Security Updates for Microsoft Visual Studio Products (August 2025)

The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2025-53773 Note that Nessu...

CBL Mariner 2.0 Security Update: libsoup (CVE-2025-4948)

The version of libsoup installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4948 advisory. - A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly...

Oracle Linux 7 : libxml2 (ELSA-2025-12240)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-12240 advisory. - Fix CVE-2025-6021, CVE-2025-32414, CVE-2025-49794, CVE-2025-49796 Tenable has extracted the preceding description block directly from the Oracle Lin...

Fortinet FortiSIEM OS Command Injection (FG-IR-25-152)

The version of Fortinet FortiSIEM running on the remote server is 5.4.x, 6.1.x, 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x, 7.4.x. It is, therefore, affected by an OS command injection vulnerability that can allow a remote unauthenticated attacker to execute unauthorized...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : eclipse-jgit (SUSE-SU-2025:02762-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02762-1 advisory. - CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647. Tenable ha...

PT-2025-32845 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: A use-after-free issue exists in Microsoft Office, potentially allowing an unauthorized attacker to execute code locally. The vulnerability may allow remote attackers to execute...

Fedora 42 : mingw-python3 (2025-2e992ddfa0)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2e992ddfa0 advisory. Backport fix for CVE-2025-8194. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2025:02745-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02745-1 advisory. - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 - CVE-2025-53506: Fix...

Jenkins ssh-agent Docker Image < 6.11.2 SSH Host Key Reuse

According to their self-reported version numbers, the jenkins/ssh-agent docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on...

Jenkins ssh-slave Docker Image SSH Host Key Reuse

According to their self-reported version numbers, the jenkins/ssh-slave docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-slave Docker images, SSH host keys are generated on image creation for images based on Debian, causing all...

Security Updates for Microsoft PowerPoint Products (August 2025)

The Microsoft PowerPoint Products are missing a security update. They are, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instea...

Linux Distros Unpatched Vulnerability : CVE-2024-46709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes...

Linux Distros Unpatched Vulnerability : CVE-2023-32207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox...

Active! Mail < 6.60.05008562 Remote Code Execution

According to its banner, the version of Active! Mail running on the remote host is 6.60.05008562. It is, therefore, affected by a Remote Code Execution through a a stack-based buffer overflow vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the...

ClearML < 1.16.0 Unauthenticated File Access

According to its banner, the version of ClearML running on the remote host is 1.16.0. It is, therefore, affected by an Unauthenticated File Access due to the lack of authentication of the fileserver component. Note that the scanner has not tested for these issues but has instead relied only on th...

Linux Distros Unpatched Vulnerability : CVE-2025-21919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in childcfsrqonlist childcfsrqonlist attempts to...

Linux Distros Unpatched Vulnerability : CVE-2019-9789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presu...

Linux Distros Unpatched Vulnerability : CVE-2023-52684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error...

CVE-2025-34149

creationtimestamp| type| source ---|---|--- 2025-08-08 07:31:38+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lvuqcaq3sk2u 2025-08-11 15:39:40+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115010881354876002...

CVE-2025-8707

creationtimestamp| type| source ---|---|--- 2025-08-08 05:15:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvuip2dfqu2p...