Linux agent suddenly discovering loads of vulnerabilities

Hi,

Since last friday the agents on 2 of our Linux servers suddenly discover hundreds of new vulnerabilities. Most of the vulnerabilities seem really old, although still active in some cases because the distributions decided not to patch because of a low risk. Did something change the way the agent is searching?

Snippet of the vulnerability list of one of the servers:

Here you can see it went from 3 to 1885 vulnerabilities. After upgrading to Debian 11 it went down but still a lot are left.

1 Like

We are facing the same issue currently, have you managed to get a response or fix the issue?

Hi Team,

Thanks for raising this! We’re here to support you. Could you please log a support ticket referencing this issue? If you’ve already created one, feel free to share the ticket number here.

We’ll make sure to follow up through the support case.

Thanks again!

I indeed created a support case. Number is 09571873.

When there is news I will update this topic.

I’m currently only face this problem with machines running Debian. Also running a couple of Rocky Linux servers which don’t have this issue. Also I checked some high risk vulns which were all old and marked as negligible risk or no real vulnerability by Debian.

Hello Facing the same issue with Debian 11 and 12 but seems solved since this morning . What about you ?

You are right! A manageable amount of issues are left. Didn’t got a response to my case so I assume it was just a bug that was fixed.

Edit: Not completely solved for me, still fixed vulnerabilities in the list.

Yeah, same for me, there are still a few issues fixed, but I’d say 95% are gone. Let’s keep an eye on that, I think they’re working on it.

Same with me :phew:

We are having the same issue with all our Debian 11 devices
A huge increase in vulnerabilities
The numbers haven’t reduced in recent days like other customers have reported above

Support Case: 09577447

Update from support:

I’ve received a detailed explanation regarding the recent flagging of no-fix vulnerabilities. Our engineering team is preparing to launch a new feature for no-fix vulnerability coverage. As part of this rollout, no-fix content for Debian was published behind a feature flag, which is disabled by default. However, due to a misalignment between the feature’s implementation and initial expectations, this content was inadvertently included in agent scan results prior to the feature’s official release.

An update was released on Thursday, May 22nd (content version 1.1.3569), which should address any previously detected no-fix findings. Going forward, Debian no-fix vulnerabilities will only appear once the feature is officially launched and enabled for customers.

For me the list has been reduced a lot, only a bunch of openssl reports are left since it seems to falsely report an old version is installed. But that’s a different issue I guess.