MiracleLinux 9 : php:8.2 (AXSA:2026-118:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-118:01 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML...

MiracleLinux 8 : kernel-4.18.0-372.9.1.el8 (AXSA:2022-3558:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3558:10 advisory. kernel: fget: check that the fd still exists after getting a ref to it CVE-2021-4083 kernel: avoid cyclic entity chains due to malformed USB...

MiracleLinux 9 : skopeo-1.16.1-2.el9_5 (AXSA:2024-9497:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9497:07 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

GLSA-202511-02 : WebKitGTK+: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202511-02 WebKitGTK+: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...

F5 Networks BIG-IP : BIG-IP AFM DoS protection profile vulnerability (K000152341)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000152341 advisory. When a BIG-IP AFM denial-of-service DoS protection profile is configured on a virtual server, undisclosed...

Mozilla Firefox < 143.0.3

The version of Firefox installed on the remote Windows host is prior to 143.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-80 advisory. - Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox...

GLSA-202509-04 : glibc: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202509-04 glibc: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from...

Fedora 42 : libarchive (2025-47e73aaaea)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-47e73aaaea advisory. Rebase due to a lot of CVE fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Oracle Linux 10 : libarchive (ELSA-2025-14137)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-14137 advisory. 3.7.7-4 - Resolves: CVE-2025-5914 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Linux Distros Unpatched Vulnerability : CVE-2025-38496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dm-bufio: fix sched in atomic context If tryverifyintasklet is set for dm-verity,...

SUSE SLES15 Security Update : podman (SUSE-SU-2025:02806-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02806-1 advisory. - CVE-2025-6032: Fixed machine init command failing to verify TLS certificate bsc1245320 Tenable has extracted the preceding description...

Curl < 8.12.0 Double Close (CVE-2025-0665)

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 8090...

GitLab 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-5257)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may hav...

GitLab 15.11 < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-2454)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoi...

GLSA-202401-34 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-34 Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details. Tenable has...

Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-6532-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6532-1 advisory. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker...

Oracle Business Intelligence Enterprise Edition (OAS 7.0) (October 2023 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product o...

Node.js 16.x < 16.20.2 / 18.x < 18.17.1 / 20.x < 20.5.1 Multiple Vulnerabilities (Wednesday August 09 2023 Security Releases).

The version of Node.js installed on the remote host is prior to 16.20.2, 18.17.1, 20.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday August 09 2023 Security Releases advisory: - Permissions policies can be bypassed via Module.load CVE-2023-32002 -...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1790)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP...

SuSE 11.2 Security Update : kvm (SAT Patch Number 6755)

The kvm qemu vt100 emulation was affected by a problem where specific vt100 sequences could have been used by guest users to affect the host. CVE-2012-3515 aka XSA-17. Also the following non security bugs have been fixed : - permit qemu-kvm -device '?' even when no /dev/kvm. bnc772586 - SLES11SP2...