リモートの SUSE Linux SLES12 ホストには、SUSE-SU-2025:03540-1 のアドバイザリに記載された複数の脆弱性の影響を受けるパッケージがインストールされています。

    - docker-stable フォーク以前の履歴変更ログデータを含めます。最初の変更ログのエントリは、技術的には必要な情報をすべて提供していましたが、Tenable の CVE トラッキングツールはパッケージのフォーク方法を理解していないため、このパッケージには約 12 年分の更新に対する修正が含まれていないと思われます。そのため、フォークポイントまで、元のパッケージの変更ログのコピーを含めます。(bsc#1250596)

    - SLE での git-core 推奨を削除します。ほとんどの SLE システムは、デフォルトで installRecommends=yes を設定しているため、Docker で git がインストールされます。
      bsc#1250508

      この機能は、主に開発者向け (「docker build git://」) であり、多くのユーザーはすでに依存関係をインストール済みです。また、git がない場合のエラーは比較的わかりやすく、インストールする必要のあるものを簡単に特定できます。

    - バックポート <https://github.com/moby/moby/pull/48517>。 bsc#1247362

    - docker-buildx v0.25.0 に更新します。Upstream 変更ログ。
      <https://github.com/docker/buildx/releases/tag/v0.25.0>

    - Rootless Docker モードでは、Docker がホストの zypper 認証情報へのアクセス許可を持たないため、SUSEConnect のシークレットを注入しないでください (特権のないユーザーは /etc/docker/suse-secrets-enable を使用してもこの機能を無効化できません)。(bsc#1240150)

    - Docker 24.0.7-ce リリース (2024 年 2 月 14 日にパッケージ化) からフォークされた、初期の docker-stable フォーク。以下に、履歴用の元の変更ログを示します。

Tenable は、前述の記述ブロックを SUSE セキュリティアドバイザリから直接抽出しています。

Nessus はこれらの問題をテストしておらず、代わりにアプリケーションが自己報告するバージョン番号にのみ依存していることに注意してください。

リモートホストにインストールされている Splunk のバージョンは、テスト済みバージョンより前です。したがって、SVD-2023-0613 のアドバイザリに記載されている脆弱性の影響を受けます。

  - p 変数を介した Node.js の 0.8.3より前の xmldom (@xmldom/xmldom として公開済み) パッケージの dom.js の関数 copy にプロトタイプ汚染の脆弱性が存在します。注意: ベンダーは、弊社がこのレポートを無効とする手続きを行っていると述べています。ただし、一部のサードパーティは、プロトタイプインジェクション/プロトタイプの汚染は、グローバルオブジェクトが再帰マージまたはディープクローンで汚染されるだけでなく、ターゲットオブジェクトが汚染される場合もあると考えています。(CVE-2022-37616)

  - curl < 7.84.0が Cookie、alt-svc、hsts のデータをローカルファイルに保存するとき、一時的な名前から最終的なターゲットファイル名への名前変更で操作をファイナライゼーションすることで、操作をアトミックにします。この名前変更操作で、偶発的に、ターゲットファイルの権限を *拡大* し、意図したよりも多くのユーザーが更新済みファイルにアクセスできるようになる可能性があります。(CVE-2022-32207)

  - 2.10.3より前の libxml2 で問題が発見されました。XML_PARSE_HUGE パーサーオプションを有効にしてマルチギガバイトの XML ドキュメントを解析すると、いくつかの整数カウンターがオーバーフローする可能性があります。これにより、負の 2GB オフセットで配列へのアクセスが試行され、通常はセグメンテーション違反が発生します。(CVE-2022-40303)

  - 2.10.3より前の libxml2 で問題が発見されました。特定の無効な XML エンティティ定義により、ハッシュテーブルキーが破損し、後続のロジックエラーが発生する可能性があります。ある場合では、二重解放が引き起こされる可能性があります。(CVE-2022-40304) 

  - X.509 GeneralName 内の X.400 アドレス処理に関連する型の取り違えの脆弱性があります。
    X.400 アドレスは ASN1_STRING として解析されていましたが、GENERAL_NAME のパブリック構造体の定義で x400Address フィールドのタイプが ASN1_TYPE として不適切に指定されていました。このフィールドは、その後、OpenSSL 関数 GENERAL_NAME_cmp によって、ASN1_STRING ではなく ASN1_TYPE として解釈されます。CRL チェックが有効な場合 (アプリケーションが X509_V_FLAG_CRL_CHECK フラグを設定するなど)、この脆弱性により、攻撃者が任意のポインターを memcmp 呼び出しに渡し、メモリの内容を読み取ったり、サービス拒否を引き起こしたりする可能性があります。ほとんどの場合、攻撃者は証明書チェーンと CRL の両方を提供する必要があります。どちらも有効な署名を必要としません。攻撃者がこれらの入力の 1 つのみをコントロールする場合、他の入力には CRL 配布ポイントとして X.400 アドレスがすでに含められている必要がありますが、これはよくあることではありません。このため、この脆弱性の影響を受ける可能性が最も高いのは、ネットワークを介して CRL を取得するための独自の機能を実装しているアプリケーションのみです。(CVE-2023-0286)

Nessus はこの問題をテストしておらず、代わりにアプリケーションが自己報告するバージョン番号にのみ依存していることに注意してください。

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.1705.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2303 advisory.

    2023-10-30: CVE-2023-29409 was added to this advisory.

    2023-10-30: CVE-2023-3978 was added to this advisory.

    2023-10-30: CVE-2023-29406 was added to this advisory.

    2023-10-30: CVE-2023-24540 was added to this advisory.

    The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an     attacker to panic an SSH server. (CVE-2021-43565)

    http2/hpack: avoid quadratic complexity in hpack decoding (CVE-2022-41723)

    Templates did not properly consider backticks (`) as Javascript string delimiters, and as such didnot     escape them as expected. Backticks are used, since ES6, for JS template literals. If a templatecontained a     Go template action within a Javascript template literal, the contents of the action couldbe used to     terminate the literal, injecting arbitrary Javascript code into the Go template. (CVE-2023-24538)

    html/template: improper handling of JavaScript whitespace.

    Not all valid JavaScript whitespace characters were considered to be whitespace. Templates containing     whitespace characters outside of the character set \t\n\f\r\u0020\u2028\u2029 in JavaScript contexts     that also contain actions may not be properly sanitized during execution. (CVE-2023-24540)

    The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host     header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send     requests containing an invalid Request.Host or Request.URL.Host value. (CVE-2023-29406)

    Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time     verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <=     8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in     circulation with keys larger than this, and all three appear to be test certificates that are not actively     deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so     causing breakage here in the interests of increasing the default safety of users of crypto/tls seems     reasonable. (CVE-2023-29409)

    Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be     escaped to not be. This could lead to an XSS attack. (CVE-2023-3978)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0526-1 advisory.

  - The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an     attacker to panic an SSH server. (CVE-2021-43565)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of cf-cli / cri-o / gh / libcontainers-common installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-43565 advisory.

  - The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an     attacker to panic an SSH server. (CVE-2021-43565)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1361 advisory.

    Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red     Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade     persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In     addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management     service with an S3 compatible API.

    Security Fix(es):
    * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
    * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
    * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
    * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

    Bug Fix(es):

    These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of     these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes     for information on the most significant of these changes:

    https://access.redhat.com//documentation/en-     us/red_hat_openshift_data_foundation/4.10/html/4.10_release_notes/index

    All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which     provide numerous bug fixes and enhancements.

    or more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information refer to the CVE     page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1689-1 advisory.

  - The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an     attacker to panic an SSH server. (CVE-2021-43565)

  - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in     containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI     implementation on Linux with a specially-crafted image configuration could gain access to read-only copies     of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container     setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information.
    Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been     fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.
    (CVE-2022-23648)

  - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug     was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with     non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling     programs with inheritable file capabilities to elevate those capabilities to the permitted set during     `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise     unprivileged users and processes can execute those programs and gain the specified file capabilities up to     the bounding set. Due to this bug, containers which included executable programs with inheritable file     capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable     file capabilities up to the container's bounding set. Containers which use Linux users and groups to     perform privilege separation inside the container are most directly impacted. This bug did not affect the     container security sandbox as the inheritable set never contained more capabilities than were included in     the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers     should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes     Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a     workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop     inheritable capabilities prior to the primary process starting. (CVE-2022-24769)

  - The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to     crash a server in certain circumstances involving AddHostKey. (CVE-2022-27191)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0613 advisory.

  - A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as     @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states we are in     the process of marking this report as invalid; however, some third parties takes the position that A     prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge     or deep cloning but also when a target object is polluted. (CVE-2022-37616)

  - When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by     finalizing the operation with a rename from a temporary name to the final target file name.In that rename     operation, it might accidentally *widen* the permissions for the target file, leaving the updated file     accessible to more users than intended. (CVE-2022-32207)

  - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the     XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to     access an array at a negative 2GB offset, typically leading to a segmentation fault. (CVE-2022-40303)

  - An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a     hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be     provoked. (CVE-2022-40304)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03540-1 advisory.

    - Include historical changelog data from before the docker-stable fork. The       initial changelog entry did technically provide all the necessary       information, but our CVE tracking tools do not understand how the package is       forked and so it seems that this package does not include fixes for ~12 years       of updates. So, include a copy of the original package's changelog up until       the fork point. (bsc#1250596)

    - Remove git-core recommends on SLE. Most SLE systems have       installRecommends=yes by default and thus end up installing git with Docker.
      bsc#1250508

      This feature is mostly intended for developers ('docker build git://') so       most users already have the dependency installed, and the error when git is       missing is fairly straightforward (so they can easily figure out what they       need to install).

    - Backport <https://github.com/moby/moby/pull/48517>. bsc#1247362

    - Update to docker-buildx v0.25.0. Upstream changelog:
      <https://github.com/docker/buildx/releases/tag/v0.25.0>

    - Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as       Docker does not have permission to access the host zypper credentials in this       mode (and unprivileged users cannot disable the feature using       /etc/docker/suse-secrets-enable.) bsc#1240150

    - Initial docker-stable fork, forked from Docker 24.0.7-ce release       (packaged on 2024-02-14). The original changelog is included below for       historical reference.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
270099	SUSE SLES12 セキュリティ更新 : docker-stable (SUSE-SU-2025:03540-1)	Nessus	SuSE Local Security Checks	10/11/2025	10/11/2025	critical
194919	Splunk Enterprise < 8.1.14、8.2.0 < 8.2.11、9.0.0 < 9.0.5 (SVD-2023-0613)	Nessus	CGI abuses	5/2/2024	7/26/2024	critical
183477	Amazon Linux 2 : amazon-ssm-agent (ALAS-2023-2303)	Nessus	Amazon Linux Local Security Checks	10/20/2023	12/11/2024	critical
158232	openSUSE 15 Security Update : kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (openSUSE-SU-2022:0526-1)	Nessus	SuSE Local Security Checks	2/22/2022	3/21/2023	high
204606	CBL Mariner 2.0 Security Update: cf-cli / cri-o / gh / libcontainers-common (CVE-2021-43565)	Nessus	MarinerOS Local Security Checks	7/24/2024	2/10/2025	high
194198	RHEL 8 : Red Hat OpenShift Data Foundation 4.10.0 RPM (RHSA-2022:1361)	Nessus	Red Hat Local Security Checks	4/28/2024	11/7/2024	medium
161237	SUSE SLES15 Security Update : containerd, docker (SUSE-SU-2022:1689-1)	Nessus	SuSE Local Security Checks	5/17/2022	7/13/2023	high
194919	Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)	Nessus	CGI abuses	5/2/2024	7/26/2024	critical
270099	SUSE SLES12 Security Update : docker-stable (SUSE-SU-2025:03540-1)	Nessus	SuSE Local Security Checks	10/11/2025	10/11/2025	critical

Detections

Analytics

Plugins Search

critical

critical

critical

high

high

medium

high

critical

critical