43 matches found
PT-2026-35539
Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Spring Boot versions 3.5.0 through 3.5.13 Description When configured to use an SSL bundle, the RabbitMQ auto-configuration fails to perform hostname verification during the connection process to the...
Node.js 18.x < 18.20.6 / 20.x < 20.18.2 / 22.x < 22.13.1 / 23.x < 23.6.1 Multiple Vulnerabilities (Tuesday, January 21, 2025 Security Releases).
The version of Node.js installed on the remote host is prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, January 21, 2025 Security Releases advisory. - A vulnerability has been identified in Node.js, specifically...
Tableau Server 2023.3.x < 2023.3.19 / 2024.2.x < 2024.2.12 / 2025.1.x < 2025.1.3 Multiple Vulnerabilities (005105043)
The version of Tableau Server installed on the remote host is prior to 2023.3.19, 2024.2.12 and 2025.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 005105043 and 005132575 advisories, including: - Improper Limitation of a Pathname to a Restricted Directory 'Path...
MongoDB 6.0.x < 6.0.21 / 7.0.x < 7.0.17 / 8.0.x < 8.0.4 Unexpected Behavior (SERVER-106746)
The version of MongoDB installed on the remote host is 6.0 prior to 6.0.21, 7.0 prior to 7.0.17 and 8.0 prior to 8.0.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-106746 advisory. - An authenticated user may trigger a use after free that may result in MongoDB Server...
Atlassian Confluence 9.2.4 < 9.2.6 / 9.4.x < 9.5.2 (CONFSERVER-100164)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-100164 advisory. - A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discover...
MongoDB 6.0.x < 6.0.23 / 7.0.x < 7.0.20 / 8.0.x < 8.0.9 Incorrect Handling of Incomplete Data (SERVER-106753)
The version of MongoDB installed on the remote host is 6.0 prior to 6.0.23, 7.0 prior to 7.0.20 and 8.0 prior to 8.0.9. It is, therefore, affected by a vulnerability as referenced in the SERVER-106753 advisory. - MongoDB Server's mongos component can become unresponsive to new connections due to...
Mozilla Firefox < 141.0
The version of Firefox installed on the remote Windows host is prior to 141.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-56 advisory. - Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption...
Splunk Enterprise 9.1.0 < 9.1.10, 9.2.0 < 9.2.7, 9.3.0 < 9.3.5, 9.4.0 < 9.4.3 (SVD-2025-0702)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0702 advisory. - In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege...
PHP 8.4.x < 8.4.10 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.4.10. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.4.10 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...
PHP 8.2.x < 8.2.29 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.2.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.29 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...
Google Chrome < 138.0.7204.92 Vulnerability
The version of Google Chrome installed on the remote macOS host is prior to 138.0.7204.92. It is, therefore, affected by a vulnerability as referenced in the 202506stable-channel-update-for-desktop30 advisory. - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacke...
Amazon Linux 2 : postgresql (ALAS-2025-2902)
The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2902 advisory. Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of...
Streamline NX Client 3.5.0 - 3.7.0 MiTM (2025-000006)
The version of Streamline NX Client installed on the remote host is between 3.5.0 and 3.7.0. It is, therefore, affected by a vulnerability as referenced in the 2025-000006 advisory. It contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-midd...
FreeBSD : chromium -- multiple security fixes (4323e86c-2422-4fd7-8c8f-ec71c81ea7dd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 4323e86c-2422-4fd7-8c8f-ec71c81ea7dd advisory. Chrome Releases reports: This update includes 3 security fixes: Tenable has extracted the...
TencentOS Server 4: qt5-qtbase (TSSA-2024:0282)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0282 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
FreeBSD : electron{34,35} -- multiple vulnerabilities (47ef0ac6-38fc-4b35-850b-c794f04619fe)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 47ef0ac6-38fc-4b35-850b-c794f04619fe advisory. Electron developers report: This update fixes the following vulnerability: Tenable has extract...
F5 Networks BIG-IP : BIG-IP HTTP vulnerability (K000139571)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.5 / 17.1.2. It is, therefore, affected by a vulnerability as referenced in the K000139571 advisory. When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests c...
Amazon Linux 2 : docker (ALASECS-2025-061)
The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-061 advisory. In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection...
Debian: Security Advisory (DSA-5897-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Adobe Bridge 14.x < 14.1.6 / 15.x < 15.0.3 Vulnerability (APSB25-25)
The version of Adobe Bridge installed on the remote Windows host is prior to 14.1.6 or 15.0.3. It is, therefore, affected by a vulnerability as referenced in the apsb25-25 advisory. - Heap-based Buffer Overflow CWE-122 potentially leading to Arbitrary code execution CVE-2025-27193 Note that Nessu...