Windows 11 24H2 | Server 2025 - Recovery Media Issue

Issue Resolved in May 13 2025 Windows Update KB5058411 The underlying issue causing recovery media to have the problems documented in this article was resolved in Microsoft Update KB5058411 for Windows 11 and Server 2025. After applying the update, the recovery media must be recreated. Challenge...

Debian: Security Advisory (DSA-5884-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-34c88263fe)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : chromium (2025-bee62eff98)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-bee62eff98 advisory. Update to 134.0.6998.117 Critical CVE-2025-2476: Use after free in Lens Tenable has extracted the preceding description block directly from the Fedo...

Fedora: Security Advisory (FEDORA-2025-2fe21e3da5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tenable Nessus Agent Privilege Escalation Vulnerability (TNS-2025-02, TNS-2025-03)

Tenable Nessus Agent is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Liferay Portal CE 7.4.3.82 < 7.4.3.129 XSS

The detected install of Liferay Portal CE is affected by a cross-site scripting XSS vulnerability in the Frontend JS module's layout-taglib/liferay/index.js that allows remote attackers to inject arbitrary web script or HTML via toastData parameter Note that Nessus has not tested for this issue b...

Debian: Security Advisory (DLA-4088-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-4086-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome Security Update (stable-channel-update-for-desktop_19-2025-03) - Windows

Google Chrome is prone to an use-after-free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Drupal XSS Vulnerability (SA-CORE-2025-004) - Windows

Drupal is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout

A discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal transaction from a product page or the cart page and then returns to the order summary page, they can still manipulate the car...

Tiki Wiki CMS Groupware <= 29.0 Multiple XSS Vulnerabilities

Tiki Wiki CMS Groupware is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

RockyLinux 9 : oci-seccomp-bpf-hook (RLSA-2024:9277)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9277 advisory. golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 Tenable has extracted the preceding description block directly from the RockyLinux...

Debian: Security Advisory (DSA-5880-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5881-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tiki Wiki CMS Groupware < 28.0 Multiple Vulnerabilities

Tiki Wiki CMS Groupware is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mageia: Security Advisory (MGASA-2025-0100)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-29912

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the...

RLSA-2024:9136 Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow...