Linux Distros Unpatched Vulnerability : CVE-2016-7929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print- juniper.c:juniperparseheader. CVE-2016-7929 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2019-8674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

Fedora 41 : python3.9 (2025-be080d5ed4)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-be080d5ed4 advisory. Security fix for CVE-2025-0938 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Oracle Linux 8 : libxml2 (ELSA-2025-1517)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1517 advisory. - Fix CVE-2022-49043 RHEL-76289 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

CBL Mariner 2.0 Security Update: avahi (CVE-2024-52616)

The version of avahi installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52616 advisory. - A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup,...

Fedora 40 : python3.11 (2025-f613fe78b6)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f613fe78b6 advisory. Security fix for CVE-2025-0938 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Astra Linux – Vulnerability in Firefox, Thunderbird

It is currently unknown whether this issue is exploitable. However, there is a possibility that the structured cloning of certain objects could lead to memory corruption. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

CVE-2025-1180 GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption

A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function bfdelfwritesectionehframe of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an...

AZL-56597 CVE-2025-1152 affecting package annobin 12.49-2

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

CVE-2025-1149

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rathe...

AZL-56627 CVE-2025-1149 affecting package binutils 2.37-20

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rathe...

Fedora 41 : java-latest-openjdk (2025-f27fcf5da3)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f27fcf5da3 advisory. January CPU 2025 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CVE-2020-2728

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: OIM - LDAP user and role Synch. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

CVE-2020-2670

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite component: Message Display. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Ema...

CVE-2024-20953

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Export. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

CVE-2025-0840 GNU Binutils objdump.c disassemble_bytes stack-based overflow

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

CVE-2025-0733

A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

Photon OS 4.0: Postgresql13 PHSA-2024-4.0-0720

An update of the postgresql13 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0720. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...