MiracleLinux 8 : nodejs:22 (AXSA:2025-9926:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9926:01 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the precedi...

Siemens SIMATIC S7-1500 Heap-based Buffer Overflow (CVE-2025-3277)

An integer overflow can be triggered in SQLite's 'concatws' function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

Linux Distros Unpatched Vulnerability : CVE-2025-3277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow can be triggered in SQLite's concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes...

RockyLinux 10 : sqlite (RLSA-2025:7517)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7517 advisory. SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...

RLSA-2025:7517 Important: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

Security Bulletin: Multiple vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method...

RockyLinux 8 : nodejs:22 (RLSA-2025:4459)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4459 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the preceding...

Oracle Linux 10 : sqlite (ELSA-2025-11933)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-11933 advisory. - Fix CVE-2025-6965 - Fix for CVE-2025-3277 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

RLSA-2025:7433 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 For more details about the...

RLSA-2025:4459 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 For more details about the...

Security Bulletin: AIX/VIOS is vulnerable to arbitrary code execution (CVE-2025-3277, CVE-2025-29087) and denial of service (CVE-2025-29088) due to RPM

Summary Vulnerabilities in RPM could allow an attacker to execute arbitrary code CVE-2025-3277, CVE-2025-29087 or cause a denial of service CVE-2025-29088. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2025-3277 DESCRIPTION: An integer overflow can be triggered in...

AIX is vulnerable to arbitrary code execution (CVE-2025-3277 CVE-2025-29087) and denial of service (CVE-2025-29088) due to RPM

IBM SECURITY ADVISORY First Issued: Thu Jul 17 09:32:10 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/rpmadvisory3.asc Security Bulletin: AIX is vulnerable to arbitrary code execution CVE-2025-3277, CVE-2025-29087 and denial ...

SUSE: Security Advisory (SUSE-SU-2025:01456-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:01455-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 10 : sqlite (ELSA-2025-7517)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7517 advisory. - Fix for CVE-2025-3277 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

RHEL 10 : sqlite (RHSA-2025:7517)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7517 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk...

SUSE: Security Advisory (SUSE-SU-2025:1456-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : nodejs:22 (RHSA-2025:7433)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7433 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

USN-7528-1 sqlite3 vulnerabilities

It was discovered that SQLite incorrectly handled the concatws function. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, and Ubuntu 24.10. CVE-2025-29087, CVE-2025-3277 It w...

Important: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...