The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4068 advisory.

  - The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle,     which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends imbalanced braces as     input, the parsing will enter a loop, which will cause the program to start allocating heap memory without     freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program     will crash. (CVE-2024-4068)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8075 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.19 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 7.4.18, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.19 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * braces: fails to limit the number of characters it can handle [eap-7.4.z] (CVE-2024-4068)

    * jose4j: denial of service via specially crafted JWE [eap-7.4.z] (CVE-2023-51775)

    * wildfly-domain-http: wildfly: No timeout for EAP management interface may lead to Denial of Service     (DoS) [eap-7.4.z] (CVE-2024-4029)

    * xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.4.z] (CVE-2022-34169)

    * org.jsoup/jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if     SafeList.preserveRelativeLinks is enabled [eap-7.4.z] (CVE-2022-36033)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9a278a7768 advisory.

        Added patch for CVE-2024-4068 (rhbz#2280624)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0951177024 advisory.

        Added patch for CVE-2024-4068 (rhbz#2280624)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9820d9491f advisory.

    Backport security fixes for CVE-2024-4216, CVE-2024-4068, CVE-2024-4067.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8076 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.19 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 7.4.18, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.19 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * braces: fails to limit the number of characters it can handle [eap-7.4.z] (CVE-2024-4068)

    * jose4j: denial of service via specially crafted JWE [eap-7.4.z] (CVE-2023-51775)

    * wildfly-domain-http: wildfly: No timeout for EAP management interface may lead to Denial of Service     (DoS) [eap-7.4.z] (CVE-2024-4029)

    * xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.4.z] (CVE-2022-34169)

    * org.jsoup/jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if     SafeList.preserveRelativeLinks is enabled [eap-7.4.z] (CVE-2022-36033)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8077 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.19 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 7.4.18, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.19 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * braces: fails to limit the number of characters it can handle [eap-7.4.z] (CVE-2024-4068)

    * jose4j: denial of service via specially crafted JWE [eap-7.4.z] (CVE-2023-51775)

    * wildfly-domain-http: wildfly: No timeout for EAP management interface may lead to Denial of Service     (DoS) [eap-7.4.z] (CVE-2024-4029)

    * xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.4.z] (CVE-2022-34169)

    * org.jsoup/jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if     SafeList.preserveRelativeLinks is enabled [eap-7.4.z] (CVE-2022-36033)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle,     which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends imbalanced braces as     input, the parsing will enter a loop, which will cause the program to start allocating heap memory without     freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program     will crash. (CVE-2024-4068)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3771-1 advisory.

    - CVE-2024-38355: Fixed socket.io: unhandled 'error' event (bsc#1226967)
    - CVE-2024-38998: Fixed requirejs: prototype pollution via function config (bsc#1227248)
    - CVE-2024-38999: Fixed requirejs: prototype pollution via function s.contexts._.configure (bsc#1227252)
    - CVE-2024-39338: Fixed axios: server-side request forgery due to requests for path relative URLs being     processed as protocol relative URLs in axios (bsc#1229423)
    - CVE-2024-4067: Fixed micromatch: vulnerable to Regular Expression Denial of Service (ReDoS)     (bsc#1224366)
    - CVE-2024-4068: Fixed braces: fails to limit the number of characters it can handle, which could lead to     Memory Exhaustion (bsc#1224295)
    - CVE-2024-43788: Fixed webpack: DOM clobbering gadget in AutoPublicPathRuntimeModule could lead to XSS     (bsc#1229861)
    - CVE-2024-48948: Fixed elliptic: ECDSA signature verification error due to leading zero may reject     legitimate transactions in elliptic (bsc#1231684)
    - CVE-2024-48949: Fixed elliptic: Missing Validation in Elliptic's EDDSA Signature Verification     (bsc#1231564)
    - CVE-2024-9014: Fixed OAuth2 issue that could lead to information leak (bsc#1230928)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1326-1 advisory.

    - CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when     baseURL is set (bsc#1239308)
    - CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session     if two users authenticate simultaneously via ldap (bsc#1234840)
    - CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01326-1 advisory.

    - CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when     baseURL is set (bsc#1239308)
    - CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session     if two users authenticate simultaneously via ldap (bsc#1234840)
    - CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
201772	CBL Mariner 2.0 Security Update: reaper (CVE-2024-4068)	Nessus	MarinerOS Local Security Checks	7/3/2024	8/5/2025	high
209009	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.19 Security update (Important) (RHSA-2024:8075)	Nessus	Red Hat Local Security Checks	10/14/2024	10/14/2024	high
233473	Fedora 40 : nodejs-nodemon (2025-9a278a7768)	Nessus	Fedora Local Security Checks	3/28/2025	3/28/2025	high
233475	Fedora 41 : nodejs-nodemon (2025-0951177024)	Nessus	Fedora Local Security Checks	3/28/2025	3/28/2025	high
202327	Fedora 39 : pgadmin4 (2024-9820d9491f)	Nessus	Fedora Local Security Checks	7/13/2024	9/22/2025	medium
209008	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.19 Security update (Important) (RHSA-2024:8076)	Nessus	Red Hat Local Security Checks	10/14/2024	10/14/2024	high
209012	RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.19 Security update (Important) (RHSA-2024:8077)	Nessus	Red Hat Local Security Checks	10/14/2024	10/14/2024	high
228451	Linux Distros Unpatched Vulnerability : CVE-2024-4068	Nessus	Misc.	3/5/2025	11/19/2025	high
209968	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : pgadmin4 (SUSE-SU-2024:3771-1)	Nessus	SuSE Local Security Checks	10/31/2024	9/24/2025	critical
234538	SUSE SLED15 / SLES15 Security Update : pgadmin4 (SUSE-SU-2025:1326-1)	Nessus	SuSE Local Security Checks	4/17/2025	4/17/2025	high
250270	SUSE SLED15 / SLES15 Security Update : pgadmin4 (SUSE-SU-2025:01326-1)	Nessus	SuSE Local Security Checks	8/15/2025	8/15/2025	high

Detections

Analytics

Plugins Search

high

high

high

high

medium

high

high

high

critical

high

high