Since last friday the agents on 2 of our Linux servers suddenly discover hundreds of new vulnerabilities. Most of the vulnerabilities seem really old, although still active in some cases because the distributions decided not to patch because of a low risk. Did something change the way the agent is searching?
Snippet of the vulnerability list of one of the servers:
Thanks for raising this! We’re here to support you. Could you please log a support ticket referencing this issue? If you’ve already created one, feel free to share the ticket number here.
We’ll make sure to follow up through the support case.
I indeed created a support case. Number is 09571873.
When there is news I will update this topic.
I’m currently only face this problem with machines running Debian. Also running a couple of Rocky Linux servers which don’t have this issue. Also I checked some high risk vulns which were all old and marked as negligible risk or no real vulnerability by Debian.
We are having the same issue with all our Debian 11 devices
A huge increase in vulnerabilities
The numbers haven’t reduced in recent days like other customers have reported above
I’ve received a detailed explanation regarding the recent flagging of no-fix vulnerabilities. Our engineering team is preparing to launch a new feature for no-fix vulnerability coverage. As part of this rollout, no-fix content for Debian was published behind a feature flag, which is disabled by default. However, due to a misalignment between the feature’s implementation and initial expectations, this content was inadvertently included in agent scan results prior to the feature’s official release.
An update was released on Thursday, May 22nd (content version 1.1.3569), which should address any previously detected no-fix findings. Going forward, Debian no-fix vulnerabilities will only appear once the feature is officially launched and enabled for customers.
For me the list has been reduced a lot, only a bunch of openssl reports are left since it seems to falsely report an old version is installed. But that’s a different issue I guess.