689 matches found
SUSE SLES15 Security Update : python-cryptography (SUSE-SU-2025:01818-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:01818-1 advisory. - CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function...
Fedora 42 : php-adodb (2025-118f6569ff)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-118f6569ff advisory. 5.22.9 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for these...
Devolutions Remote Desktop Manager < 2025.1.37.0 Data Exposure (DEVO-2025-0009)
The version of Devolutions Remote Desktop Manager installed on the remote host is prior to 2025.1.37.0 or prior and is, therefore, affected by a private information exposure vulnerability. This could allow an authenticated user to gain unauthorized access to private personal information. Under...
Grafana < 11.1.11 Exposure Of Sensitive Information To An Unauthorized Actor
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.15, or earlier than 11.0.11, or earlier than 11.1.11, or earlier than 11.2.6, or earlier than 11.3.3, or earlier than 11.4.1. It is, therefore, affected by a exposure of sensitive informatio...
Fedora 41 : thunderbird (2025-5bf1989d48)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5bf1989d48 advisory. Update to 128.11.0 https://www.thunderbird.net/en-US/thunderbird/128.11.0esr/releasenotes/...
Amazon Linux 2 : yelp-xsl (ALAS-2025-2861)
The version of yelp-xsl installed on the remote host is prior to 3.28.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2861 advisory. A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerabili...
Oracle Linux 8 : gstreamer1-plugins-bad-free (ELSA-2025-8201)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8201 advisory. 1.16.1-5.0.1 - Update origin URL Orabug: 36209826 1.16.1-5 - fix for CVE-2025-3887 Resolves: RHEL-93051 Tenable has extracted the preceding description block...
CVE-2019-25056
In Bromite through 78.0.3904.130, there are adblock rules in the release APK; therefore, probing which resources are blocked and which aren't can identify the application version and defeat the User-Agent protection mechanism...
CVE-2019-20818
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level...
CVE-2019-14212
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object...
Mozilla Thunderbird < 138.0.2
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 138.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-41 advisory. - An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing arr...
Oracle Linux 9 : .NET / 9.0 (ELSA-2025-7600)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7600 advisory. 9.0.106-1.0.1 - Add support for Oracle Linux 9.0.106-1 - Update to .NET SDK 9.0.106 and Runtime 9.0.5 - Resolves: RHEL-89453 Tenable has extracted the preceding...
GitLab 10.2 < 17.10.7 / 17.11 < 17.11.3 / 18.0 < 18.0.1 (CVE-2025-3111)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration cou...
Oracle Linux 9 : aardvark-dns (ELSA-2025-7094)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7094 advisory. 2:1.14.0-1 - update to https://github.com/containers/aardvark-dns/releases/tag/v1.14.0 - Related: RHEL-60277 2:1.13.1-1 - update to...
Atlassian Confluence 7.19.x < 8.5.20 / 8.6.x < 9.2.2 / 9.3.x < 9.3.2 DoS (CONFSERVER-99540)
The version of Atlassian Confluence Server running on the remote host is affected by a denial of service vulnerability as referenced in the CONFSERVER-99540 advisory. - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and pri...
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2025-138-01)
The version of mozilla-firefox installed on the remote host is prior to 128.10.1esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-138-01 advisory. New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...
FreeBSD : chromium -- multiple security fixes (79400d31-3166-11f0-8cb5-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 79400d31-3166-11f0-8cb5-a8a1599412c6 advisory. Chrome Releases reports: This update includes 4 security fixes: Tenable has extracted the...
Slackware Linux 15.0 / current screen Multiple Vulnerabilities (SSA:2025-133-01)
The version of screen installed on the remote host is prior to 4.9.1 / 5.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-133-01 advisory. New screen packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...
CentOS 9 : kernel-5.14.0-583.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the kernel-5.14.0-583.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @blockclass's subsystem refcount leakage...
CVE-2025-32888
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app...