XZ Utils 5.6.0 / 5.6.1 SSH 后门程序 (CVE-2024-3094)

critical Nessus 插件 ID 192708

版本 1.56

Oct 30, 2024, 4:21 PM

  • Detection (Process file exclusion wildcards in a consistent way across find, locate, etc.)

Plugin Feed: 202410301621

版本 1.55

Oct 29, 2024, 8:44 PM

  • Logic Changes (Extend structured reporting to vcf_extras)

Plugin Feed: 202410292044

版本 1.53

Oct 23, 2024, 3:47 PM

  • Plugin metadata (update thorough_tests attribute)

Plugin Feed: 202410231547

版本 1.49

Oct 10, 2024, 11:57 PM

  • New

Plugin Feed: 202410102357

版本 1.48

Oct 10, 2024, 4:58 AM

  • Detection (Change dir to $HOME before find commands to handle weird find behavior with escalation.)

Plugin Feed: 202410100458

版本 1.47

Oct 9, 2024, 5:56 PM

  • Logic Changes (Corrects vulnerability-finding structured data tags to include the port.)

Plugin Feed: 202410091756

版本 1.43

Oct 3, 2024, 6:29 PM

  • Detection (Adding hardware constraint support to VCF and UCF)

Plugin Feed: 202410031829

版本 1.42

Oct 2, 2024, 4:10 PM

  • Logic Changes (Adds structured data reports to a subset of manual plugins.)

Plugin Feed: 202410021610

版本 1.41

Sep 26, 2024, 4:34 PM

  • Detection (adding package association overrides)

Plugin Feed: 202409261634

版本 1.40

Sep 25, 2024, 3:12 PM

  • Detection (Adding support for user-supplied timeout value for the find command.)

Plugin Feed: 202409251512

版本 1.37

Sep 11, 2024, 5:35 PM

  • New (Detects QUIC servers running on the target. Implement a NASL QUIC library to support detection of HTTP/3 and possibly more)

Plugin Feed: 202409111735

版本 1.36

Sep 10, 2024, 4:59 PM

  • New

Plugin Feed: 202409101659

版本 1.35

Sep 3, 2024, 11:47 PM

  • Logic Changes (additional data collection for runtime scanning. fixed logic bug causing potential false negatives. fixed logic bug causing potential false positives. fixed logic bug with potential to break cyberark logins)

Plugin Feed: 202409032347

版本 1.33

Sep 3, 2024, 5:26 PM

  • Detection (Support for Aruba CPPM SSH based local checks)

Plugin Feed: 202409031726

版本 1.32

Aug 14, 2024, 8:33 PM

  • Logic Changes (Endianness fix in Kerberos authentication for SCAP scanning)

Plugin Feed: 202408142033

版本 1.31

Aug 14, 2024, 2:40 AM

  • New
  • Plugin requirements (Trusted)

Plugin Feed: 202408140240

版本 1.29

Aug 8, 2024, 4:43 PM

  • Logic Changes (Support OpenSSH private key formats for authentication.)

Plugin Feed: 202408081643

版本 1.25

Jul 24, 2024, 6:31 PM

  • Logic Changes (Modernize SSH usage to optimize behavior on Nessus Agents.. adding AI family)

Plugin Feed: 202407241831

版本 1.24

Jul 23, 2024, 9:24 PM

  • New

Plugin Feed: 202407232124

版本 1.22

Jul 17, 2024, 11:02 PM

  • Logic Changes

Plugin Feed: 202407172302

版本 1.21

Jul 6, 2024, 12:22 AM

  • Detection (Changes to support Juniper Session Smart Router)

Plugin Feed: 202407060022

版本 1.20

Jul 5, 2024, 9:04 PM

  • Detection (Adding detection of Juniper SSR devices)

Plugin Feed: 202407052104

版本 1.19

Jun 27, 2024, 9:09 PM

  • New (Deploy nessus_utils binaries on the Nessus Agent)

Plugin Feed: 202406272109

版本 1.16

Jun 21, 2024, 6:31 PM

  • Detection (updated detection for SonicOS devices)

Plugin Feed: 202406211831

版本 1.15

Jun 21, 2024, 2:16 PM

  • Logic Changes

Plugin Feed: 202406211416

版本 1.14

Jun 14, 2024, 7:07 PM

  • Logic Changes (added additional check for command failures.)

Plugin Feed: 202406141907

版本 1.12

Jun 7, 2024, 12:28 PM

  • IAVM reference
  • STIG Severity

Plugin Feed: 202406071228

版本 1.10

May 20, 2024, 10:13 AM

  • Logic Changes

Plugin Feed: 202405201013

版本 1.9

May 9, 2024, 6:10 PM

  • New

Plugin Feed: 202405091810

版本 1.6

Apr 3, 2024, 1:48 PM

  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C")
  • Exploit attributes ("Exploited by malware" set to "True")

Plugin Feed: 202404031348

版本 1.5

Apr 2, 2024, 10:16 PM

  • Detection (added alternative commands for IOC detection)

Plugin Feed: 202404022216

版本 1.3

Apr 1, 2024, 3:13 PM

  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C")
  • Exploit attributes ("Exploit available" set to "True". "Exploitability ease" set to "Exploits are available")

Plugin Feed: 202404011513

版本 1.2

Mar 31, 2024, 9:46 PM

  • Detection (tightening of the check for return conditions from the hexdump command)

Plugin Feed: 202403312146

版本 1.1

Mar 30, 2024, 4:20 PM

  • New

Plugin Feed: 202403301620

版本 1.0

Mar 30, 2024, 1:01 AM

  • New

Plugin Feed: 202403300101

* Changelogs are generally available for changes made after Nov 1, 2022