689 matches found
CVE-2025-32884
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...
CVE-2025-32887
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping...
CVE-2025-32881
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...
CVE-2025-32881
The CVE-2025-32881 entry concerns goTenna v1 devices with app 5.5.3 and firmware 0.25.5, where the GID default is the user’s phone number unless opted out. The issue is that the GID is not encrypted in messages, creating a potential privacy risk since a phone number can be linked to individuals. ...
Fedora 41 : digikam (2025-5bbbb2df79)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5bbbb2df79 advisory. update internal Libraw to 2025/03/17 snapshot Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Fedora 41 : mingw-LibRaw (2025-e7dea91428)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e7dea91428 advisory. Update to LibRaw 0.21.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Oracle Linux 9 : glibc (ELSA-2025-4244)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-4244 advisory. 2.34-125.0.1.8 - Forward-port Oracle patches for ol9-u5 glibc-2.34-125.0.1.8 Reviewed by: David Faust Oracle history: Tenable has extracted the preceding...
openSUSE 15 Security Update : rubygem-rexml (openSUSE-SU-2025:0129-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0129-1 advisory. rubygem-rexml was updated to 3.3.9: - fixes CVE-2024-49761, CVE-2024-43398, CVE-2024-41946, CVE-2024-41123, CVE-2024-39908, CVE-2024-35176 -...
FreeBSD : chromium -- multiple security fixes (bf5d29ea-1a93-11f0-8cb5-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bf5d29ea-1a93-11f0-8cb5-a8a1599412c6 advisory. Chrome Releases reports: This update includes 2 security fixes: Tenable has extracted the...
Fedora 41 : golang (2025-77ace1a41b)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-77ace1a41b advisory. Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. Full changelog. Tenable has extracted the...
CVE-2025-32367
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...
Moodle 3.11.x < 3.11.16 phpCAS Library Upgrade
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23, 3.11.x prior to 3.11.16 or 4.0.x prior to 4.0.10. The phpCAS library included with Moodle has been upgraded to version 1.6.0, which includes a fix for a serious security issue. Note that the...
Moodle < 3.9.21 SQL injection
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.21, 3.11.x prior to 3.11.14, 4.0.x prior to 4.0.8 or 4.1.x prior to 4.1.3. It is, therefore, affected by a limited SQL injection in functionality used by the Wiki activity when listing pages. Note...
Azure Linux 3.0 Security Update: libreswan (CVE-2023-30570)
The version of libreswan installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-30570 advisory. - pluto in Libreswan before 4.11 allows a denial of service responder SPI mishandling and daemon crash via...
CBL Mariner 2.0 Security Update: pytorch (CVE-2024-31580)
The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31580 advisory. - PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component...
CVE-2025-1542
Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before 2.0.324.0...
CVE-2024-11171
In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. The application uses multer middleware for handling multipart file uploads. When using in-memory storage the default setting for multer, there is no limit on the upload file size. This can lead to a...
Azure Linux 3.0 Security Update: kernel (CVE-2024-56715)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56715 advisory. - In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on...
CVE-2025-29930 imFAQ allows local file inclusion in seo.php
imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $GET'seoOp' parameter is manipulated to include malicious input e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php, the application could allow an attacker to rea...
Fedora 40 : thunderbird (2025-4b50cd66a5)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4b50cd66a5 advisory. Update to 128.8.0 https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/...