The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2294-1 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - Possible XSS in SafeBuffer#bytesplice [fedora-all] (CVE-2023-28120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-d6157bb1e2 advisory.

    Update to 7.0.4.3.  https://rubyonrails.org/2023/3/13/Rails-7-0-4-3-and-6-1-7-3-have-been-released



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2304-1 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - Possible XSS in SafeBuffer#bytesplice [fedora-all] (CVE-2023-28120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-7002afbbb8 advisory.

    Update to Ruby on Rails 7.0.4.3.
    https://rubyonrails.org/2023/3/13/Rails-7-0-4-3-and-6-1-7-3-have-been-released





Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2781-1 advisory.

  - A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise     Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap     15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This     issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux     Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server     versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-     server versions prior to 2.10. (CVE-2022-31254)

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - Possible XSS in SafeBuffer#bytesplice [fedora-all] (CVE-2023-28120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with     untrusted user input. (CVE-2023-28120)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5389 advisory.

    Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework,     which could lead to XSS and DOM based cross-site scripting (CRS). This update also fixes a regression     introduced in previous update that may block certain access for applications using development     environment. For the stable distribution (bullseye), these problems have been fixed in version     2:6.0.3.7+dfsg-2+deb11u2. We recommend that you upgrade your rails packages. For the detailed security     status of rails please refer to its security tracker page at: https://security-     tracker.debian.org/tracker/rails

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2280-1 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - Possible XSS in SafeBuffer#bytesplice [fedora-all] (CVE-2023-28120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2295-1 advisory.

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart     MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart     parsing to take longer than expected. (CVE-2023-27530)

  - Possible XSS in SafeBuffer#bytesplice [fedora-all] (CVE-2023-28120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
176407	SUSE SLES15 Security Update : rmt-server (SUSE-SU-2023:2294-1)	Nessus	SuSE Local Security Checks	5/26/2023	7/14/2023	high
173746	Fedora 38 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-d6157bb1e2)	Nessus	Fedora Local Security Checks	4/2/2023	1/10/2025	medium
176411	SUSE SLES15 Security Update : rmt-server (SUSE-SU-2023:2304-1)	Nessus	SuSE Local Security Checks	5/26/2023	7/14/2023	high
173886	Fedora 37 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-7002afbbb8)	Nessus	Fedora Local Security Checks	4/5/2023	1/10/2025	medium
177990	SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2023:2781-1)	Nessus	SuSE Local Security Checks	7/5/2023	7/14/2023	high
258463	Linux Distros Unpatched Vulnerability : CVE-2023-28120	Nessus	Misc.	8/30/2025	10/14/2025	medium
174384	Debian DSA-5389-1 : rails - security update	Nessus	Debian Local Security Checks	4/15/2023	1/24/2025	medium
176351	SUSE SLES15 Security Update : rmt-server (SUSE-SU-2023:2280-1)	Nessus	SuSE Local Security Checks	5/25/2023	7/14/2023	high
176406	SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2023:2295-1)	Nessus	SuSE Local Security Checks	5/26/2023	7/14/2023	high

Detections

Analytics

Plugins Search

high

medium

high

medium

high

medium

medium

high

high