AlmaLinux 9 : python3.9 (ALSA-2025:23342)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23342 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 cpython: Python HTMLParser quadratic complexity...

AlmaLinux 8 : python39:3.9 (ALSA-2025:23530)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23530 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts don't...

python3.9 security update

An update is available for python3.9. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language...

RLSA-2025:23342 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2025-65567

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a specially crafted PFCP Session Establishment Request with a CreatePDR that contains a malformed Flow-Description is not robustly validated. The...

CVE-2025-65567

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a specially crafted PFCP Session Establishment Request with a CreatePDR that contains a malformed Flow-Description is not robustly validated. The...

python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

A vulnerability was found in Python/CPython that does not disallow configuring an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information...

python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

A vulnerability was found in Python/CPython that does not disallow configuring an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information...

Mozilla Firefox < 20.0

The version of Firefox installed on the remote Windows host is prior to 20.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-40 advisory. - CERTDecodeCertPackage reads bytes outside the input bufferCVE-2013-0791 CVE-2013-0791 Note that Nessus has not tested for this...

PT-2025-52290

Name of the Vulnerable Software and Affected Versions omec-project UPF versions up to 2.1.3-dev Description A flaw exists in the omec-project UPF pfcpiface component that can lead to a denial-of-service condition. Specifically, a crafted PFCP Session Establishment Request, containing a malformed...

Mozilla Thunderbird ESR < 17.0.5

The version of Thunderbird ESR installed on the remote Windows host is prior to 17.0.5. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-40 advisory. - CERTDecodeCertPackage reads bytes outside the input bufferCVE-2013-0791 CVE-2013-0791 Note that Nessus has not tested...

RHEL 9 : python3.9 (RHSA-2025:23342)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23342 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Mozilla Thunderbird < 17.0.5

The version of Thunderbird installed on the remote Windows host is prior to 17.0.5. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-40 advisory. - CERTDecodeCertPackage reads bytes outside the input bufferCVE-2013-0791 CVE-2013-0791 Note that Nessus has not tested for...

SUSE SLES15 Security Update : libpng16 (SUSE-SU-2025:4436-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4436-1 advisory. - CVE-2025-65018: Fixed heap buffer overflow in pngcombinerow triggered via pngimagefinishread bsc1254160 - CVE-2025-66293: Fixed...

CVE-2025-14549

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL 0x00 characters during the Latin-compatible charset UTF-8, ISO8859-1, ASCII, etc to IBM-1047/037 translation sequence. This can cause the...

ALSA-2025:23530 Important: python39:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

SUSE-SU-2025:21220-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2025-66293: Fixed out-of-bounds read in pngimagereadcomposite bsc1254480. - CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157. - CVE-2025-64506: Fixed heap buffer over-read in...

ROS-20251216-7303

Vulnerability in GraphicsMagick related to reading outside buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-14549

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL 0x00 characters during the Latin-compatible charset UTF-8, ISO8859-1, ASCII, etc to IBM-1047/037 translation sequence. This can cause the...

CVE-2025-14549

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL 0x00 characters during the Latin-compatible charset UTF-8, ISO8859-1, ASCII, etc to IBM-1047/037 translation sequence. This can cause the...