The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21120 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:21065 advisory.

    Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

    Security Fix(es):

    * squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error     handling (CVE-2025-62168)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21141 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088)

    * python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21383 advisory.

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

    Security Fix(es):

    * database/sql: Postgres Scan Race Condition (CVE-2025-47907)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21385 advisory.

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

    Security Fix(es):

    * database/sql: Postgres Scan Race Condition (CVE-2025-47907)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21384 advisory.

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

    Security Fix(es):

    * database/sql: Postgres Scan Race Condition (CVE-2025-47907)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21382 advisory.

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

    Security Fix(es):

    * database/sql: Postgres Scan Race Condition (CVE-2025-47907)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21281 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21248 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)     protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    * openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21280 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21337 advisory.

    The golang packages provide the Go programming language compiler.

    Security Fix(es):

    * database/sql: Postgres Scan Race Condition (CVE-2025-47907)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21336 advisory.

    The golang packages provide the Go programming language compiler.

    Security Fix(es):

    * database/sql: Postgres Scan Race Condition (CVE-2025-47907)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21220 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects     (CVE-2025-52881)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21232 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133)

    * runc: container escape with malicious config due to /dev/console mount and related races     (CVE-2025-52565)

    * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects     (CVE-2025-52881)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21255 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)     protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    * openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21174 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)     protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    * openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21139 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088)

    * python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21138 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088)

    * python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21140 advisory.

    Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization     solution for both traditional and cloud-based enterprise environments.

    Security Fix(es):

    * python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088)

    * python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21142 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088)

    * python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21118 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: do_change_type(): refuse to operate on unmounted/not ours mounts (CVE-2025-38498)

    * kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)

    * kernel: vsock/virtio: Validate length in packet header before skb_put() (CVE-2025-39718)

    * kernel: ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702)

    * kernel: mm: swap: fix potential buffer overflow in setup_clusters() (CVE-2025-39727)

    * kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors (CVE-2025-39757)

    * kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CVE-2025-39751)

    * kernel: x86/vmscape: Add conditional IBPB mitigation (CVE-2025-40300)

    * kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)

    * kernel: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (CVE-2025-39849)

    * kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path (CVE-2025-39841)

    * kernel: kernfs: Fix UAF in polling when open file is released (CVE-2025-39881)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21128 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: eventpoll: Fix semi-unbounded recursion (CVE-2025-38614)

    * kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)

    * kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (CVE-2023-53213)

    * kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (CVE-2023-53185)

    * kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (CVE-2023-53232)

    * kernel: mm: fix zswap writeback race condition (CVE-2023-53178)

    * kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets (CVE-2023-53226)

    * kernel: Bluetooth: L2CAP: Fix use-after-free (CVE-2023-53305)

    * kernel: pstore/ram: Check start of empty przs during init (CVE-2023-53331)

    * kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

    * kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)

    * kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)

    * kernel: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() (CVE-2023-53401)

    * kernel: Bluetooth: Fix potential use-after-free when clear keys (CVE-2023-53386)

    * kernel: iomap: iomap: fix memory corruption when recording errors during writeback (CVE-2022-50406)

    * kernel: crypto: xts - Handle EBUSY correctly (CVE-2023-53494)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21121 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21091 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug (CVE-2022-48701)

    * kernel: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (CVE-2025-38550)

    * kernel: sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)

    * kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)

    * kernel: ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702)

    * kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)

    * kernel: wifi: mac80211: check S1G action frame size (CVE-2023-53257)

    * kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (CVE-2023-53213)

    * kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (CVE-2023-53185)

    * kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (CVE-2023-53232)

    * kernel: mm: fix zswap writeback race condition (CVE-2023-53178)

    * kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets (CVE-2023-53226)

    * kernel: Bluetooth: L2CAP: Fix use-after-free (CVE-2023-53305)

    * kernel: pstore/ram: Check start of empty przs during init (CVE-2023-53331)

    * kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

    * kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)

    * kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags (CVE-2023-53354)

    * kernel: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() (CVE-2023-53401)

    * kernel: Bluetooth: Fix potential use-after-free when clear keys (CVE-2023-53386)

    * kernel: Bluetooth: L2CAP: Fix user-after-free (CVE-2022-50386)

    * kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (CVE-2022-50408)

    * kernel: iomap: iomap: fix memory corruption when recording errors during writeback (CVE-2022-50406)

    * kernel: crypto: xts - Handle EBUSY correctly (CVE-2023-53494)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21136 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug (CVE-2022-48701)

    * kernel: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (CVE-2025-38550)

    * kernel: sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)

    * kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)

    * kernel: ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702)

    * kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)

    * kernel: wifi: mac80211: check S1G action frame size (CVE-2023-53257)

    * kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (CVE-2023-53213)

    * kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (CVE-2023-53185)

    * kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (CVE-2023-53232)

    * kernel: mm: fix zswap writeback race condition (CVE-2023-53178)

    * kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets (CVE-2023-53226)

    * kernel: Bluetooth: L2CAP: Fix use-after-free (CVE-2023-53305)

    * kernel: pstore/ram: Check start of empty przs during init (CVE-2023-53331)

    * kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

    * kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)

    * kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags (CVE-2023-53354)

    * kernel: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() (CVE-2023-53401)

    * kernel: Bluetooth: Fix potential use-after-free when clear keys (CVE-2023-53386)

    * kernel: Bluetooth: L2CAP: Fix user-after-free (CVE-2022-50386)

    * kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (CVE-2022-50408)

    * kernel: iomap: iomap: fix memory corruption when recording errors during writeback (CVE-2022-50406)

    * kernel: crypto: xts - Handle EBUSY correctly (CVE-2023-53494)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21059 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)

    * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures     (CVE-2025-11709)

    * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)

    * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

    * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a     content-type (CVE-2025-11712)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144     and Thunderbird 144 (CVE-2025-11715)

    * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21110 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)

    * bind: Cache poisoning due to weak PRNG (CVE-2025-40780)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21083 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: wifi: mac80211: check S1G action frame size (CVE-2023-53257)

    * kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (CVE-2023-53213)

    * kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (CVE-2023-53185)

    * kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (CVE-2023-53232)

    * kernel: mm: fix zswap writeback race condition (CVE-2023-53178)

    * kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

    * kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)

    * kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)

    * kernel: Bluetooth: L2CAP: Fix user-after-free (CVE-2022-50386)

    * kernel: wifi: cfg80211: fix use-after-free in cmp_bss() (CVE-2025-39864)

    * kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path (CVE-2025-39841)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21111 advisory.

    BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND     includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for     applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating     properly.

    Security Fix(es):

    * bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)

    * bind: Cache poisoning due to weak PRNG (CVE-2025-40780)

    * bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21060 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF)     files.

    Security Fix(es):

    * libtiff: Libtiff Write-What-Where (CVE-2025-9900)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21082 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: HID: core: fix shift-out-of-bounds in hid_report_raw_event (CVE-2022-48978)

    * kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)

    * kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797)

    * kernel: HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)

    * kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CVE-2025-39751)

    * kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21068 advisory.

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable     version of the Ceph storage system with a Ceph management platform, deployment utilities, and support     services.

    These new packages includes numerous bug fixes. Space precludes documenting all of these changes in this     advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most     significant of these changes:

    https://docs.redhat.com/en/documentation/red_hat_ceph_storage/8/html/8.1_release_notes

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21063 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: HID: core: fix shift-out-of-bounds in hid_report_raw_event (CVE-2022-48978)

    * kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)

    * kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797)

    * kernel: HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)

    * kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CVE-2025-39751)

    * kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21064 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)

    * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures     (CVE-2025-11709)

    * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)

    * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

    * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a     content-type (CVE-2025-11712)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144     and Thunderbird 144 (CVE-2025-11715)

    * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:21066 advisory.

    Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

    Security Fix(es):

    * squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error     handling (CVE-2025-62168)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21112 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (CVE-2022-50087)

    * kernel: sunrpc: fix client side handling of tls alerts (CVE-2025-38571)

    * kernel: sunrpc: fix handling of server side tls alerts (CVE-2025-38566)

    * kernel: vsock/virtio: Validate length in packet header before skb_put() (CVE-2025-39718)

    * kernel: ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702)

    * kernel: x86/vmscape: Add conditional IBPB mitigation (CVE-2025-40300)

    * kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)

    * kernel: pstore/ram: Check start of empty przs during init (CVE-2023-53331)

    * kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

    * kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)

    * kernel: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (CVE-2025-39849)

    * kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path (CVE-2025-39841)

    * kernel: crypto: xts - Handle EBUSY correctly (CVE-2023-53494)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21090 advisory.

    Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

    Security Fix(es):

    * squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error     handling (CVE-2025-62168)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21055 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)

    * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures     (CVE-2025-11709)

    * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)

    * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

    * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a     content-type (CVE-2025-11712)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144     and Thunderbird 144 (CVE-2025-11715)

    * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21084 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug (CVE-2022-48701)

    * kernel: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() (CVE-2022-50050)

    * kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (CVE-2023-53213)

    * kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (CVE-2023-53185)

    * kernel: mm: fix zswap writeback race condition (CVE-2023-53178)

    * kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

    * kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)

    * kernel: Bluetooth: Fix potential use-after-free when clear keys (CVE-2023-53386)

    * kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (CVE-2022-50408)

    * kernel: iomap: iomap: fix memory corruption when recording errors during writeback (CVE-2022-50406)

    * kernel: wifi: cfg80211: fix use-after-free in cmp_bss() (CVE-2025-39864)

    * kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path (CVE-2025-39841)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21051 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: eventpoll: Fix semi-unbounded recursion (CVE-2025-38614)

    * kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)

    * kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (CVE-2023-53213)

    * kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (CVE-2023-53185)

    * kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (CVE-2023-53232)

    * kernel: mm: fix zswap writeback race condition (CVE-2023-53178)

    * kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets (CVE-2023-53226)

    * kernel: Bluetooth: L2CAP: Fix use-after-free (CVE-2023-53305)

    * kernel: pstore/ram: Check start of empty przs during init (CVE-2023-53331)

    * kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

    * kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)

    * kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)

    * kernel: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() (CVE-2023-53401)

    * kernel: Bluetooth: Fix potential use-after-free when clear keys (CVE-2023-53386)

    * kernel: iomap: iomap: fix memory corruption when recording errors during writeback (CVE-2022-50406)

    * kernel: crypto: xts - Handle EBUSY correctly (CVE-2023-53494)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21058 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)

    * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures     (CVE-2025-11709)

    * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)

    * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

    * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a     content-type (CVE-2025-11712)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144     and Thunderbird 144 (CVE-2025-11715)

    * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21067 advisory.

    The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote     directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the     Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to     connect to multiple different account sources.

    Security Fix(es):

    * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems     (CVE-2025-11561)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21062 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF)     files.

    Security Fix(es):

    * libtiff: Libtiff Write-What-Where (CVE-2025-9900)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21054 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)

    * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures     (CVE-2025-11709)

    * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)

    * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

    * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a     content-type (CVE-2025-11712)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144     and Thunderbird 144 (CVE-2025-11715)

    * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21061 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF)     files.

    Security Fix(es):

    * libtiff: Libtiff Write-What-Where (CVE-2025-9900)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21057 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)

    * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures     (CVE-2025-11709)

    * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)

    * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

    * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a     content-type (CVE-2025-11712)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144     and Thunderbird 144 (CVE-2025-11715)

    * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21056 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)

    * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures     (CVE-2025-11709)

    * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)

    * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

    * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a     content-type (CVE-2025-11712)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144     and Thunderbird 144 (CVE-2025-11715)

    * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21035 advisory.

    Xwayland is an X server for running X clients under Wayland.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20518 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: can: isotp: fix potential CAN frame reception race in isotp_rcv() (CVE-2022-48830)

    * kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689)

    * kernel: Squashfs: sanity check symbolic link size (CVE-2024-46744)

    * kernel: vfs: fix race between evice_inodes() and find_inode()&iput() (CVE-2024-47679)

    * kernel: x86/tdx: Fix in-kernel MMIO check (CVE-2024-47727)

    * kernel: rxrpc: Fix a race between socket set up and I/O thread creation (CVE-2024-49864)

    * kernel: io_uring: check if we need to reschedule during overflow flush (CVE-2024-50060)

    * kernel: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (CVE-2022-49024)

    * kernel: posix-clock: Fix missing timespec64 check in pc_clock_settime() (CVE-2024-50195)

    * kernel: rxrpc: Fix missing locking causing hanging calls (CVE-2024-50294)

    * kernel: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (CVE-2024-53052)

    * kernel: afs: Fix lock recursion (CVE-2024-53090)

    * kernel: virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119)

    * kernel: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (CVE-2024-53135)

    * kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466)     (CVE-2024-53241)

    * kernel: RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229)

    * kernel: block: fix uaf for flush rq while iterating tags (CVE-2024-53170)

    * kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216)

    * kernel: net: af_can: do not leave a dangling sk pointer in can_create() (CVE-2024-56603)

    * kernel: blk-cgroup: Fix UAF in blkcg_unpin_online() (CVE-2024-56672)

    * kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662)

    * kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675)

    * kernel: can: j1939: j1939_session_new(): fix skb reference counting (CVE-2024-56645)

    * kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY     (CVE-2024-56690)

    * kernel: io_uring: check if iowq is killed before queuing (CVE-2024-56709)

    * kernel: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (CVE-2024-56739)

    * kernel: bpf: put bpf_link's program when link is safe to be deallocated (CVE-2024-56786)

    * kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332)

    * kernel: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (CVE-2024-53680)

    * kernel: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (CVE-2025-21648)

    * kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647)

    * kernel: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (CVE-2025-21631)

    * kernel: zram: fix potential UAF of zram table (CVE-2025-21671)

    * kernel: afs: Fix merge preference rule failure condition (CVE-2025-21672)

    * kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693)

    * kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691)

    * kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696)

    * kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)

    * kernel: usbnet: fix memory leak in error case (CVE-2022-49657)

    * kernel: powerpc/xics: fix refcount leak in icp_opal_init() (CVE-2022-49432)

    * kernel: net: tun: unlink NAPI from device on destruction (CVE-2022-49672)

    * kernel: powerpc/papr_scm: don't requests stats with '0' sized stats buffer (CVE-2022-49353)

    * kernel: powerpc/xive: Fix refcount leak in xive_spapr_init (CVE-2022-49437)

    * kernel: ima: Fix potential memory leak in ima_init_crypto() (CVE-2022-49627)

    * kernel: linux/dim: Fix divide by 0 in RDMA DIM (CVE-2022-49670)

    * kernel: can: isotp: sanitize CAN ID checks in isotp_bind() (CVE-2022-49269)

    * kernel: ima: Fix a potential integer overflow in ima_appraise_measurement (CVE-2022-49643)

    * kernel: powerpc/xive/spapr: correct bitmap allocation size (CVE-2022-49623)

    * kernel: efi: Do not import certificates from UEFI Secure Boot for T2 Macs (CVE-2022-49357)

    * kernel: list: fix a data-race around ep->rdllist (CVE-2022-49443)

    * kernel: tracing/histograms: Fix memory leak problem (CVE-2022-49648)

    * kernel: Input: synaptics - fix crash when enabling pass-through port (CVE-2025-21746)

    * kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795)

    * kernel: bpf: Send signals asynchronously if !preemptible (CVE-2025-21728)

    * kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456)

    * kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987)

    * kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014)

    * kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988)

    * kernel: RDMA/mlx5: Fix implicit ODP use after free (CVE-2025-21714)

    * kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570)

    * kernel: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check     (CVE-2024-57993)

    * kernel: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (CVE-2025-21729)

    * kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989)

    * kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015)

    * kernel: OPP: add index check to assert to avoid buffer overflow in _read_freq() (CVE-2024-57998)

    * kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995)

    * kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796)

    * kernel: scsi: ufs: core: Fix use-after free in init error and remove paths (CVE-2025-21739)

    * kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786)

    * kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738)

    * kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections     (CVE-2024-57986)

    * kernel: padata: avoid UAF for reorder_work (CVE-2025-21726)

    * kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)

    * kernel: team: better TEAM_OPTION_TYPE_STRING validation (CVE-2025-21787)

    * kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981)

    * kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790)

    * kernel: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (CVE-2024-57990)

    * kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765)

    * kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012)

    * kernel: blk-cgroup: Fix class @block_class's subsystem refcount leakage (CVE-2025-21745)

    * kernel: net: let net.core.dev_weight always be non-zero (CVE-2025-21806)

    * kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072)

    * kernel: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (CVE-2024-58068)

    * kernel: wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-58062)

    * kernel: idpf: convert workqueues to unbound (CVE-2024-58057)

    * kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828)

    * kernel: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (CVE-2024-58083)

    * kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826)

    * kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077)

    * kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075)

    * kernel: RDMA/rxe: Fix the warning __rxe_cleanup+0x12c/0x170 [rdma_rxe] (CVE-2025-21829)

    * kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (CVE-2025-21839)

    * kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837)

    * kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350)

    * kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357)

    * kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851)

    * kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855)

    * kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844)

    * kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)

    * kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847)

    * kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864)

    * kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088)

    * kernel: acct: perform last write from workqueue (CVE-2025-21846)

    * kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()     (CVE-2025-21861)

    * kernel: io_uring: prevent opcode speculation (CVE-2025-21863)

    * kernel: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (CVE-2025-21848)

    * kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056)

    * kernel: can: j1939: j1939_send_one(): fix missing CAN header initialization (CVE-2022-49845)

    * kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994)

    * kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116)

    * kernel: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (CVE-2025-38396)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20954 advisory.

    The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote     directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the     Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to     connect to multiple different account sources.

    Security Fix(es):

    * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems     (CVE-2025-11561)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
275458	RHEL 10 : firefox (RHSA-2025:21120)	high
275457	RHEL 10 : squid (RHSA-2025:21065)	high
275456	RHEL 10 : python-kdcproxy (RHSA-2025:21141)	high
275381	RHEL 8 : go-toolset:rhel8 (RHSA-2025:21383)	high
275380	RHEL 8 : go-toolset:rhel8 (RHSA-2025:21385)	high
275379	RHEL 8 : go-toolset:rhel8 (RHSA-2025:21384)	high
275378	RHEL 8 : go-toolset:rhel8 (RHSA-2025:21382)	high
275374	RHEL 10 : firefox (RHSA-2025:21281)	high
275373	RHEL 10 : openssl (RHSA-2025:21248)	high
275372	RHEL 9 : firefox (RHSA-2025:21280)	high
275371	RHEL 9 : golang (RHSA-2025:21337)	high
275370	RHEL 9 : golang (RHSA-2025:21336)	high
275301	RHEL 10 : podman (RHSA-2025:21220)	high
275300	RHEL 8 : container-tools:rhel8 (RHSA-2025:21232)	high
275299	RHEL 9 : openssl (RHSA-2025:21255)	high
275259	RHEL 9 : openssl (RHSA-2025:21174)	high
275245	RHEL 9 : python-kdcproxy (RHSA-2025:21139)	high
275244	RHEL 9 : python-kdcproxy (RHSA-2025:21138)	high
275243	RHEL 8 : idm:DL1 (RHSA-2025:21140)	high
275242	RHEL 10 : python-kdcproxy (RHSA-2025:21142)	high
275177	RHEL 10 : kernel (RHSA-2025:21118)	high
275176	RHEL 9 : kernel-rt (RHSA-2025:21128)	high
275175	RHEL 9 : firefox (RHSA-2025:21121)	high
275174	RHEL 9 : kernel (RHSA-2025:21091)	high
275173	RHEL 9 : kernel-rt (RHSA-2025:21136)	high
275163	RHEL 9 : firefox (RHSA-2025:21059)	critical
275162	RHEL 9 : bind (RHSA-2025:21110)	high
275161	RHEL 8 : kernel (RHSA-2025:21083)	high
275160	RHEL 9 : bind9.18 (RHSA-2025:21111)	high
275159	RHEL 8 : libtiff (RHSA-2025:21060)	high
275158	RHEL 7 : kernel-rt (RHSA-2025:21082)	high
275157	RHEL 9 : Red Hat Ceph Storage 8.1 update (Important) (RHSA-2025:21068)	medium
275156	RHEL 7 : kernel (RHSA-2025:21063)	high
275155	RHEL 9 : firefox (RHSA-2025:21064)	critical
275154	RHEL 9 : squid (RHSA-2025:21066)	high
275153	RHEL 9 : kernel (RHSA-2025:21112)	high
275152	RHEL 8 : squid:4 (RHSA-2025:21090)	high
274974	RHEL 8 : firefox (RHSA-2025:21055)	critical
274973	RHEL 8 : kernel (RHSA-2025:21084)	high
274937	RHEL 9 : kernel (RHSA-2025:21051)	high
274936	RHEL 9 : firefox (RHSA-2025:21058)	critical
274935	RHEL 9 : sssd (RHSA-2025:21067)	high
274934	RHEL 8 : libtiff (RHSA-2025:21062)	high
274933	RHEL 8 : firefox (RHSA-2025:21054)	critical
274932	RHEL 8 : libtiff (RHSA-2025:21061)	high
274931	RHEL 8 : firefox (RHSA-2025:21057)	critical
274930	RHEL 8 : firefox (RHSA-2025:21056)	critical
274841	RHEL 10 : xorg-x11-server-Xwayland (RHSA-2025:21035)	high
274839	RHEL 9 : kernel (RHSA-2025:20518)	high
274829	RHEL 9 : sssd (RHSA-2025:20954)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

critical

high

high

high

high

high

medium

high

critical

high

high

high

critical

high

high

critical

high

high

critical

high

critical

critical

high

high

high