Tenable Identity Exposure < 3.77.13(LTS) / 3.93.2 Vulnerable Nodejs (TNS-2025-16)

The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.13LTS or 3.93.2. It therefore contains a version of Nodejs that could be vulnerable. Tenable has upgrade these components to address the potential impact of the issues. Note that Nessus has...

GLSA-202508-02 : GPL Ghostscript: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202508-02 GPL Ghostscript: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description...

CBL Mariner 2.0 Security Update: jq (CVE-2025-48060)

"The version of jq installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48060 advisory. - jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present i...

Oracle Linux 10 : unbound (ELSA-2025-12064)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-12064 advisory. 1.20.0-12 - Fix CVE-2025-5994 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Fedora 42 : cef (2025-828bc3d3f5)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-828bc3d3f5 advisory. Update to cef-138.0.25+g251e1c1/chromium138.0.7204.157 rhbz2380429 ---- Update to cef-138.0.21+g54811fe rhbz2379500 Tenable has extracted the preceding...

Oracle GoldenGate for Big Data Multiple Vulnerabilities 21.x < 21.19.0.0.0 (July 2025 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Security-in-Depth issue in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate component: GoldenGate...

AlmaLinux 9 : tomcat (ALSA-2025:11335)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11335 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

Fedora 42 : thunderbird (2025-a52491bdd9)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a52491bdd9 advisory. Update to 128.11.0 https://www.thunderbird.net/en-US/thunderbird/128.11.0esr/releasenotes/...

FreeBSD : sudo -- privilege escalation vulnerability through host and chroot options (24f4b495-56a1-11f0-9621-93abbef07693)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 24f4b495-56a1-11f0-9621-93abbef07693 advisory. Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber Research Unit CRU: Sudo...

Fedora 42 : python-pycares (2025-31830e02b0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-31830e02b0 advisory. 4.9.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue but ha...

Brocade Fabric OS 9.1.x < 9.1.1d7 RCE (BSA-2025-2930)

The version of Brocade FabricOS installed on the remote host is 9.1.x prior to 9.1.1d7. It is, therefore, affected by a remote code execution vulnerability as referenced in the BSA-2025-2930 advisory: - Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user...

Fedora 41 : firefox (2025-1605ec3e86)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1605ec3e86 advisory. - Updated to latest upstream 140.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

NewStart CGSL MAIN 7.02 : ghostscript Multiple Vulnerabilities (NS-SA-2025-0085)

The remote NewStart CGSL host, running version MAIN 7.02, has ghostscript packages installed that are affected by multiple vulnerabilities: - An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code...

Fedora 42 : augeas (2025-6b5c54bd05)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-6b5c54bd05 advisory. CVE-2025-2588 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issu...

IBM DB2 DoS (7235069) (Unix)

According to it self-reported version number, IBM Db2 is affected by a remote code execution vulnerability as a database administrator of one database may execute code or read/write files from another database within the same instance. Note that Nessus has not tested for this issue but has instea...

Fedora 42 : upx (2025-f050ec7d1b)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f050ec7d1b advisory. 5.0.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for these...

Fedora 42 : libvpx (2025-f5bf0fb721)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f5bf0fb721 advisory. Add patch for double free Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

ConnectWise ScreenConnect < 25.2.4 RCE

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 25.2.4. It is, therefore affected by a remote code execution vulnerability: - ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : GLib vulnerability (USN-7532-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7532-1 advisory. It was discovered that Glib incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash...

Atlassian Jira Service Management Data Center and Server 5.11.3 < 5.12.20 / < 5.12.22 / 5.13.x < 10.3.5 / 10.4.x < 10.6.0 (JSDSERVER-16207)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16207 advisory. - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in...