The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A nil pointer dereference in the golang.org/x/crypto/ssh component through     v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH     servers. (CVE-2020-29652)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1796 advisory.

  - A nil pointer dereference in the golang.org/x/crypto/ssh component through     v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH     servers. (CVE-2020-29652)

  - Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including     from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by     default and do not require authentication. This issue affects Podman 1.8.0 onwards. (CVE-2021-20199)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1796 advisory.

  - golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)

  - podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1796 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)

    * podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of golang installed on the remote host is prior to 1.18.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1830 advisory.

    A null pointer dereference vulnerability was found in golang. When using the library's ssh server without     specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client     connection using the  authentication method and cause the server to panic resulting in a denial of     service. The highest threat from this vulnerability is to system availability. (CVE-2020-29652)

    A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a     large PEM input (more than 5 MB) ), causing a stack overflow in Decode, which leads to a loss of     availability. (CVE-2022-24675)

    An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to     use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to     panic, leading to a loss of availability. (CVE-2022-28327)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1796 advisory.

    - address CVE-2019-19921 by updating to rc10

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0808 advisory.

  - The go command may execute arbitrary code at build time when using cgo. This may occur when running go     get on a malicious module, or when running any other command which builds untrusted code. This is can by     triggered by linker flags, specified via a #cgo LDFLAGS directive. Flags containing embedded spaces are     mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in     the argument of another flag. This only affects usage of the gccgo compiler. (CVE-2023-29405)

  - When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by     finalizing the operation with a rename from a temporary name to the final target file name.In that rename     operation, it might accidentally *widen* the permissions for the target file, leaving the updated file     accessible to more users than intended. (CVE-2022-32207)

  - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. (CVE-2022-38900)

  - The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
    (CVE-2022-33987)

  - Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the     name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3. (CVE-2022-37601)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
251654	Linux Distros Unpatched Vulnerability : CVE-2020-29652	Nessus	Misc.	8/18/2025	9/4/2025	high
184546	Rocky Linux 8 : container-tools:rhel8 (RLSA-2021:1796)	Nessus	Rocky Linux Local Security Checks	11/6/2023	12/8/2023	medium
150033	CentOS 8 : container-tools:rhel8 (CESA-2021:1796)	Nessus	CentOS Local Security Checks	5/28/2021	12/28/2023	medium
149688	RHEL 8 : container-tools:rhel8 (RHSA-2021:1796)	Nessus	Red Hat Local Security Checks	5/19/2021	3/13/2025	medium
163918	Amazon Linux 2 : golang, --advisory ALAS2-2022-1830 (ALAS-2022-1830)	Nessus	Amazon Linux Local Security Checks	8/8/2022	9/24/2025	high
155323	Oracle Linux 8 : container-tools:ol8 (ELSA-2021-1796)	Nessus	Oracle Linux Local Security Checks	11/12/2021	11/1/2024	medium
194928	Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)	Nessus	CGI abuses	5/2/2024	7/29/2024	critical

Detections

Analytics

Plugins Search

high

medium

medium

medium

high

medium

critical