According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-14 advisory.

  - An integer overflow can be triggered in SQLite's `concat_ws()` function. The resulting, truncated integer     is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the     original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can     result in arbitrary code execution. (CVE-2025-3277)

  - When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl     should check the public key of the server certificate to verify the peer. This check was skipped in a     certain condition that would then make curl allow the connection without performing the proper check, thus     not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2     built to use GnuTLS and the user had to explicitly disable the standard certificate verification.
    (CVE-2025-13034)

  - When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread     would inadvertently change them globally and therefore possibly also affect other concurrently setup     transfers. Disabling certificate verification for a specific transfer could unintentionally disable the     feature for other threads as well. (CVE-2025-14017)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Nessus Network Monitor < 6.5.4 Multiple Vulnerabilities (TNS-2026-14)

medium Nessus Plugin ID 314931

Version 1.2