The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22175 advisory.

    Expat is a C library for parsing XML documents.

    Security Fix(es):

    * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small     document that is submitted for parsing (CVE-2025-59375)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22162 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c     (CVE-2025-9714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22168 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)

    * bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)

    * bind: Cache poisoning due to weak PRNG (CVE-2025-40780)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22163 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c     (CVE-2025-9714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22368 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22375 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22372 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22187 advisory.

    Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.1.2 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 8.1.1, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 8.1.2 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.1.z] (CVE-2025-4949)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22370 advisory.

    IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

    This update upgrades IBM Java SE 8 to version 8 SR8-FP55.

    Security Fix(es):

    * Enhance certificate handling (CVE-2025-53057)

    * Enhance Path Factories (CVE-2025-53066)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22177 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c     (CVE-2025-9714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22374 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22181 advisory.

    The golang packages provide the Go programming language compiler.

    Security Fix(es):

    * os/exec: Unexpected paths returned from LookPath in os/exec (CVE-2025-47906)

    * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22392 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)

    * kernel: wifi: cfg80211: fix use-after-free in cmp_bss() (CVE-2025-39864)

    * kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)

    * kernel: kernfs: Fix UAF in polling when open file is released (CVE-2025-39881)

    * kernel: wifi: mt76: fix linked list corruption (CVE-2025-39918)

    * kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955)

    * kernel: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (CVE-2025-40186)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22377 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c     (CVE-2025-9714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22371 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22361 advisory.

    The Qt 6 Quick3D library.

    Security Fix(es):

    * assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow     (CVE-2025-11277)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22388 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)

    * kernel: smb: client: fix race with concurrent opens in rename(2) (CVE-2025-39825)

    * kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)

    * kernel: e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898)

    * kernel: nbd: fix incomplete validation of ioctl arg (CVE-2023-53513)

    * kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22387 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)

    * kernel: smb: client: fix race with concurrent opens in rename(2) (CVE-2025-39825)

    * kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)

    * kernel: e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898)

    * kernel: nbd: fix incomplete validation of ioctl arg (CVE-2023-53513)

    * kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22365 advisory.

    X.Org is an open-source implementation of the X Window System. It provides the basic low-level     functionality that full-fledged graphical user interfaces are designed upon.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22376 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c     (CVE-2025-9714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22188 advisory.

    Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.1.2 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 8.1.1, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 8.1.2 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.1.z] (CVE-2025-4949)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22373 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22369 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22205 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22364 advisory.

    X.Org is an open-source implementation of the X Window System. It provides the basic low-level     functionality that full-fledged graphical user interfaces are designed upon.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22367 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22363 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22549 advisory.

    Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in     both Qt C++ and Qt Quick applications).

    Security Fix(es):

    * assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow     (CVE-2025-11277)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22607 advisory.

    Expat is a C library for parsing XML documents.

    Security Fix(es):

    * expat: internal entity expansion (CVE-2013-0340)

    * expat: integer overflow in the doProlog function (CVE-2022-23990)

    * libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)

    * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small     document that is submitted for parsing (CVE-2025-59375)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22571 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)

    * kernel: e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898)

    * kernel: wifi: mt76: fix linked list corruption (CVE-2025-39918)

    * kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955)

    * kernel: i40e: fix idx validation in config queues msg (CVE-2025-39971)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:22255 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container     Platform 4.20.6. See the following advisory for the container images for     this release:

    https://access.redhat.com/errata/RHSA-2025:22257

    Security Fix(es):

    * golang: archive/tar: Unbounded allocation when parsing GNU sparse map     (CVE-2025-58183)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

    All OpenShift Container Platform 4.20 users are advised to upgrade to these     updated packages and images when they are available in the appropriate     release channel. To check for available updates, use the OpenShift CLI (oc)     or web console. Instructions for upgrading a cluster are available at     https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-     single/updating_clusters/index#updating-cluster-cli.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22393 advisory.

    Scalable Vector Graphics (SVG) is an XML-based language for describing two-dimensional vector graphics. Qt     provides classes for rendering and displaying SVG drawings in widgets and on other paint devices.

    Security Fix(es):

    * qtsvg: Uncontrolled recursion in Qt SVG module (CVE-2025-10728)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22413 advisory.

    Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in     both Qt C++ and Qt Quick applications).

    Security Fix(es):

    * assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow     (CVE-2025-11277)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22405 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)

    * kernel: wifi: cfg80211: fix use-after-free in cmp_bss() (CVE-2025-39864)

    * kernel: e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898)

    * kernel: wifi: mt76: fix linked list corruption (CVE-2025-39918)

    * kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955)

    * kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981)

    * kernel: iommu/vt-d: Disallow dirty tracking if incoherent page walk (CVE-2025-40058)

    * kernel: ice: ice_adapter: release xa entry on adapter allocation failure (CVE-2025-40185)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22394 advisory.

    Scalable Vector Graphics (SVG) is an XML-based language for describing two-dimensional vector graphics. Qt     provides classes for rendering and displaying SVG drawings in widgets and on other paint devices.

    Security Fix(es):

    * qtsvg: Uncontrolled recursion in Qt SVG module (CVE-2025-10728)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:22398 advisory.

    The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based     applications.

    Security Fix(es):

    * haproxy: denial of service vulnerability in HAProxy mjson library (CVE-2025-11230)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22417 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10922)

    * gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2025-10920)

    * gimp: GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability (CVE-2025-10923)

    * gimp: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10921)

    * gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10925)

    * gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability (CVE-2025-10924)

    * gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10934)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22395 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: ublk: make sure ubq->canceling is set when queue is frozen (CVE-2025-22068)

    * kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)

    * kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)

    * kernel: e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898)

    * kernel: wifi: mt76: fix linked list corruption (CVE-2025-39918)

    * kernel: i40e: fix idx validation in config queues msg (CVE-2025-39971)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22414 advisory.

    Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in     both Qt C++ and Qt Quick applications).

    Security Fix(es):

    * assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow     (CVE-2025-11277)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22497 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10922)

    * gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10934)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22449 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22445 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10922)

    * gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10934)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22451 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22496 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10922)

    * gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10934)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22427 advisory.

    X.Org is an open-source implementation of the X Window System. It provides the basic low-level     functionality that full-fledged graphical user interfaces are designed upon.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22426 advisory.

    X.Org is an open-source implementation of the X Window System. It provides the basic low-level     functionality that full-fledged graphical user interfaces are designed upon.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22498 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10922)

    * gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10934)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:22422 advisory.

    The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based     applications.

    Security Fix(es):

    * haproxy: denial of service vulnerability in HAProxy mjson library (CVE-2025-11230)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22450 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)

    * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)

    * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)

    * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)

    * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)

    * firefox: Race condition in the Graphics component (CVE-2025-13012)

    * firefox: Spoofing issue in Firefox (CVE-2025-13015)

    * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)

    * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:22399 advisory.

    The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based     applications.

    Security Fix(es):

    * haproxy: denial of service vulnerability in HAProxy mjson library (CVE-2025-11230)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
277357	RHEL 9 : expat (RHSA-2025:22175)	high
277356	RHEL 9 : libxml2 (RHSA-2025:22162)	medium
277355	RHEL 8 : bind9.16 (RHSA-2025:22168)	medium
277354	RHEL 9 : libxml2 (RHSA-2025:22163)	medium
277221	RHEL 8 : firefox (RHSA-2025:22368)	high
277220	RHEL 9 : firefox (RHSA-2025:22375)	high
277219	RHEL 8 : firefox (RHSA-2025:22372)	high
277218	RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.2 (RHSA-2025:22187)	medium
277217	RHEL 8 : java-1.8.0-ibm (RHSA-2025:22370)	high
277216	RHEL 9 : libxml2 (RHSA-2025:22177)	medium
277215	RHEL 9 : firefox (RHSA-2025:22374)	high
277214	RHEL 9 : golang (RHSA-2025:22181)	medium
277213	RHEL 9 : kernel (RHSA-2025:22392)	high
277212	RHEL 9 : libxml2 (RHSA-2025:22377)	medium
277211	RHEL 7 : firefox (RHSA-2025:22371)	high
277210	RHEL 10 : qt6-qtquick3d (RHSA-2025:22361)	medium
277209	RHEL 8 : kernel (RHSA-2025:22388)	high
277208	RHEL 8 : kernel-rt (RHSA-2025:22387)	high
277207	RHEL 9 : xorg-x11-server (RHSA-2025:22365)	high
277206	RHEL 9 : libxml2 (RHSA-2025:22376)	medium
277205	RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.1.2 Security update (Moderate) (RHSA-2025:22188)	medium
277204	RHEL 9 : firefox (RHSA-2025:22373)	high
277203	RHEL 8 : firefox (RHSA-2025:22369)	high
277202	RHEL 7 : bind (RHSA-2025:22205)	high
277201	RHEL 9 : xorg-x11-server (RHSA-2025:22364)	high
277200	RHEL 8 : firefox (RHSA-2025:22367)	high
277199	RHEL 8 : firefox (RHSA-2025:22363)	high
277138	RHEL 9 : qt5-qt3d (RHSA-2025:22549)	medium
277137	RHEL 8 : expat (RHSA-2025:22607)	high
277127	RHEL 10 : kernel (RHSA-2025:22571)	high
277126	RHEL 9 : OpenShift Container Platform 4.20.6 (RHSA-2025:22255)	medium
277067	RHEL 10 : qt6-qtsvg (RHSA-2025:22393)	critical
277066	RHEL 9 : qt5-qt3d (RHSA-2025:22413)	medium
277065	RHEL 9 : kernel (RHSA-2025:22405)	high
277064	RHEL 10 : qt6-qtsvg (RHSA-2025:22394)	critical
277063	RHEL 9 : haproxy (RHSA-2025:22398)	high
277062	RHEL 8 : gimp:2.8 (RHSA-2025:22417)	high
277061	RHEL 10 : kernel (RHSA-2025:22395)	high
277060	RHEL 9 : qt5-qt3d (RHSA-2025:22414)	medium
277047	RHEL 9 : gimp (RHSA-2025:22497)	high
277044	RHEL 9 : thunderbird (RHSA-2025:22449)	high
276995	RHEL 9 : gimp (RHSA-2025:22445)	high
276994	RHEL 9 : thunderbird (RHSA-2025:22451)	high
276993	RHEL 9 : gimp (RHSA-2025:22496)	high
276950	RHEL 8 : xorg-x11-server (RHSA-2025:22427)	high
276949	RHEL 8 : xorg-x11-server (RHSA-2025:22426)	high
276948	RHEL 9 : gimp (RHSA-2025:22498)	high
276947	RHEL 9 : haproxy (RHSA-2025:22422)	high
276946	RHEL 9 : thunderbird (RHSA-2025:22450)	high
276934	RHEL 9 : haproxy (RHSA-2025:22399)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

medium

medium

medium

high

high

high

medium

high

medium

high

medium

high

medium

high

medium

high

high

high

medium

medium

high

high

high

high

high

high

medium

high

high

medium

critical

medium

high

critical

high

high

high

medium

high

high

high

high

high

high

high

high

high

high

high