CVE-2025-13507

The CVE-2025-13507 entry describes an issue in MongoDB Server: inconsistent object size validation in the time series processing path can cause oversized BSON documents to be processed later, triggering an assertion and process termination. Affected versions are MongoDB Server v7.0 before 7.0.26,...

Time-series operations may cause internal BSON size limit to be exceed

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8...

PT-2025-47989

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.26 MongoDB Server versions prior to 8.0.16 MongoDB Server versions prior to 8.2.1 Description An issue exists in the time series processing logic where inconsistent object size validation can lead to the...

CLSA-2025-1764028726 iperf3: Fix of 2 CVEs

CVE-2025-54349: fix off-by-one error and heap-based buffer overflow in iperfauth.c - CVE-2025-54350: prevent crash due to assertion failures on malformed authentication attempt in iperfauth.c...

RockyLinux 10 : kea (RLSA-2025:21038)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:21038 advisory. kea: Invalid characters cause assert CVE-2025-11232 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note...

TencentOS Server 4: cairo (TSSA-2025:0708)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0708 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: redis:6 (TSSA-2025:0105)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0105 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

USN-7872-1 lasso vulnerabilities

It was discovered that Lasso incorrectly handled certain malformed SAML responses. A remote attacker could possibly use this issue to cause Lasso to crash, resulting in a denial of service. CVE-2025-46404 It was discovered that Lasso incorrectly handled certain malformed SAML assertion responses....

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56705)

media: atomisp: In iacss3astatisticsallocate, there is no check on the allocation result of the rgbydata memory. If rgbydata is not successfully allocated, it may trigger the asserthoststats-rgbydata assertion in iacsss3ahmemdecode. This plugin only works with Tenable.ot. Please visit...

lasso: Type confusion in Entr'ouvert Lasso

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

lasso: Type confusion in Entr'ouvert Lasso

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

lasso: Type confusion in Entr'ouvert Lasso

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

lasso: Type confusion in Entr'ouvert Lasso

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

lasso: Type confusion in Entr'ouvert Lasso

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

OESA-2025-2684 python-ldap security update

python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...

TencentOS Server 4: lasso (TSSA-2025:0862)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0862 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Out-of-bounds Write (CVE-2020-21047)

"The libcpu component which is used by libasm of elfutils version 0.177 git 47780c9e, suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write CWE-787, off-by-one error CWE-193 and reachable assertion CWE-617 %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Incorrect Calculation of Buffer Size (CVE-2025-0395)

When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. This plugin only works with Tenable.ot...

Siemens SIMATIC S7-1500 Reachable Assertion (CVE-2020-25710)

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23. The highest threat from this vulnerability is to system availability. This plugin only works with Tenable.ot. Plea...

Siemens SIMATIC S7-1500 Integer Underflow (Wrap or Wraparound) (CVE-2020-36221)

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service schemainit.c serialNumberAndIssuerCheck. This plugin only works with Tenable.ot. Please visit...