Fedora: Security Advisory (FEDORA-2026-03583f302f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-0490389cb0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : suricata (2025-0490389cb0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0490389cb0 advisory. upstream bugfix/security release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2025-12490

Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists within the Suricata...

CVE-2025-12490 Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability

Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists within the Suricata...

CVE-2025-12490

The CVE-2025-12490 entry describes a path traversal in Netgate pfSense CE Suricata that allows remote creation of arbitrary files with root privileges. The root cause is inadequate validation of a user-supplied path before file operations within the Suricata package, requiring authentication to e...

Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists within the Suricata package. The issue results from the lack of proper validation of a user-supplie...

EUVD-2014-4615

Malware in sbrugna...

EUVD-2014-4613

Malware in sbrugna...

CVE-2025-34177

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34177

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34178

The CVE refers to pfSense CE with the Suricata package where the policy_name parameter is not sanitized of HTML-related strings before display, causing stored XSS. Connected sources specify this affects Netgate pfSense CE Suricata package (notably v7.0.8_2 in CVE-2025-34178 listings) and require ...

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34177

PfSense CE with Suricata package is affected by a stored XSS in suricata_flow_stream.php: the policy_name parameter is not sanitized, allowing reflected HTML/JS content to persist when displayed. Exploitation requires authentication with at least WebCfg - Services: suricata package permissions. T...

CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34176 Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure

In pfSense CE /suricata/suricataipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the fi...

PT-2025-36943

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The iplist parameter in /suricata/suricata ip reputation.php is not properly sanitized to prevent directory traversal attempts. This allows an authenticated attacker with “WebCfg -...

PT-2025-36944

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The policy name parameter in /suricata/suricata flow stream.php is not properly sanitized to remove HTML-related strings and characters before being displayed. This can lead to stored...

Fedora: Security Advisory (FEDORA-2025-a029ba03cc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-f555a9146a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...