The version of AHV installed on the remote host is prior to 20220304.242. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.242 advisory.

  - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)

  - In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in     xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
    (CVE-2021-45960)

  - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It     permits the visual reordering of characters via control sequences, which can be used to craft source code     that renders different logic than the logical ordering of tokens ingested by compilers and interpreters.
    Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted     vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the     following alternative approach to presenting this concern. An issue is noted in the nature of     international text that can affect applications that implement support for The Unicode Standard and the     Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-     right and right-to-left characters, the visual order of tokens may be different from their logical order.
    Additionally, control characters needed to fully support the requirements of bidirectional text can     further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such     that the ordering of tokens perceived by human reviewers does not match what will be processed by a     compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its     document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also     provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode     Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the     BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading     visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.
    (CVE-2021-42574)

  - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the     attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content     to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing     filenames with two or more newlines where selected content and the target file names are embedded in     crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write     arbitrary files on the system. (CVE-2022-1271)

  - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS     extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. (CVE-2021-45417)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6181 advisory.

  - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary     files inside the directories of connecting peers. The server chooses which files/directories are sent to     the client. However, the rsync client performs insufficient validation of file names. A malicious rsync     server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory     and subdirectories (for example, overwrite the .ssh/authorized_keys file). (CVE-2022-29154)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary     files inside the directories of connecting peers. The server chooses which files/directories are sent to     the client. However, the rsync client performs insufficient validation of file names. A malicious rsync     server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory     and subdirectories (for example, overwrite the .ssh/authorized_keys file). (CVE-2022-29154)

  - zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a     large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some     common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g.,     see the nodejs/node reference). (CVE-2022-37434)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1873 advisory.

    A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync     server. The server can copy and overwrite arbitrary files in the client's rsync target directory and     subdirectories. This flaw allows a malicious server, or in some cases, another attacker who performs a     man-in-the-middle attack, to potentially overwrite sensitive files on the client machine, resulting in     further exploitation. (CVE-2022-29154)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 21f43976-1887-11ed-9911-40b034429ecf advisory.

  - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary     files inside the directories of connecting peers. The server chooses which files/directories are sent to     the client. However, the rsync client performs insufficient validation of file names. A malicious rsync     server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory     and subdirectories (for example, overwrite the .ssh/authorized_keys file). (CVE-2022-29154)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2859-1 advisory.

  - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary     files inside the directories of connecting peers. The server chooses which files/directories are sent to     the client. However, the rsync client performs insufficient validation of file names. A malicious rsync     server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory     and subdirectories (for example, overwrite the .ssh/authorized_keys file). (CVE-2022-29154)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6171 advisory.

    The rsync utility enables the users to copy and synchronize files locally or across a network.
    Synchronization with rsync is fast because rsync only sends the differences in files over the network     instead of sending whole files. The rsync utility is also used as a mirroring tool.

    Security Fix(es):

    * rsync: remote arbitrary files write inside the directories of connecting peers (CVE-2022-29154)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-148 advisory.

    A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync     server. The server can copy and overwrite arbitrary files in the client's rsync target directory and     subdirectories. This flaw allows a malicious server, or in some cases, another attacker who performs a     man-in-the-middle attack, to potentially overwrite sensitive files on the client machine, resulting in     further exploitation. (CVE-2022-29154)

    A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the     inflate.c function via a large gzip header extra field. This flaw is only applicable in the call     inflateGetHeader. (CVE-2022-37434)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0153 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2022-29154:
    A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync     server. The server can copy and overwrite arbitrary files in the client's rsync target directory and     subdirectories. This flaw allows a malicious server, or in some cases, another attacker who performs a     man-in-the-middle attack, to potentially overwrite sensitive files on the client machine, resulting in     further exploitation.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of AHV installed on the remote host is prior to 20220304.10013. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.10013 advisory.

  - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)

  - In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in     xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
    (CVE-2021-45960)

  - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the     attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content     to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing     filenames with two or more newlines where selected content and the target file names are embedded in     crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write     arbitrary files on the system. (CVE-2022-1271)

  - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5     allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR     and LF control characters in the first argument of HTTPConnection.request. (CVE-2020-26116)

  - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as     demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this     is similar to CVE-2020-26116. (CVE-2020-26137)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 6.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.2 advisory.

  - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5     allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR     and LF control characters in the first argument of HTTPConnection.request. (CVE-2020-26116)

  - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as     demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this     is similar to CVE-2020-26116. (CVE-2020-26137)

  - Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to     remote code execution in certain Python applications that accept floating-point numbers as untrusted     input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used     unsafely. (CVE-2021-3177)

  - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the     attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content     to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing     filenames with two or more newlines where selected content and the target file names are embedded in     crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write     arbitrary files on the system. (CVE-2022-1271)

  - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged     user to gain root privileges. The bug allows to build several exploit primitives such as kernel address     information leak, arbitrary execution, etc. (CVE-2022-1729)

  - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated     user to potentially enable information disclosure via local access. (CVE-2022-21123)

  - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)

  - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1,     17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
    Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web     Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from     the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using     APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
    (CVE-2022-21540)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1,     17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle     GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments,     typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load     and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for     security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through     a web service which supplies data to the APIs. (CVE-2022-21541)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf,     11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to     exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can     result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM     Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in     clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run     untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This     vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service     which supplies data to the APIs. (CVE-2022-21619)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1,     17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2022-21624)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf,     11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability     allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM     Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a     partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This     vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start     applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the     internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using     APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
    (CVE-2022-21626)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341,     8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM     Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not     apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed     by an administrator). (CVE-2022-21628)

  - A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function     and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for     the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream     object, causing the use-after-free when the reference is still used later. (CVE-2022-2526)

  - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary     files inside the directories of connecting peers. The server chooses which files/directories are sent to     the client. However, the rsync client performs insufficient validation of file names. A malicious rsync     server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory     and subdirectories (for example, overwrite the .ssh/authorized_keys file). (CVE-2022-29154)

  - VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious     actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the     virtual machine. (CVE-2022-31676)

  - The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious     XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler     and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being     retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes     (such as OpenJDK) include repackaged copies of Xalan. (CVE-2022-34169)

  - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the     Form authentication example in the examples web application displayed user provided data without     filtering, exposing a XSS vulnerability. (CVE-2022-34305)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

  - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674)

  - multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited     alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass     access controls and manipulate the multipath setup. This can lead to local privilege escalation to root.
    This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used     instead of bitwise OR. (CVE-2022-41974)

  - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was     configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x     only), Tomcat did not reject a request containing an invalid Content-Length header making a request     smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the     request with the invalid header. (CVE-2022-42252)

  - PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that     may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit     platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other     platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug.
    (CVE-2022-42898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
170564	Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.242)	Nessus	Misc.	1/25/2023	1/21/2026	critical
184580	Rocky Linux 9 : rsync (RLSA-2022:6181)	Nessus	Rocky Linux Local Security Checks	11/6/2023	11/14/2023	high
166864	EulerOS 2.0 SP10 : rsync (EulerOS-SA-2022-2664)	Nessus	Huawei Local Security Checks	11/2/2022	10/5/2023	critical
167228	Amazon Linux 2 : rsync (ALAS-2022-1873)	Nessus	Amazon Linux Local Security Checks	11/9/2022	12/11/2024	high
164054	FreeBSD : rsync -- client-side arbitrary file write vulnerability (21f43976-1887-11ed-9911-40b034429ecf)	Nessus	FreeBSD Local Security Checks	8/11/2022	10/16/2023	high
164302	SUSE SLES12 Security Update : rsync (SUSE-SU-2022:2859-1)	Nessus	SuSE Local Security Checks	8/20/2022	7/14/2023	high
164400	RHEL 8 : rsync (RHSA-2022:6171)	Nessus	Red Hat Local Security Checks	8/25/2022	11/7/2024	high
166125	Amazon Linux 2022 : rsync, rsync-daemon (ALAS2022-2022-148)	Nessus	Amazon Linux Local Security Checks	10/14/2022	12/11/2024	critical
238710	TencentOS Server 3: rsync (TSSA-2022:0153)	Nessus	Tencent Local Security Checks	6/16/2025	11/20/2025	high
170654	Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.10013)	Nessus	Misc.	1/25/2023	1/21/2026	critical
170627	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.2)	Nessus	Misc.	1/25/2023	1/21/2026	critical

Detections

Analytics

Plugins Search

critical

high

critical

high

high

high

high

critical

high

critical

critical