NewStart CGSL MAIN 7.02 : containerd Vulnerability (NS-SA-2025-0134)

The remote NewStart CGSL host, running version MAIN 7.02, has containerd packages installed that are affected by a vulnerability: - containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set a...

CBL Mariner 2.0 Security Update: libsoup (CVE-2025-32909)

The version of libsoup installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32909 advisory. - A flaw was found in libsoup. SoupContentSniffer May be vulnerable to a NULL pointer dereference in the...

Fedora 42 : thunderbird (2025-a52491bdd9)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a52491bdd9 advisory. Update to 128.11.0 https://www.thunderbird.net/en-US/thunderbird/128.11.0esr/releasenotes/...

Fedora 42 : python-pycares (2025-31830e02b0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-31830e02b0 advisory. 4.9.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue but ha...

TencentOS Server 3: libxml2 (TSSA-2025:0238)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0238 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Fedora 42 : mod_security (2025-7faa0bc6e5)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-7faa0bc6e5 advisory. This update includes modsecurity version 2.9.9 which addresses CVE-2025-47947 and includes various bug fixes. See...

Fedora 41 : thunderbird (2025-5bf1989d48)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5bf1989d48 advisory. Update to 128.11.0 https://www.thunderbird.net/en-US/thunderbird/128.11.0esr/releasenotes/...

Amazon Linux 2 : yelp-xsl (ALAS-2025-2861)

The version of yelp-xsl installed on the remote host is prior to 3.28.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2861 advisory. A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerabili...

Atlassian Confluence 7.19.x < 8.5.20 / 8.6.x < 9.2.2 / 9.3.x < 9.3.2 DoS (CONFSERVER-99540)

The version of Atlassian Confluence Server running on the remote host is affected by a denial of service vulnerability as referenced in the CONFSERVER-99540 advisory. - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and pri...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2025-138-01)

The version of mozilla-firefox installed on the remote host is prior to 128.10.1esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-138-01 advisory. New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...

CentOS 9 : kernel-5.14.0-583.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the kernel-5.14.0-583.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @blockclass's subsystem refcount leakage...

Fedora 41 : digikam (2025-5bbbb2df79)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5bbbb2df79 advisory. update internal Libraw to 2025/03/17 snapshot Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Moodle 3.11.x < 3.11.16 phpCAS Library Upgrade

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23, 3.11.x prior to 3.11.16 or 4.0.x prior to 4.0.10. The phpCAS library included with Moodle has been upgraded to version 1.6.0, which includes a fix for a serious security issue. Note that the...

Fedora 40 : thunderbird (2025-4b50cd66a5)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4b50cd66a5 advisory. Update to 128.8.0 https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/...

Oracle Linux 8 : .NET / 9.0 (ELSA-2025-2667)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-2667 advisory. 9.0.104-1.0.1 - Add support for Oracle Linux 9.0.104-1 - Update to .NET SDK 9.0.104 and Runtime 9.0.3 - Resolves: RHEL-81645 Tenable has extracted the preceding...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2025-850)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-850 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch...

Oracle Linux 8 : mysql:8.0 (ELSA-2025-1673)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1673 advisory. mecab 0.996-2.12 - Bump version for 'mysql' module rebuild We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'AppStream' repo -...

FreeBSD : chromium -- multiple security fixes (b09d0b3b-ef6d-11ef-85f3-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b09d0b3b-ef6d-11ef-85f3-a8a1599412c6 advisory. Chrome Releases reports: This update includes 12 security fixes: Tenable has extracted the...

FreeBSD : chromium -- multiple security fixes (f572b9d1-ef6d-11ef-85f3-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f572b9d1-ef6d-11ef-85f3-a8a1599412c6 advisory. Chrome Releases reports: This update includes 4 security fixes: Tenable has extracted the...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2023-42282)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-42282 advisory. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such ...