The version of AOS installed on the remote host is prior to 7.5.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.1.2 advisory.

  - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable     Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the     png_set_quantize() API function. When the function is called with no histogram and the number of colors in     the palette is more than twice the maximum supported by the user's display, certain palettes will cause     the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer.
    The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is     fixed in 1.6.55. (CVE-2026-25646)

  - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP     responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification     or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This     issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat:
    from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114. The following     versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through     1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected. Apache Tomcat Native users are     recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue. Apache Tomcat     users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which     fix the issue. (CVE-2026-24734)

  - Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a     BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before     the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have     various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass     conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the     helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the     destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes,     but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is     added to the output length without validation, causing the length to become negative. The subsequent     trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer.
    The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-     controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue,     PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to     provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one     zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity     according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this     issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4,     3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.
    (CVE-2025-69419)

  - In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to     operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated     data. There is no benefit in operating in-place in algif_aead since the source and destination come from     different mappings. Get rid of all the complexity added for in-place operation and just copy the AD     directly. (CVE-2026-31431)

  - Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow     vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The     vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim     copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes     (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been     patched in version 9.1.2132. (CVE-2026-25749)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.1.2)

high Nessus Plugin ID 310779

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.6 May 11, 2026, 8:26 PM Detection (updated detection logic) Plugin Feed: 202605112026
Version 1.5 May 10, 2026, 2:27 AM Detection (updated detection logic) Plugin Feed: 202605100227
Version 1.4 May 9, 2026, 8:13 PM CISA reference Exploit attributes ("Exploit framework core" set to "True") Exploit attributes ("Exploit framework metasploit" set to "True") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202605092013
Version 1.3 May 9, 2026, 8:04 AM CVE (set "CVE" coverage to "CVE-2025-15281,CVE-2025-61662,CVE-2025-69419,CVE-2026-0915,CVE-2026-22695,CVE-2026-22801,CVE-2026-24734,CVE-2026-25646,CVE-2026-25749,CVE-2026-31431") CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:A") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Plugin metadata Plugin Feed: 202605090804
Version 1.2 May 7, 2026, 8:04 AM Detection (updated detection logic) Plugin Feed: 202605070804
Version 1.1 Apr 29, 2026, 12:50 PM New Plugin Feed: 202604291250