| Reporter | Title | Published | Views | Family All 1401 |
|---|---|---|---|---|
| Important Photon OS Security Update - PHSA-2026-5.0-0744 | 21 Jan 202600:00 | – | photon | |
| Important Photon OS Security Update - PHSA-2025-5.0-0714 | 16 Dec 202500:00 | – | photon | |
| Important Photon OS Security Update - PHSA-2026-4.0-0953 | 30 Jan 202600:00 | – | photon | |
| Important Photon OS Security Update - PHSA-2026-4.0-1008 | 1 May 202600:00 | – | photon | |
| PT-2025-25565 | 1 Jan 202500:00 | – | ptsecurity | |
| PT-2025-49260 | 1 Jan 202500:00 | – | ptsecurity | |
| PT-2025-49261 | 1 Jan 202500:00 | – | ptsecurity | |
| PT-2025-49263 | 1 Jan 202500:00 | – | ptsecurity | |
| PT-2026-2060 | 7 Jan 202600:00 | – | ptsecurity | |
| PT-2026-32707 | 13 Apr 202600:00 | – | ptsecurity |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(303428);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/24");
script_cve_id(
"CVE-2025-14104",
"CVE-2025-48976",
"CVE-2025-66418",
"CVE-2025-66471",
"CVE-2026-21441"
);
script_name(english:"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.15)");
script_set_attribute(attribute:"synopsis", value:
"The Nutanix AOS host is affected by multiple vulnerabilities .");
script_set_attribute(attribute:"description", value:
"The version of AOS installed on the remote host is prior to 7.0.1.15. It is, therefore, affected by multiple
vulnerabilities as referenced in the NXSA-AOS-7.0.1.15 advisory.
- urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient
handling of large HTTP responses by reading the content in chunks, rather than loading the entire response
body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-
Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library
decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and
prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to
drain the connection and decompress the content unnecessarily. This decompression occurred even before any
read methods were called, and configured read limits did not restrict the amount of decompressed data. As
a result, there was no safeguard against decompression bombs. A malicious server could exploit this to
trigger excessive resource consumption on the client. Applications and libraries are affected when they
stream content from untrusted sources by setting `preload_content=False` when they do not disable
redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content
of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable
redirects by setting `redirect=False` for requests to untrusted source. (CVE-2026-21441)
- Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in
Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from
2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the
issue. (CVE-2025-48976)
- A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte
usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils
utilities writing to the password database. (CVE-2025-14104)
- urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0,
the number of links in the decompression chain was unbounded allowing a malicious server to insert a
virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation
for the decompressed data. This vulnerability is fixed in 2.6.0. (CVE-2025-66418)
- urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the
Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the
efficient handling of large HTTP responses by reading the content in chunks, rather than loading the
entire response body into memory at once. When streaming a compressed response, urllib3 can perform
decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd).
The library must read compressed data from the network and decompress it until the requested chunk size is
met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for
the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of
highly compressed data in a single operation. This can result in excessive resource consumption (high CPU
usage and massive memory allocation for the decompressed data. (CVE-2025-66471)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-7.0.1.15
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?14b75092");
script_set_attribute(attribute:"solution", value:
"Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism
Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product
Interoperability page on the Nutanix portal.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-21441");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/06/09");
script_set_attribute(attribute:"patch_publication_date", value:"2026/03/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:nutanix:aos");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nutanix_collect.nasl");
script_require_keys("Host/Nutanix/Data/lts", "Host/Nutanix/Data/Service", "Host/Nutanix/Data/Version", "Host/Nutanix/Data/arch");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var app_info = vcf::nutanix::get_app_info();
var constraints = [
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.0.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.0.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1.9', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.9', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.10', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.11', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.12', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.14', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.9', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.10', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.11', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.13', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.14', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.0.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.7.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.0.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.8.1.9', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.9', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.10', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.11', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.12', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '6.10.1.14', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.9', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.10', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.11', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.13', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' },
{ 'fixed_version' : '7.0.1.15', 'equal' : '7.0.1.14', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.15 or higher.' }
];
vcf::nutanix::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation