi_wwan: fix memory leak for not ip packets(CVE-2024-43861)\n\n io_uring: lock overflowing for IOPOLL(CVE-2023-52903)\n\n drm/virtio: Fix GEM handle creation UAF(CVE-2022-48899)\n\n xhci: Fix null pointer dereference when host dies(CVE-2023-52898)\n\n nvme: fix a possible use-after-free in controller reset during load(CVE-2022-48790)\n\n drm/ nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes(CVE-2024-41089)\n\n ipvs: properly dereference pe in ip_vs_add_service(CVE-2024-42322)\n\n bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG(CVE-2024-43840)\n\n net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE(CVE-2024-42321)\n\n RDMA/iwcm: Fix a use-after-free related to destroying CM IDs(CVE-2024-42285)\n\n tipc: Return non-zero value from tipc_udp_addr2str() on error(CVE-2024-42284)\n\n ext4: fix infinite loop when replaying fast_commit(CVE-2024-43828)\n\n ext4: make sure the first directory block is not a hole(CVE-2024-42304)\n\n PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal(CVE-2024-42302)\n\n net: nexthop: Initialize all fields in dumped nexthops(CVE-2024-42283)\n\n leds: trigger: Unregister sysfs attributes before calling deactivate()(CVE-2024-43830)\n\n IB/core: Implement a limit on UMAD receive List(CVE-2024-42145)\n\n NFSD: Fix ia_size underflow(CVE-2022-48828)\n\n netfilter: nf_tables: prefer nft_chain_validate(CVE-2024-41042)\n\n HID: core: remove unnecessary WARN_ON() in implement()(CVE-2024-39509)\n\n USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor(CVE-2024-41035)\n\n tty: add the option to have a tty reject a new ldisc(CVE-2024-40966)\n\n libceph: fix race between delayed_work() and ceph_monc_stop()(CVE-2024-42232)\n\n ata: libata-core: Fix null pointer dereference on error(CVE-2024-41098)\n\n USB: serial: mos7840: fix crash on resume(CVE-2024-42244)\n\n ata: libata-core: Fix double free on error(CVE-2024-41087)\n\n scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory(CVE-2024-40901)\n\nTenable has extracted the preceding description block directly from the EulerOS kernel security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"211805","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2929)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected kernel packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":7.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C","cvssv3_temporal_score":6.8,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:S/C:C/I:C/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":6.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Medium"},"sort":[1732492800000,"211805"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211804","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2022-48622","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48622"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?13bc8cf4"}],"description":"According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file.A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack.This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.(CVE-2022-48622)\n\nTenable has extracted the preceding description block directly from the EulerOS gdk-pixbuf2 security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"211804","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP12 : gdk-pixbuf2 (EulerOS-SA-2024-2920)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected gdk-pixbuf2 packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":7.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":7,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.6,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.2,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Medium","severity":"High"},"sort":[1732492800000,"211804"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211803","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2023-46361","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46361"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?190f6a68"}],"description":"According to the versions of the jbig2dec packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.(CVE-2023-46361)\n\nTenable has extracted the preceding description block directly from the EulerOS jbig2dec security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"211803","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP12 : jbig2dec (EulerOS-SA-2024-2922)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected jbig2dec packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":6.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":5.9,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":6.1,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"4.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Medium","severity":"High"},"sort":[1732492800000,"211803"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211802","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-43168","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43168"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?2a53ecf5"}],"description":"According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption.This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution.This could result in a denial of service or unauthorized actions on the system.(CVE-2024-43168)\n\nTenable has extracted the preceding description block directly from the EulerOS unbound security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"211802","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP12 : unbound (EulerOS-SA-2024-2930)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected unbound packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":4.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P","cvssv3_temporal_score":4.2,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:S/C:P/I:P/A:P","cvssv3_vector_base":"AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","cvssv4_vector":null,"cvssv2_temporal_score":3.2,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.3,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"4.2","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Medium"},"sort":[1732492800000,"211802"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"211801","_score":null,"_source":{"plugin_modification_date":"2024-11-25T00:00:00","references":[{"id_type":"cve","id":"CVE-2022-48622","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48622"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?2d86c0de"}],"description":"According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file.A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack.This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.(CVE-2022-48622)\n\nTenable has extracted the preceding description block directly from the EulerOS gdk-pixbuf2 security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"211801","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP12 : gdk-pixbuf2 (EulerOS-SA-2024-2926)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected gdk-pixbuf2 packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-25T00:00:00","cvss":{"cvssv3_score":7.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":7,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.6,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.2,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/25/2024","pluginModificationDate":"11/25/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Medium","severity":"High"},"sort":[1732492800000,"211801"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210703","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2023-39328","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39328"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?12d53a39"}],"description":"According to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.(CVE-2023-39328)\n\nTenable has extracted the preceding description block directly from the EulerOS openjpeg2 security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210703","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : openjpeg2 (EulerOS-SA-2024-2835)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected openjpeg2 packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":5.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":4.8,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":3.6,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.9,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Low","severity":"Medium"},"sort":[1731024000000,"210703"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210702","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2022-48622","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48622"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?1813478d"}],"description":"According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.(CVE-2022-48622)\n\nTenable has extracted the preceding description block directly from the EulerOS gdk-pixbuf2 security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210702","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : gdk-pixbuf2 (EulerOS-SA-2024-2828)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected gdk-pixbuf2 packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":7,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.6,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.2,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Medium","severity":"High"},"sort":[1731024000000,"210702"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210701","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"IAVA","id":"2024-A-0543","type":"advisory","url":null},{"id_type":"cve","id":"CVE-2023-52426","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52426"},{"id_type":"cve","id":"CVE-2024-45490","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490"},{"id_type":"cve","id":"CVE-2024-45491","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491"},{"id_type":"cve","id":"CVE-2024-45492","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?451d75a3"}],"description":"According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426)\n\n An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.(CVE-2024-45490)\n\n An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45491)\n\n An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45492)\n\nTenable has extracted the preceding description block directly from the EulerOS expat security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Critical","script_id":"210701","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-2807)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected expat packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":9.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":8.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":7.4,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":10,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Critical","cvssv3_risk_factor":"Critical","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{"IAVA":["2024-A-0543"]},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Critical","cvssV3Severity":"Critical","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Critical"},"sort":[1731024000000,"210701"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210700","_score":null,"_source":{"plugin_modification_date":"2024-11-15T00:00:00","references":[{"id_type":"IAVB","id":"2024-B-0074-S","type":"advisory","url":null},{"id_type":"cve","id":"CVE-2024-29508","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29508"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?75380613"}],"description":"According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.(CVE-2024-29508)\n\nTenable has extracted the preceding description block directly from the EulerOS ghostscript security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Low","script_id":"210700","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-2829)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected ghostscript packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":3.3,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N","cvssv3_temporal_score":2.9,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:S/C:P/I:N/A:N","cvssv3_vector_base":"AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvssv4_vector":null,"cvssv2_temporal_score":1.3,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":1.7,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Low","cvssv3_risk_factor":"Low","cvssv4_risk_factor":null},"vpr_score":"1.4","script_family":"Huawei Local Security Checks","xrefs":{"IAVB":["2024-B-0074-S"]},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/15/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"vprSeverity":"Low","severity":"Low"},"sort":[1731024000000,"210700"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210699","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-45310","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45310"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?eab04cdf"}],"description":"According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3. Some workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to.\n Unless the root user is remapped to an actual user on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.(CVE-2024-45310)\n\nTenable has extracted the preceding description block directly from the EulerOS docker-runc security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Low","script_id":"210699","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2024-2810)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected docker-runc packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":3.6,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N","cvssv3_temporal_score":3.2,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:N/I:P/A:N","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","cvssv4_vector":null,"cvssv2_temporal_score":1.6,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":2.1,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Low","cvssv3_risk_factor":"Low","cvssv4_risk_factor":null},"vpr_score":"2.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"vprSeverity":"Low","severity":"Low"},"sort":[1731024000000,"210699"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210698","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-24791","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791"},{"id_type":"cve","id":"CVE-2024-34156","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?2bd58517"}],"description":"According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.This is a follow-up to CVE-2022-30635.(CVE-2024-34156)\n\n The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an 'Expect:\n 100-continue' header with a non-informational (200 or higher) status.This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending 'Expect: 100-continue' requests which elicit a non-informational response from the backend.Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.(CVE-2024-24791)\n\nTenable has extracted the preceding description block directly from the EulerOS golang security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210698","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-2887)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected golang packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":6.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.8,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Low","severity":"High"},"sort":[1731024000000,"210698"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210697","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-25629","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25629"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?d98ba483"}],"description":"According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/ nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0.\n No known workarounds exist.(CVE-2024-25629)\n\nTenable has extracted the preceding description block directly from the EulerOS c-ares security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210697","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2024-2808)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected c-ares packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":4.4,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:H/Au:S/C:N/I:P/A:C","cvssv3_temporal_score":3.9,"rating":null,"cvssv2_vector_base":"AV:L/AC:H/Au:S/C:N/I:P/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":3.3,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.5,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Low","severity":"Medium"},"sort":[1731024000000,"210697"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210696","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2021-47024","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47024"},{"id_type":"cve","id":"CVE-2021-47296","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47296"},{"id_type":"cve","id":"CVE-2021-47391","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47391"},{"id_type":"cve","id":"CVE-2021-47400","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47400"},{"id_type":"cve","id":"CVE-2021-47423","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47423"},{"id_type":"cve","id":"CVE-2021-47434","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47434"},{"id_type":"cve","id":"CVE-2021-47496","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47496"},{"id_type":"cve","id":"CVE-2022-48732","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48732"},{"id_type":"cve","id":"CVE-2022-48788","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48788"},{"id_type":"cve","id":"CVE-2022-48828","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48828"},{"id_type":"cve","id":"CVE-2022-48850","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48850"},{"id_type":"cve","id":"CVE-2022-48879","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48879"},{"id_type":"cve","id":"CVE-2022-48899","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48899"},{"id_type":"cve","id":"CVE-2022-48911","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48911"},{"id_type":"cve","id":"CVE-2022-48912","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48912"},{"id_type":"cve","id":"CVE-2022-48930","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48930"},{"id_type":"cve","id":"CVE-2022-48943","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48943"},{"id_type":"cve","id":"CVE-2023-52880","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52880"},{"id_type":"cve","id":"CVE-2023-52885","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52885"},{"id_type":"cve","id":"CVE-2023-52898","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52898"},{"id_type":"cve","id":"CVE-2024-25739","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739"},{"id_type":"cve","id":"CVE-2024-26763","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26763"},{"id_type":"cve","id":"CVE-2024-26852","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852"},{"id_type":"cve","id":"CVE-2024-26921","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921"},{"id_type":"cve","id":"CVE-2024-35950","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35950"},{"id_type":"cve","id":"CVE-2024-36286","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286"},{"id_type":"cve","id":"CVE-2024-39494","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39494"},{"id_type":"cve","id":"CVE-2024-39509","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39509"},{"id_type":"cve","id":"CVE-2024-40959","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40959"},{"id_type":"cve","id":"CVE-2024-40978","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40978"},{"id_type":"cve","id":"CVE-2024-41012","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41012"},{"id_type":"cve","id":"CVE-2024-41014","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014"},{"id_type":"cve","id":"CVE-2024-41020","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41020"},{"id_type":"cve","id":"CVE-2024-41035","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035"},{"id_type":"cve","id":"CVE-2024-41044","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044"},{"id_type":"cve","id":"CVE-2024-41087","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41087"},{"id_type":"cve","id":"CVE-2024-41095","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41095"},{"id_type":"cve","id":"CVE-2024-42070","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42070"},{"id_type":"cve","id":"CVE-2024-42084","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42084"},{"id_type":"cve","id":"CVE-2024-42090","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42090"},{"id_type":"cve","id":"CVE-2024-42102","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42102"},{"id_type":"cve","id":"CVE-2024-42106","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42106"},{"id_type":"cve","id":"CVE-2024-42131","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131"},{"id_type":"cve","id":"CVE-2024-42145","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42145"},{"id_type":"cve","id":"CVE-2024-42148","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42148"},{"id_type":"cve","id":"CVE-2024-42154","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42154"},{"id_type":"cve","id":"CVE-2024-42232","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42232"},{"id_type":"cve","id":"CVE-2024-42244","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42244"},{"id_type":"cve","id":"CVE-2024-42265","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42265"},{"id_type":"cve","id":"CVE-2024-42285","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42285"},{"id_type":"cve","id":"CVE-2024-42286","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42286"},{"id_type":"cve","id":"CVE-2024-42289","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42289"},{"id_type":"cve","id":"CVE-2024-42292","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42292"},{"id_type":"cve","id":"CVE-2024-42304","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42304"},{"id_type":"cve","id":"CVE-2024-42305","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42305"},{"id_type":"cve","id":"CVE-2024-42312","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42312"},{"id_type":"cve","id":"CVE-2024-43830","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43830"},{"id_type":"cve","id":"CVE-2024-43853","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43853"},{"id_type":"cve","id":"CVE-2024-43856","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43856"},{"id_type":"cve","id":"CVE-2024-43861","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43861"},{"id_type":"cve","id":"CVE-2024-43871","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43871"},{"id_type":"cve","id":"CVE-2024-43882","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43882"},{"id_type":"cve","id":"CVE-2024-43890","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43890"},{"id_type":"cve","id":"CVE-2024-43892","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43892"},{"id_type":"cve","id":"CVE-2024-43893","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43893"},{"id_type":"cve","id":"CVE-2024-43914","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43914"},{"id_type":"cve","id":"CVE-2024-44944","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44944"},{"id_type":"cve","id":"CVE-2024-44987","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44987"},{"id_type":"cve","id":"CVE-2024-45006","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45006"},{"id_type":"cve","id":"CVE-2024-46800","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46800"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?c52d7e73"}],"description":"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n vsock/virtio: free queued packets when closing socket(CVE-2021-47024)\n\n KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak(CVE-2021-47296)\n\n kernel:RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests(CVE-2021-47391)\n\n net: hns3: do not allow call hns3_nic_net_open repeatedly(CVE-2021-47400)\n\n drm/ nouveau/debugfs: fix file release memory leak(CVE-2021-47423)\n\n xhci: Fix command ring pointer corruption while aborting a command(CVE-2021-47434)\n\n net/tls: Fix flipped sign in tls_err_abort() calls(CVE-2021-47496)\n\n drm/ nouveau: fix off by one in BIOS boundary checking(CVE-2022-48732)\n\n nvme-rdma: fix possible use-after-free in transport error_recovery work(CVE-2022-48788)\n\n NFSD: Fix ia_size underflow(CVE-2022-48828)\n\n net-sysfs: add check for netdevice being present to speed_show(CVE-2022-48850)\n\n efi: fix NULL-deref in init error path(CVE-2022-48879)\n\n drm/virtio: Fix GEM handle creation UAF(CVE-2022-48899)\n\n netfilter: nf_queue: fix possible use-after-free(CVE-2022-48911)\n\n netfilter: fix use-after-free in __nf_register_net_hook()(CVE-2022-48912)\n\n RDMA/ib_srp: Fix a deadlock(CVE-2022-48930)\n\n KVM: x86/mmu: make apf token non-zero to fix bug(CVE-2022-48943)\n\n tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc(CVE-2023-52880)\n\n SUNRPC: Fix UAF in svc_tcp_listen_data_ready()(CVE-2023-52885)\n\n xhci: Fix null pointer dereference when host dies(CVE-2023-52898)\n\n create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-leb_size.(CVE-2024-25739)\n\n dm-crypt: don't modify the data when using authenticated encryption(CVE-2024-26763)\n\n net/ipv6: avoid possible UAF in ip6_route_mpath_notify()(CVE-2024-26852)\n\n inet: inet_defrag: prevent sk release while still in use(CVE-2024-26921)\n\n drm/client: Fully protect modes[] with dev-mode_config.mutex(CVE-2024-35950)\n\n netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()(CVE-2024-36286)\n\n kernel:ima: Fix use-after-free on a dentry's dname.name(CVE-2024-39494)\n\n HID: core: remove unnecessary WARN_ON() in implement()(CVE-2024-39509)\n\n xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()(CVE-2024-40959)\n\n scsi: qedi: Fix crash while reading debugfs attribute(CVE-2024-40978)\n\n filelock: Remove locks reliably when fcntl/close race is detected(CVE-2024-41012)\n\n xfs: add bounds checking to xlog_recover_process_data(CVE-2024-41014)\n\n filelock: Fix fcntl/close race recovery compat path(CVE-2024-41020)\n\n USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor(CVE-2024-41035)\n\n ppp: reject claimed-as-LCP but actually malformed packets(CVE-2024-41044)\n\n ata: libata-core: Fix double free on error(CVE-2024-41087)\n\n drm/ nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes(CVE-2024-41095)\n\n netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers(CVE-2024-42070)\n\n ftruncate: pass a signed offset(CVE-2024-42084)\n\n pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER(CVE-2024-42090)\n\n Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again'(CVE-2024-42102)\n\n inet_diag: Initialize pad field in struct inet_diag_req_v2(CVE-2024-42106)\n\n mm: avoid overflows in dirty throttling logic(CVE-2024-42131)\n\n IB/core: Implement a limit on UMAD receive List(CVE-2024-42145)\n\n bnx2x: Fix multiple UBSAN array-index-out-of-bounds(CVE-2024-42148)\n\n tcp_metrics: validate source addr length(CVE-2024-42154)\n\n libceph: fix race between delayed_work() and ceph_monc_stop()(CVE-2024-42232)\n\n USB: serial: mos7840: fix crash on resume(CVE-2024-42244)\n\n protect the fetch of -fd[fd] in do_dup2() from mispredictions(CVE-2024-42265)\n\n RDMA/iwcm: Fix a use-after-free related to destroying CM IDs(CVE-2024-42285)\n\n scsi: qla2xxx: validate nvme_local_port correctly(CVE-2024-42286)\n\n scsi: qla2xxx: During vport delete send async logout explicitly(CVE-2024-42289)\n\n kobject_uevent: Fix OOB access within zap_modalias_env()(CVE-2024-42292)\n\n ext4: make sure the first directory block is not a hole(CVE-2024-42304)\n\n ext4: check dot and dotdot of dx_root before making dir indexed(CVE-2024-42305)\n\n sysctl: always initialize i_uid/i_gid(CVE-2024-42312)\n\n leds: trigger: Unregister sysfs attributes before calling deactivate()(CVE-2024-43830)\n\n cgroup/cpuset: Prevent UAF in proc_cpuset_show()(CVE-2024-43853)\n\n dma: fix call order in dmam_free_coherent(CVE-2024-43856)\n\n net: usb: qmi_wwan: fix memory leak for not ip packets(CVE-2024-43861)\n\n devres: Fix memory leakage caused by driver API devm_free_percpu()(CVE-2024-43871)\n\n exec: Fix ToCToU between perm check and set-uid/gid usage(CVE-2024-43882)\n\n tracing: Fix overflow in get_free_elt()(CVE-2024-43890)\n\n memcg: protect concurrent access to mem_cgroup_idr(CVE-2024-43892)\n\n serial: core: check uartclk for zero to avoid divide by zero(CVE-2024-43893)\n\n md/raid5: avoid BUG_ON() while continue reshape after reassembling(CVE-2024-43914)\n\n netfilter: ctnetlink: use helper function to calculate expect ID(CVE-2024-44944)\n\n ipv6: prevent UAF in ip6_send_skb()(CVE-2024-44987)\n\n xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration(CVE-2024-45006)\n\n sch/ netem: fix use after free in netem_dequeue(CVE-2024-46800)\n\nTenable has extracted the preceding description block directly from the EulerOS kernel security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210696","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-2815)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected kernel packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C","cvssv3_temporal_score":7,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:S/C:C/I:C/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.3,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":6.8,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"7.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"High","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"High","severity":"Medium"},"sort":[1731024000000,"210696"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210695","_score":null,"_source":{"plugin_modification_date":"2024-11-15T00:00:00","references":[{"id_type":"IAVB","id":"2024-B-0074-S","type":"advisory","url":null},{"id_type":"cve","id":"CVE-2024-29508","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29508"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?dbac2941"}],"description":"According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.(CVE-2024-29508)\n\nTenable has extracted the preceding description block directly from the EulerOS ghostscript security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Low","script_id":"210695","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-2812)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected ghostscript packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":3.3,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N","cvssv3_temporal_score":2.9,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:S/C:P/I:N/A:N","cvssv3_vector_base":"AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvssv4_vector":null,"cvssv2_temporal_score":1.3,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":1.7,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Low","cvssv3_risk_factor":"Low","cvssv4_risk_factor":null},"vpr_score":"1.4","script_family":"Huawei Local Security Checks","xrefs":{"IAVB":["2024-B-0074-S"]},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/15/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"vprSeverity":"Low","severity":"Low"},"sort":[1731024000000,"210695"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210694","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-41957","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41957"},{"id_type":"cve","id":"CVE-2024-41965","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41965"},{"id_type":"cve","id":"CVE-2024-43374","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43374"},{"id_type":"cve","id":"CVE-2024-43802","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43802"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?19fdc5a2"}],"description":"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception.\n Impact is low since the user must intentionally execute vim with several non-default flags,but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647(CVE-2024-41957)\n\n Vim is an open source command line text editor. double-free in dialog_changed() in Vim v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet.\n However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.(CVE-2024-41965)\n\n The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.(CVE-2024-43374)\n\n Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g.\n ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2024-43802)\n\nTenable has extracted the preceding description block directly from the EulerOS vim security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210694","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP9 : vim (EulerOS-SA-2024-2841)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected vim packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":5.3,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P","cvssv3_temporal_score":4.6,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:P/I:P/A:P","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","cvssv4_vector":null,"cvssv2_temporal_score":3.4,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.6,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"3.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Low","severity":"Medium"},"sort":[1731024000000,"210694"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210693","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"IAVA","id":"2024-A-0457-S","type":"advisory","url":null},{"id_type":"IAVA","id":"2024-A-0571-S","type":"advisory","url":null},{"id_type":"cve","id":"CVE-2024-7264","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264"},{"id_type":"cve","id":"CVE-2024-8096","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?e82f7d89"}],"description":"According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.(CVE-2024-8096)\n\n libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field.If given an syntactically incorrect field, the parser might end up using -1 for the length of the\n *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.(CVE-2024-7264)\n\nTenable has extracted the preceding description block directly from the EulerOS curl security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210693","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP10 : curl (EulerOS-SA-2024-2882)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected curl packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":6.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":5.9,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":6.1,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"4.4","script_family":"Huawei Local Security Checks","xrefs":{"IAVA":["2024-A-0457-S","2024-A-0571-S"]},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Medium","severity":"High"},"sort":[1731024000000,"210693"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210692","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-35176","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35176"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?7e991660"}],"description":"According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many ``s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability.\n As a workaround, don't parse untrusted XMLs.(CVE-2024-35176)\n\nTenable has extracted the preceding description block directly from the EulerOS ruby security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210692","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : ruby (EulerOS-SA-2024-2821)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected ruby packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":5.3,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P","cvssv3_temporal_score":4.6,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:P","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvssv4_vector":null,"cvssv2_temporal_score":3.7,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":5,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"1.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Low","severity":"Medium"},"sort":[1731024000000,"210692"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210691","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-24791","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791"},{"id_type":"cve","id":"CVE-2024-34156","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?8e02e4dd"}],"description":"According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an 'Expect:\n 100-continue' header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending 'Expect: 100-continue' requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.(CVE-2024-24791)\n\n Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.(CVE-2024-34156)\n\nTenable has extracted the preceding description block directly from the EulerOS golang security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210691","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP9 : golang (EulerOS-SA-2024-2830)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected golang packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":6.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.8,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Low","severity":"High"},"sort":[1731024000000,"210691"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210690","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-6655","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6655"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?1ebff3ce"}],"description":"According to the versions of the gtk3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.(CVE-2024-6655)\n\nTenable has extracted the preceding description block directly from the EulerOS gtk3 security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210690","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : gtk3 (EulerOS-SA-2024-2814)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected gtk3 packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":6.1,"rating":null,"cvssv2_vector_base":"AV:L/AC:H/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":4.6,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":6.2,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"7.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"High","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"High","severity":"Medium"},"sort":[1731024000000,"210690"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210689","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-24791","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791"},{"id_type":"cve","id":"CVE-2024-34156","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?65e306b6"}],"description":"According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an 'Expect:\n 100-continue' header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending 'Expect: 100-continue' requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.(CVE-2024-24791)\n\n Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.(CVE-2024-34156)\n\nTenable has extracted the preceding description block directly from the EulerOS golang security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210689","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP9 : golang (EulerOS-SA-2024-2813)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected golang packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":6.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.8,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Low","severity":"High"},"sort":[1731024000000,"210689"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210688","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-45310","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45310"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?546fbe52"}],"description":"According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n runc is a CLI tool for spawning and running containers according to the OCI specification.runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`.While this could be used to create empty files, existing files would not be truncated.An attacker must have the ability to start containers using some kind of custom volume configuration.Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced.Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed.This is exploitable using runc directly as well as through Docker and Kubernetes.The issue is fixed in runc v1.1.14 and v1.2.0-rc3. Some workarounds are available.Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to.Unless the root user is remapped to an actual user on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world- writable directories.A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.(CVE-2024-45310)\n\nTenable has extracted the preceding description block directly from the EulerOS docker-runc security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Low","script_id":"210688","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP10 : docker-runc (EulerOS-SA-2024-2883)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected docker-runc packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":3.6,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N","cvssv3_temporal_score":3.2,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:N/I:P/A:N","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","cvssv4_vector":null,"cvssv2_temporal_score":1.6,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":2.1,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Low","cvssv3_risk_factor":"Low","cvssv4_risk_factor":null},"vpr_score":"2.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"vprSeverity":"Low","severity":"Low"},"sort":[1731024000000,"210688"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210687","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"IAVA","id":"2024-A-0543","type":"advisory","url":null},{"id_type":"cve","id":"CVE-2024-45490","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490"},{"id_type":"cve","id":"CVE-2024-45491","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491"},{"id_type":"cve","id":"CVE-2024-45492","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?2c1788af"}],"description":"According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n An issue was discovered in libexpat before 2.6.3.nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45492)\n\n An issue was discovered in libexpat before 2.6.3.dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45491)\n\n An issue was discovered in libexpat before 2.6.3.xmlparse.c does not reject a negative length for XML_ParseBuffer.(CVE-2024-45490)\n\nTenable has extracted the preceding description block directly from the EulerOS expat security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Critical","script_id":"210687","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP10 : expat (EulerOS-SA-2024-2884)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected expat packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":9.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":8.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":7.4,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":10,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Critical","cvssv3_risk_factor":"Critical","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{"IAVA":["2024-A-0543"]},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Critical","cvssV3Severity":"Critical","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Critical"},"sort":[1731024000000,"210687"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210686","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-42934","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42934"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?e2c5fc28"}],"description":"According to the versions of the OpenIPMI packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.(CVE-2024-42934)\n\nTenable has extracted the preceding description block directly from the EulerOS OpenIPMI security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210686","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : OpenIPMI (EulerOS-SA-2024-2817)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected OpenIPMI packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:P","cvssv3_temporal_score":4.4,"rating":null,"cvssv2_vector_base":"AV:A/AC:H/Au:N/C:P/I:P/A:P","cvssv3_vector_base":"AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","cvssv4_vector":null,"cvssv2_temporal_score":3.2,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.3,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"4.2","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Medium"},"sort":[1731024000000,"210686"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210685","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2022-48622","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48622"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?cdbc097c"}],"description":"According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.(CVE-2022-48622)\n\nTenable has extracted the preceding description block directly from the EulerOS gdk-pixbuf2 security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210685","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : gdk-pixbuf2 (EulerOS-SA-2024-2811)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected gdk-pixbuf2 packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":7,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.6,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.2,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Medium","severity":"High"},"sort":[1731024000000,"210685"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210684","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"IAVA","id":"2024-A-0457-S","type":"advisory","url":null},{"id_type":"IAVA","id":"2024-A-0571-S","type":"advisory","url":null},{"id_type":"cve","id":"CVE-2024-7264","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264"},{"id_type":"cve","id":"CVE-2024-8096","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?b648209e"}],"description":"According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the\n *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated.This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.(CVE-2024-7264)\n\n When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.(CVE-2024-8096)\n\nTenable has extracted the preceding description block directly from the EulerOS curl security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210684","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-2825)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected curl packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":6.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":5.9,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":6.1,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"4.4","script_family":"Huawei Local Security Checks","xrefs":{"IAVA":["2024-A-0457-S","2024-A-0571-S"]},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Medium","severity":"High"},"sort":[1731024000000,"210684"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210683","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-24791","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791"},{"id_type":"cve","id":"CVE-2024-34156","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?65b87afb"}],"description":"According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.This is a follow-up to CVE-2022-30635.(CVE-2024-34156)\n\n\n The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an 'Expect:\n 100-continue' header with a non-informational (200 or higher) status.This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending 'Expect: 100-continue' requests which elicit a non-informational response from the backend.Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.(CVE-2024-24791)\n\nTenable has extracted the preceding description block directly from the EulerOS golang security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210683","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-2906)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected golang packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":6.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.8,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Low","severity":"High"},"sort":[1731024000000,"210683"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210682","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-41957","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41957"},{"id_type":"cve","id":"CVE-2024-41965","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41965"},{"id_type":"cve","id":"CVE-2024-43374","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43374"},{"id_type":"cve","id":"CVE-2024-43802","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43802"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?d4bf0d31"}],"description":"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n Vim is an open source command line text editor.double-free in dialog_changed() in Vim v9.1.0648.When abandoning a buffer, Vim may ask the user what to do with the modified buffer.If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet.However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash.The issue has been fixed as of Vim patch v9.1.0648.(CVE-2024-41965)\n\n Vim is an open source command line text editor.Vim v9.1.0647 has double free in src/alloc.c:616.When closing a window, the corresponding tagstack data will be cleared and freed.However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception.Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim.The issue has been fixed as of Vim patch v9.1.0647(CVE-2024-41957)\n\n The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling.When adding a new file to the argument list, this triggers `Buf*` autocommands.If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying.Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free.Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim.The issue has been fixed as of Vim patch v9.1.0678.(CVE-2024-43374)\n\n Vim is an improved version of the unix vi text editor.When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g.ins_typebuf().Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position.If not, fall back to flush current typebuf contents.It's not quite clear yet, what can lead to this situation.It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size.Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition.But when this happens, this will cause a crash.The issue has been fixed as of Vim patch v9.1.0697.Users are advised to upgrade.There are no known workarounds for this issue.(CVE-2024-43802)\n\nTenable has extracted the preceding description block directly from the EulerOS vim security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210682","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP10 : vim (EulerOS-SA-2024-2898)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected vim packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":5.3,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P","cvssv3_temporal_score":4.6,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:P/I:P/A:P","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","cvssv4_vector":null,"cvssv2_temporal_score":3.4,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.6,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"3.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Low","severity":"Medium"},"sort":[1731024000000,"210682"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210681","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-43167","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43167"},{"id_type":"cve","id":"CVE-2024-43168","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43168"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?51309163"}],"description":"According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.(CVE-2024-43167)\n\n A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.(CVE-2024-43168)\n\nTenable has extracted the preceding description block directly from the EulerOS unbound security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210681","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP9 : unbound (EulerOS-SA-2024-2840)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected unbound packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":4.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P","cvssv3_temporal_score":4.2,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:S/C:P/I:P/A:P","cvssv3_vector_base":"AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","cvssv4_vector":null,"cvssv2_temporal_score":3.2,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.3,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"4.2","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Medium"},"sort":[1731024000000,"210681"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210680","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"IAVA","id":"2024-A-0543","type":"advisory","url":null},{"id_type":"cve","id":"CVE-2023-52426","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52426"},{"id_type":"cve","id":"CVE-2024-45490","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490"},{"id_type":"cve","id":"CVE-2024-45491","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491"},{"id_type":"cve","id":"CVE-2024-45492","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?1dd9f236"}],"description":"According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426)\n\n An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.(CVE-2024-45490)\n\n An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45491)\n\n An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45492)\n\nTenable has extracted the preceding description block directly from the EulerOS expat security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Critical","script_id":"210680","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-2827)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected expat packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":9.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":8.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":7.4,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":10,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Critical","cvssv3_risk_factor":"Critical","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{"IAVA":["2024-A-0543"]},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Critical","cvssV3Severity":"Critical","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Critical"},"sort":[1731024000000,"210680"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210679","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2022-2347","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2347"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?5c3fc706"}],"description":"According to the versions of the uboot-tools packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n There exists an unchecked length field in UBoot.The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command.Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.(CVE-2022-2347)\n\nTenable has extracted the preceding description block directly from the EulerOS uboot-tools security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210679","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP10 : uboot-tools (EulerOS-SA-2024-2896)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected uboot-tools packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.1,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":6.4,"rating":null,"cvssv2_vector_base":"AV:L/AC:H/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":4.9,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":6.2,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"7.3","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"High","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"High","severity":"Medium"},"sort":[1731024000000,"210679"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210678","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-7006","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?c50474f1"}],"description":"According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.(CVE-2024-7006)\n\nTenable has extracted the preceding description block directly from the EulerOS libtiff security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210678","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2024-2816)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected libtiff packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":6.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.8,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Low","severity":"High"},"sort":[1731024000000,"210678"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210677","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-35176","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35176"},{"id_type":"cve","id":"CVE-2024-39908","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39908"},{"id_type":"cve","id":"CVE-2024-41123","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41123"},{"id_type":"cve","id":"CVE-2024-41946","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41946"},{"id_type":"cve","id":"CVE-2024-43398","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43398"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?e4c77c37"}],"description":"According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n REXML is an XML toolkit for Ruby.The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API.The REXML gem 3.3.3 or later include the patch to fix the vulnerability.(CVE-2024-41946)\n\n REXML is an XML toolkit for Ruby.The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `]` and `]`.The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.(CVE-2024-41123)\n\n REXML is an XML toolkit for Ruby.The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes.If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability.If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected.The REXML gem 3.3.6 or later include the patch to fix the vulnerability.(CVE-2024-43398)\n\n REXML is an XML toolkit for Ruby.The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as ``, `0` and `%`.If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities.The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities.Users are advised to upgrade.Users unable to upgrade should avoid parsing untrusted XML strings.(CVE-2024-39908)\n\n REXML is an XML toolkit for Ruby.The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many ``s in an attribute value.Those who need to parse untrusted XMLs may be impacted to this vulnerability.The REXML gem 3.2.7 or later include the patch to fix this vulnerability.As a workaround, don't parse untrusted XMLs.(CVE-2024-35176)\n\nTenable has extracted the preceding description block directly from the EulerOS ruby security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210677","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-2895)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected ruby packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":6.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.8,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Low","severity":"High"},"sort":[1731024000000,"210677"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210676","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"IAVA","id":"2024-A-0457-S","type":"advisory","url":null},{"id_type":"IAVA","id":"2024-A-0571-S","type":"advisory","url":null},{"id_type":"cve","id":"CVE-2024-7264","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264"},{"id_type":"cve","id":"CVE-2024-8096","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?ad805de6"}],"description":"According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the\n *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated.This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.(CVE-2024-7264)\n\n When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.(CVE-2024-8096)\n\nTenable has extracted the preceding description block directly from the EulerOS curl security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210676","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-2809)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected curl packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":6.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":5.9,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":6.1,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"4.4","script_family":"Huawei Local Security Checks","xrefs":{"IAVA":["2024-A-0457-S","2024-A-0571-S"]},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Medium","severity":"High"},"sort":[1731024000000,"210676"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210675","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-41957","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41957"},{"id_type":"cve","id":"CVE-2024-41965","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41965"},{"id_type":"cve","id":"CVE-2024-43374","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43374"},{"id_type":"cve","id":"CVE-2024-43802","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43802"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?3fca203c"}],"description":"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception.\n Impact is low since the user must intentionally execute vim with several non-default flags,but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647(CVE-2024-41957)\n\n Vim is an open source command line text editor. double-free in dialog_changed() in Vim v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet.\n However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.(CVE-2024-41965)\n\n The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.(CVE-2024-43374)\n\n Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g.\n ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2024-43802)\n\nTenable has extracted the preceding description block directly from the EulerOS vim security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210675","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP9 : vim (EulerOS-SA-2024-2823)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected vim packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":5.3,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P","cvssv3_temporal_score":4.6,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:P/I:P/A:P","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","cvssv4_vector":null,"cvssv2_temporal_score":3.4,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.6,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"3.4","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Low","severity":"Medium"},"sort":[1731024000000,"210675"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210674","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2022-48622","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48622"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?1206da37"}],"description":"According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file.A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack.This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.(CVE-2022-48622)\n\nTenable has extracted the preceding description block directly from the EulerOS gdk-pixbuf2 security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210674","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP10 : gdk-pixbuf2 (EulerOS-SA-2024-2904)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected gdk-pixbuf2 packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":7,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.6,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.2,"cvssv3_temporal_vector_base":"E:P/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:P/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Medium","severity":"High"},"sort":[1731024000000,"210674"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210673","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-6345","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6345"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?5c063f37"}],"description":"According to the versions of the python-setuptools packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.(CVE-2024-6345)\n\nTenable has extracted the preceding description block directly from the EulerOS python-setuptools security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Critical","script_id":"210673","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : python-setuptools (EulerOS-SA-2024-2837)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected python-setuptools packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":8.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":7.7,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":7.4,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":10,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Critical","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"5.9","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Critical","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Critical"},"sort":[1731024000000,"210673"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210672","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-43167","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43167"},{"id_type":"cve","id":"CVE-2024-43168","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43168"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?8cc28a18"}],"description":"According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption.This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution.This could result in a denial of service or unauthorized actions on the system.(CVE-2024-43168)\n\n A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound.This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault.When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash.This issue can result in a denial of service by causing the application to terminate unexpectedly.(CVE-2024-43167)\n\nTenable has extracted the preceding description block directly from the EulerOS unbound security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210672","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP10 : unbound (EulerOS-SA-2024-2897)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected unbound packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":4.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P","cvssv3_temporal_score":4.2,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:S/C:P/I:P/A:P","cvssv3_vector_base":"AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","cvssv4_vector":null,"cvssv2_temporal_score":3.2,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.3,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"4.2","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Medium"},"sort":[1731024000000,"210672"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210671","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2023-50782","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?e14b88f2"}],"description":"According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A flaw was found in the python-cryptography package.This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.(CVE-2023-50782)\n\nTenable has extracted the preceding description block directly from the EulerOS python-cryptography security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210671","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP10 : python-cryptography (EulerOS-SA-2024-2912)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected python-cryptography packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N","cvssv3_temporal_score":6.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:C/I:N/A:N","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvssv4_vector":null,"cvssv2_temporal_score":5.8,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Low","severity":"High"},"sort":[1731024000000,"210671"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210670","_score":null,"_source":{"plugin_modification_date":"2024-11-15T00:00:00","references":[{"id_type":"IAVB","id":"2024-B-0074-S","type":"advisory","url":null},{"id_type":"cve","id":"CVE-2024-29508","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29508"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?a4397ffd"}],"description":"According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.(CVE-2024-29508)\n\nTenable has extracted the preceding description block directly from the EulerOS ghostscript security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Low","script_id":"210670","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2024-2886)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected ghostscript packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":3.3,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N","cvssv3_temporal_score":2.9,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:S/C:P/I:N/A:N","cvssv3_vector_base":"AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvssv4_vector":null,"cvssv2_temporal_score":1.3,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":1.7,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Low","cvssv3_risk_factor":"Low","cvssv4_risk_factor":null},"vpr_score":"1.4","script_family":"Huawei Local Security Checks","xrefs":{"IAVB":["2024-B-0074-S"]},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/15/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"vprSeverity":"Low","severity":"Low"},"sort":[1731024000000,"210670"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210669","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-25629","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25629"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?e20910cc"}],"description":"According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n c-ares is a C library for asynchronous DNS requests.`ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/ nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file.If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash.This issue is fixed in c-ares 1.27.0.No known workarounds exist.(CVE-2024-25629)\n\nTenable has extracted the preceding description block directly from the EulerOS c-ares security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210669","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2024-2881)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected c-ares packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":4.4,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:H/Au:S/C:N/I:P/A:C","cvssv3_temporal_score":3.9,"rating":null,"cvssv2_vector_base":"AV:L/AC:H/Au:S/C:N/I:P/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":3.3,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.5,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Low","severity":"Medium"},"sort":[1731024000000,"210669"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210668","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-7006","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?6c690eff"}],"description":"According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`.This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault.This can cause an application crash, eventually leading to a denial of service.(CVE-2024-7006)\n\nTenable has extracted the preceding description block directly from the EulerOS libtiff security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"High","script_id":"210668","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP10 : libtiff (EulerOS-SA-2024-2889)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected libtiff packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":7.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":6.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":5.8,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":7.8,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"High","cvssv3_risk_factor":"High","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"vprSeverity":"Low","severity":"High"},"sort":[1731024000000,"210668"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210667","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2023-39328","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39328"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?58249f53"}],"description":"According to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.(CVE-2023-39328)\n\nTenable has extracted the preceding description block directly from the EulerOS openjpeg2 security advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","risk_factor":"Medium","script_id":"210667","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing a security update.","script_name":"EulerOS 2.0 SP9 : openjpeg2 (EulerOS-SA-2024-2818)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected openjpeg2 packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":5.5,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C","cvssv3_temporal_score":4.8,"rating":null,"cvssv2_vector_base":"AV:L/AC:L/Au:N/C:N/I:N/A:C","cvssv3_vector_base":"AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvssv4_vector":null,"cvssv2_temporal_score":3.6,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":4.9,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Medium","cvssv3_risk_factor":"Medium","cvssv4_risk_factor":null},"vpr_score":"3.6","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Low","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"vprSeverity":"Low","severity":"Medium"},"sort":[1731024000000,"210667"]},{"_index":"1730133371790_plugin_en_us_nessus","_type":"_doc","_id":"210666","_score":null,"_source":{"plugin_modification_date":"2024-11-08T00:00:00","references":[{"id_type":"cve","id":"CVE-2024-45490","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490"},{"id_type":"cve","id":"CVE-2024-45491","type":"vulnerability","url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491"},{"id_type":null,"id":null,"type":"unknown","url":"http://www.nessus.org/u?973e3d37"}],"description":"According to the versions of the xmlrpc-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n An issue was discovered in libexpat before 2.6.3.xmlparse.c does not reject a negative length for XML_ParseBuffer.(CVE-2024-45490)\n\n An issue was discovered in libexpat before 2.6.3.dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).(CVE-2024-45491)\n\nTenable has extracted the preceding description block directly from the EulerOS xmlrpc-c security advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.","risk_factor":"Critical","script_id":"210666","available_languages":["en_US"],"synopsis":"The remote EulerOS host is missing multiple security updates.","script_name":"EulerOS 2.0 SP10 : xmlrpc-c (EulerOS-SA-2024-2919)","language_code":"en_US","supported_sensors":[{"label":"Nessus","value":"nessus"}],"solution":"Update the affected xmlrpc-c packages.","plugin_type":"local","sensor":"nessus","plugin_publication_date":"2024-11-08T00:00:00","cvss":{"cvssv3_score":9.8,"cvssv4_score":null,"cvssv3_environmental_vector":null,"cvssv2_vector":"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C","cvssv3_temporal_score":8.5,"rating":null,"cvssv2_vector_base":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvssv3_vector_base":"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cvssv3_environmental_score":null,"cvssv3_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvssv4_vector":null,"cvssv2_temporal_score":7.4,"source":null,"cvssv2_environmental_score":null,"cvssv2_temporal_vector":null,"cvssv4_threat_vector":null,"cvssv2_score":10,"cvssv3_temporal_vector_base":"E:U/RL:O/RC:C","cvssv3_version":"3.0","cvssv4_threat_score":null,"cvssv3_temporal_vector":"CVSS:3.0/E:U/RL:O/RC:C","cvssv2_temporal_vector_base":null,"cvssv2_environmental_vector":null,"cvssv2_risk_factor":"Critical","cvssv3_risk_factor":"Critical","cvssv4_risk_factor":null},"vpr_score":"6.7","script_family":"Huawei Local Security Checks","xrefs":{},"pluginPublicationDate":"11/8/2024","pluginModificationDate":"11/8/2024","locale":"en","availableLocales":["en"],"vpr_risk_factor":"Medium","cisaKnownExploitedDate":null,"configurationMessages":[],"cvssV2Severity":"Critical","cvssV3Severity":"Critical","cvssV4Severity":null,"vprSeverity":"Medium","severity":"Critical"},"sort":[1731024000000,"210666"]}],"total":12247,"type":"nessus","family":"Huawei Local Security Checks","page":1,"apiUrl":"https://www.tenable.com/plugins/api/v1/nessus/families/Huawei%20Local%20Security%20Checks?page=1"},"cookies":{},"user":null,"flash":null,"env":{"baseUrl":"https://www.tenable.com","host":"www.tenable.com","ga4TrackingId":""},"isUnsupportedBrowser":true,"__N_SSP":true},"page":"/plugins/[type]/families/[family]","query":{"type":"nessus","family":"Huawei Local Security Checks"},"buildId":"l4vcnKDxIXiOkUtvMoFnX","isFallback":false,"isExperimentalCompile":false,"gssp":true,"appGip":true,"locale":"en","locales":["en","de","es","fr","ja","ko","zh-CN","zh-TW"],"defaultLocale":"en","domainLocales":[{"domain":"www.tenable.com","defaultLocale":"en"},{"domain":"de.tenable.com","defaultLocale":"de"},{"domain":"es-la.tenable.com","defaultLocale":"es"},{"domain":"fr.tenable.com","defaultLocale":"fr"},{"domain":"jp.tenable.com","defaultLocale":"ja"},{"domain":"kr.tenable.com","defaultLocale":"ko"},{"domain":"www.tenablecloud.cn","defaultLocale":"zh-CN"},{"domain":"zh-tw.tenable.com","defaultLocale":"zh-TW"}],"scriptLoader":[]}</script></body></html>