Security Updates for Microsoft Office Products (August 2025)

The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple vulnerabilities. - A Remote Code Execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2025-53731, CVE-2025-53740 Note th...

Security Updates for Microsoft SharePoint Server Subscription Edition (August 2025)

The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing security updates. It is, therefore, affected by an privilege escalation Vulnerability. %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

KB5063927: Windows Server 2008 R2 Security Update (August 2025)

The remote Windows host is missing security update 5063927. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. CVE-2025-53766 - Concurrent execution using shared resource with improper...

Security Updates for Microsoft SQL Server (August 2025)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. CVE-2025-53727 Note that Nessus has not tested for this issue but has instead relied only on the application...

KB5063950: Windows Server 2012 R2 Security Update (August 2025)

The remote Windows host is missing security update 5063950. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. CVE-2025-53766 - Concurrent execution using shared resource with improper...

Security Updates for Microsoft Excel Products (August 2025)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2025-53735, CVE-2025-53737,...

Security Updates for Microsoft SharePoint Server Subscription Edition (July 2025)

The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing security updates. It is, therefore, affected by multiple security vulnerabilities: - Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows a...

Red Hat Ansible 安全漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to distribute, manage, and program computer systems. A security vulnerability exists in Red Hat Ansible that stems from a missing security flag and could lead to man-in-the-middle...

CVE-2025-49193 Missing HTTP Security Headers

The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame Clickjacking attacks or not executing injected malicious JavaScript code XSS attacks...

SICK Field Analytics和SICK Media Server 安全漏洞

SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from a missing...

CVE-2023-1261

Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network...

CVE-2021-24711

The delreistereddomains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack...

CVE-2017-8776

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the...

Fedora 41 : dnsdist (2025-1d6a5aa3d8)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1d6a5aa3d8 advisory. Update to 1.9.9 to fix CVE-2025-30194 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Debian: Security Advisory (DLA-4161-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KB5055527: Windows Server version 23H2 Security Update (April 2025)

The remote Windows host is missing security update 5055527. It is, therefore, affected by multiple vulnerabilities - Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. CVE-2025-26687 - A remote code execution vulnerability. An attacker ca...

HCL SX 安全漏洞

HCL SX is an application from HCL India. A security vulnerability exists in HCL SX that stems from not setting security attributes on authorization tokens or session cookies, which could lead to cross-site request forgery attacks...

Kubernetes 安全漏洞

Kubernetes K8s is an open source system for automating the deployment, scaling, and management of containerized applications from the Kubernetes open source. A security vulnerability exists in Kubernetes that stems from the use of the deprecated in-tree gitRepo volume feature, which could lead to...

Linux Distros Unpatched Vulnerability : CVE-2024-50281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation When sealing or unsealing ...

IBM Concert 加密问题漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an encryption issue vulnerability that stems from a failure to properly enable HTTP Strict Transport Security, which could be...