Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16515 advisory.

  - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are     vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function. (CVE-2022-25927)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102186 advisory.

  - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are     vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function. (CVE-2022-25927)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Tenable Security Center running on the remote host is version 6.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-12 advisory.

  - In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written     beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a     large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer,     and thus malloc may not allocate enough memory. (CVE-2025-29087)

  - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are     vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function. (CVE-2022-25927)

  - An integer overflow can be triggered in SQLite's `concat_ws()` function. The resulting, truncated integer     is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the     original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can     result in arbitrary code execution. (CVE-2025-3277)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.6.0 and missing relevant patches. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-09 advisory.

  - In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written     beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a     large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer,     and thus malloc may not allocate enough memory. (CVE-2025-29087)

  - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are     vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function. (CVE-2022-25927)

  - An integer overflow can be triggered in SQLite's `concat_ws()` function. The resulting, truncated integer     is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the     original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can     result in arbitrary code execution. (CVE-2025-3277)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are     vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function. (CVE-2022-25927)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
305913	Atlassian Jira Service Management Data Center and Server 5.17.2 < 10.3.17 / 10.4.x < 11.3.0 (JSDSERVER-16515)	Nessus	Misc.	high
299661	Atlassian Confluence 9.0.0 < 9.2.14 / 9.2.15 / 9.3.1 < 10.2.3 / 10.2.6 (CONFSERVER-102186)	Nessus	CGI abuses	high
241099	Tenable Security Center Multiple Vulnerabilities (TNS-2025-12)	Nessus	Misc.	medium
237580	Tenable Security Center Multiple Vulnerabilities (TNS-2025-09)	Nessus	Misc.	medium
224597	Linux Distros Unpatched Vulnerability : CVE-2022-25927	Nessus	Misc.	high

Detections

Analytics

CVE-2022-25927

high

Tenable Plugins

high

high

medium

medium

high