1287 matches found
CVE-2025-6772 eosphoros-ai db-gpt import import_flow path traversal
A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function importflow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploi...
Photon OS 4.0: Python3 PHSA-2025-4.0-0815
An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0815. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Oracle Linux 8 : libxml2 (ELSA-2025-8958)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8958 advisory. 2.9.7-20 - Fix CVE-2025-32414 RHEL-88198 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...
Photon OS 4.0: Rubygem PHSA-2025-4.0-0807
An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0807. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Samba PHSA-2025-4.0-0805
An update of the samba package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0805. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.22 (JSDSERVER-16154)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16154 advisory. - An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a...
RockyLinux 9 : tcpdump (RLSA-2024:2211)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2211 advisory. tcpslice: use-after-free in extractslice CVE-2021-41043 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note...
RockyLinux 8 : postgresql:16 (RLSA-2025:1740)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:1740 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...
RockyLinux 9 : sqlite (RLSA-2024:0465)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0465 advisory. sqlite: heap-buffer-overflow at sessionfuzz CVE-2023-7104 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. No...
macOS 15.x < 15.4.1 Multiple Vulnerabilities (122400)
The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.4.1. It is, therefore, affected by multiple vulnerabilities: - A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS...
Oracle Linux 9 : python3.12 (ELSA-2025-3631)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3631 advisory. 3.12.5-2.3 - Security fix for CVE-2024-7592 Resolves: RHEL-85300 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Google Chrome < 134.0.6998.177 Vulnerability
The version of Google Chrome installed on the remote Windows host is prior to 134.0.6998.177. It is, therefore, affected by a vulnerability as referenced in the 202503stable-channel-update-for-desktop25 advisory. - Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on...
Photon OS 5.0: Kubernetes PHSA-2025-5.0-0487
An update of the kubernetes package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0487. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2017-11696
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the hashopen function in lib/dbm/src/hash.c in Mozilla Network Security Services NSS allows context-dependent attackers to have...
Linux Distros Unpatched Vulnerability : CVE-2017-11698
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the getpage function in lib/dbm/src/hpage.c in Mozilla Network Security Services NSS allows context-dependent attackers to have...
Linux Distros Unpatched Vulnerability : CVE-2024-9957
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to...
Linux Distros Unpatched Vulnerability : CVE-2024-8362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2024-7020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2024-7018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...
Linux Distros Unpatched Vulnerability : CVE-2024-9120
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...