The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21032 advisory.

    Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access     Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate     packages.  libsoup uses the Glib main loop and is designed to work well with GTK applications. This     enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion,     very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who     want it), but the SOAP parts were removed long ago.

    Security Fix(es):

    * libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945)

    * libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21006 advisory.

    DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6     and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal,     rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update     mechanism, using stand-alone DDNS daemon.

    Security Fix(es):

    * kea: Kea crash upon interaction between specific client options and subnet selection (CVE-2025-40779)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21036 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-     separated parameters (CVE-2025-59830)

    * rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)

    * rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory     exhaustion) (CVE-2025-61771)

    * rack: Rack memory exhaustion denial of service (CVE-2025-61772)

    * rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion     (CVE-2025-61919)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21015 advisory.

    Vim (Vi IMproved) is an updated and improved version of the vi editor.

    Security Fix(es):

    * vim: Vim path traversal (CVE-2025-53906)

    * vim: Vim path traversial (CVE-2025-53905)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20955 advisory.

    Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can     contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data     set. You can persist it either by dumping the data set to disk every once in a while, or by appending each     command to a log.

    Security Fix(es):

    * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)

    * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)

    * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)

    * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21030 advisory.

    Expat is a C library for parsing XML documents.

    Security Fix(es):

    * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small     document that is submitted for parsing (CVE-2025-59375)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20961 advisory.

    X.Org is an open-source implementation of the X Window System. It provides the basic low-level     functionality that full-fledged graphical user interfaces are designed upon.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20958 advisory.

    Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop     environment not only on the machine where it is running, but from anywhere on the Internet and from a wide     variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20959 advisory.

    The libsoup packages provide an HTTP client and server library for GNOME.

    Security Fix(es):

    * libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945)

    * libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20943 advisory.

    libssh is a library which implements the SSH protocol. It can be used to implement client and server     applications.

    Security Fix(es):

    * libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20998 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF)     files.

    Security Fix(es):

    * libtiff: Libtiff Write-What-Where (CVE-2025-9900)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21037 advisory.

    Scalable Vector Graphics (SVG) is an XML-based language for describing two-dimensional vector graphics. Qt     provides classes for rendering and displaying SVG drawings in widgets and on other paint devices.

    Security Fix(es):

    * qtsvg: Use-after-free vulnerability in Qt SVG (CVE-2025-10729)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20994 advisory.

    Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization     solution for both traditional and cloud-based enterprise environments.

    Security Fix(es):

    * FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20909 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * database/sql: Postgres Scan Race Condition (CVE-2025-47907)

    * podman: Podman kube play command may overwrite host files (CVE-2025-9566)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:21002 advisory.

    Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

    Security Fix(es):

    * squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error     handling (CVE-2025-62168)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21013 advisory.

    libssh is a library which implements the SSH protocol. It can be used to implement client and server     applications.

    Security Fix(es):

    * libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21038 advisory.

    DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6     and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal,     rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update     mechanism, using stand-alone DDNS daemon.

    Security Fix(es):

    * kea: Invalid characters cause assert (CVE-2025-11232)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20962 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-     separated parameters (CVE-2025-59830)

    * rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)

    * rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory     exhaustion) (CVE-2025-61771)

    * rack: Rack memory exhaustion denial of service (CVE-2025-61772)

    * rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion     (CVE-2025-61919)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21020 advisory.

    The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote     directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the     Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to     connect to multiple different account sources.

    Security Fix(es):

    * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems     (CVE-2025-11561)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20983 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * database/sql: Postgres Scan Race Condition (CVE-2025-47907)

    * podman: Podman kube play command may overwrite host files (CVE-2025-9566)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21034 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)

    * bind: Cache poisoning due to weak PRNG (CVE-2025-40780)

    * bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20838 advisory.

    The zziplib is a lightweight library to easily extract data from zip files.

    Security Fix(es):

    * zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20936 advisory.

    SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A     complete database is stored in a single disk file. The API is designed for convenience and ease of use.
    Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the     administrative hassles of supporting a separate database server.

    Security Fix(es):

    * sqlite: Integer Truncation in SQLite (CVE-2025-6965)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:20935 advisory.

    Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

    Security Fix(es):

    * squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error     handling (CVE-2025-62168)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20145 advisory.

    The shadow-utils packages include programs for converting UNIX password files to the shadow password     format, as well as utilities for managing user and group accounts.

    Security Fix(es):

    * shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise     (CVE-2024-56433)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20532 advisory.

    The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and     customizable boot loader with modular architecture. The packages support a variety of kernel formats, file     systems, computer architectures, and hardware devices.

    Security Fix(es):

    * grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write. (CVE-2024-45777)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20801 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF)     files.

    Security Fix(es):

    * libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM (CVE-2023-52355)

    * libtiff: Segment fault in libtiff  in TIFFReadRGBATileExt() leading to denial of service     (CVE-2023-52356)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20945 advisory.

    Vim (Vi IMproved) is an updated and improved version of the vi editor.

    Security Fix(es):

    * vim: Vim path traversal (CVE-2025-53906)

    * vim: Vim path traversial (CVE-2025-53905)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20155 advisory.

    The binutils packages provide a collection of binary utilities for the manipulation of object code in     various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf,     size, strings, strip, and addr2line utilities.

    Security Fix(es):

    * binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption (CVE-2025-5244)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20926 advisory.

    Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can     contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data     set. You can persist it either by dumping the data set to disk every once in a while, or by appending each     command to a log.

    Security Fix(es):

    * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)

    * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)

    * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)

    * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:20957 advisory.

    The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides     container runtime.

    Security Fix(es):

    * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133)

    * runc: container escape with malicious config due to /dev/console mount and related races     (CVE-2025-52565)

    * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects     (CVE-2025-52881)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20928 advisory.

    Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization     solution for both traditional and cloud-based enterprise environments.

    Security Fix(es):

    * FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20960 advisory.

    Xwayland is an X server for running X clients under Wayland.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20922 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    Security Fix(es):

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43272)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash     (CVE-2025-43342)

    * webkitgtk: A website may be able to access sensor information without user consent (CVE-2025-43356)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43368)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash     (CVE-2025-43343)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20963 advisory.

    Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in     both Qt C++ and Qt Quick applications).

    Security Fix(es):

    * assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow     (CVE-2025-11277)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20095 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466)     (CVE-2024-53241)

    * kernel: exfat: fix out-of-bounds access of directory entries (CVE-2024-53147)

    * kernel: zram: fix NULL pointer in comp_algorithm_show() (CVE-2024-53222)

    * kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216)

    * kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662)

    * kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675)

    * kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY     (CVE-2024-56690)

    * kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332)

    * kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901)

    * kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902)

    * kernel: io_uring/sqpoll: zero sqd->thread on tctx errors (CVE-2025-21633)

    * kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CVE-2025-21652)

    * kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647)

    * kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655)

    * kernel: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled (CVE-2024-57941)

    * kernel: netfs: Fix ceph copy to cache on write-begin (CVE-2024-57942)

    * kernel: zram: fix potential UAF of zram table (CVE-2025-21671)

    * kernel: pktgen: Avoid out-of-bounds access in get_imix_entries (CVE-2025-21680)

    * kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693)

    * kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691)

    * kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696)

    * kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)

    * kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732)

    * kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795)

    * kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456)

    * kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987)

    * kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014)

    * kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988)

    * kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570)

    * kernel: media: intel/ipu6: remove cpu latency qos request on error (CVE-2024-58004)

    * kernel: usbnet: ipheth: use static NDP16 location in URB (CVE-2025-21742)

    * kernel: usbnet: ipheth: fix possible overflow in DPE length check (CVE-2025-21743)

    * kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989)

    * kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015)

    * kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995)

    * kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796)

    * kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786)

    * kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005)

    * kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CVE-2024-58013)

    * kernel: ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777)

    * kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738)

    * kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections     (CVE-2024-57986)

    * kernel: padata: avoid UAF for reorder_work (CVE-2025-21726)

    * kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)

    * kernel: HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020)

    * kernel: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition (CVE-2024-57984)

    * kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761)

    * kernel: sched_ext: Fix incorrect autogroup migration detection (CVE-2025-21771)

    * kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981)

    * kernel: memcg: fix soft lockup in the OOM process (CVE-2024-57977)

    * kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790)

    * kernel: usbnet: ipheth: fix DPE OoB read (CVE-2025-21741)

    * kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785)

    * kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765)

    * kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (CVE-2024-58006)

    * kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012)

    * kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750)

    * kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072)

    * kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069)

    * kernel: wifi: mac80211: prohibit deactivating all links (CVE-2024-58061)

    * kernel: idpf: convert workqueues to unbound (CVE-2024-58057)

    * kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828)

    * kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826)

    * kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077)

    * kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075)

    * kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837)

    * kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350)

    * kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357)

    * kernel: net/sched: cls_api: fix error handling causing NULL dereference (CVE-2025-21857)

    * kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851)

    * kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855)

    * kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844)

    * kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)

    * kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847)

    * kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864)

    * kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088)

    * kernel: acct: perform last write from workqueue (CVE-2025-21846)

    * kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()     (CVE-2025-21861)

    * kernel: io_uring: prevent opcode speculation (CVE-2025-21863)

    * kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer (CVE-2025-21976)

    * kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056)

    * kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749)

    * microcode_ctl: From CVEorg collector (CVE-2024-28956)

    * kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994)

    * kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116)

    * kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (CVE-2025-38412)

    * kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using     (CVE-2025-38369)

    * kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20181 advisory.

    Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need     to recompile programs to handle authentication.

    Security Fix(es):

    * linux-pam: Linux-pam directory Traversal (CVE-2025-6020)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20956 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF)     files.

    Security Fix(es):

    * libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)

    * libtiff: Libtiff Write-What-Where (CVE-2025-9900)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20126 advisory.

    OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating     systems. It includes the core files necessary for both the OpenSSH client and server.

    Security Fix(es):

    * openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding (CVE-2025-32728)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20559 advisory.

    The shadow-utils packages include programs for converting UNIX password files to the shadow password     format, as well as utilities for managing user and group accounts.

    Security Fix(es):

    * shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise     (CVE-2024-56433)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20478 advisory.

    The zziplib is a lightweight library to easily extract data from zip files.

    Security Fix(es):

    * zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20052 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.

    Security Fix(es):

    * com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)

    A Red Hat Security Bulletin which addresses further details about this flaw is available in the References     section.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20034 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF)     files.

    Security Fix(es):

    * libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:19927 advisory.

    The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides     container runtime.

    Security Fix(es):

    * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133)

    * runc: container escape with malicious config due to /dev/console mount and related races     (CVE-2025-52565)

    * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects     (CVE-2025-52881)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:19852 advisory.

    The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote     directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the     Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to     connect to multiple different account sources.

    Security Fix(es):

    * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems     (CVE-2025-11561)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19832 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    Security Fix(es):

    * rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion     (CVE-2025-61919)

    * rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-     separated parameters (CVE-2025-59830)

    * foreman: OS command injection via ct_location and fcct_location parameters (CVE-2025-10622)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19856 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    Security Fix(es):

    * rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-     separated parameters (CVE-2025-59830)

    * rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion     (CVE-2025-61919)

    * foreman: OS command injection via ct_location and fcct_location parameters (CVE-2025-10622)

    Users of Red Hat Satellite are advised to upgrade to these updated     packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:19835 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19855 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    Security Fix(es):

    * Host registration shows no errors even when built submission fails at the end of Global Registration     process

    * rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion     (CVE-2025-61919)

    * rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-     separated parameters (CVE-2025-59830)

    * foreman: OS command injection via ct_location and fcct_location parameters (CVE-2025-10622)

    Users of Red Hat Satellite are advised to upgrade to these updated     packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:19967 advisory.

    Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

    Security Fix(es):

    * squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error     handling (CVE-2025-62168)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
274828	RHEL 10 : libsoup3 (RHSA-2025:21032)	high
274827	RHEL 10 : kea (RHSA-2025:21006)	high
274826	RHEL 10 : pcs (RHSA-2025:21036)	high
274825	RHEL 10 : vim (RHSA-2025:21015)	medium
274824	RHEL 9 : redis:7 (RHSA-2025:20955)	critical
274823	RHEL 10 : expat (RHSA-2025:21030)	high
274822	RHEL 9 : xorg-x11-server (RHSA-2025:20961)	high
274821	RHEL 9 : tigervnc (RHSA-2025:20958)	high
274820	RHEL 9 : libsoup (RHSA-2025:20959)	high
274819	RHEL 9 : libssh (RHSA-2025:20943)	high
274811	RHEL 10 : libtiff (RHSA-2025:20998)	high
274810	RHEL 10 : qt6-qtsvg (RHSA-2025:21037)	critical
274809	RHEL 10 : ipa (RHSA-2025:20994)	critical
274808	RHEL 9 : podman (RHSA-2025:20909)	high
274807	RHEL 10 : squid (RHSA-2025:21002)	high
274806	RHEL 10 : libssh (RHSA-2025:21013)	high
274805	RHEL 10 : kea (RHSA-2025:21038)	high
274804	RHEL 9 : pcs (RHSA-2025:20962)	high
274803	RHEL 10 : sssd (RHSA-2025:21020)	high
274802	RHEL 10 : podman (RHSA-2025:20983)	high
274801	RHEL 10 : bind (RHSA-2025:21034)	high
274800	RHEL 9 : zziplib (RHSA-2025:20838)	medium
274798	RHEL 9 : sqlite (RHSA-2025:20936)	high
274778	RHEL 9 : squid (RHSA-2025:20935)	high
274777	RHEL 10 : shadow-utils (RHSA-2025:20145)	low
274776	RHEL 9 : grub2 (RHSA-2025:20532)	medium
274775	RHEL 9 : libtiff (RHSA-2025:20801)	high
274774	RHEL 9 : vim (RHSA-2025:20945)	medium
274766	RHEL 10 : binutils (RHSA-2025:20155)	medium
274765	RHEL 9 : redis (RHSA-2025:20926)	critical
274764	RHEL 9 : runc (RHSA-2025:20957)	high
274763	RHEL 9 : ipa (RHSA-2025:20928)	critical
274762	RHEL 9 : xorg-x11-server-Xwayland (RHSA-2025:20960)	high
274761	RHEL 9 : webkit2gtk3 (RHSA-2025:20922)	critical
274760	RHEL 9 : qt5-qt3d (RHSA-2025:20963)	medium
274759	RHEL 10 : kernel (RHSA-2025:20095)	medium
274753	RHEL 10 : pam (RHSA-2025:20181)	high
274752	RHEL 9 : libtiff (RHSA-2025:20956)	medium
274722	RHEL 10 : openssh (RHSA-2025:20126)	low
274721	RHEL 9 : shadow-utils (RHSA-2025:20559)	low
274720	RHEL 10 : zziplib (RHSA-2025:20478)	medium
274631	RHEL 7 / 8 / 9 : Red Hat JBoss Enterprise Application Platform 7.4.23 (RHSA-2025:20052)	high
274625	RHEL 8 : libtiff (RHSA-2025:20034)	medium
274606	RHEL 9 : runc (RHSA-2025:19927)	high
274590	RHEL 9 : sssd (RHSA-2025:19852)	high
274589	RHEL 9 : Satellite 6.17.6 Async Update (Important) (RHSA-2025:19832)	high
274588	RHEL 8 : Satellite 6.15.5.6 Async Update (Important) (RHSA-2025:19856)	high
274587	RHEL 8 : bind (RHSA-2025:19835)	high
274586	RHEL 8 / 9 : Satellite 6.16.5.5 Async Update (Important) (RHSA-2025:19855)	high
274580	RHEL 8 : squid:4 (RHSA-2025:19967)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

high

high

medium

critical

high

high

high

high

high

high

critical

critical

high

high

high

high

high

high

high

high

medium

high

high

low

medium

high

medium

medium

critical

high

critical

high

critical

medium

medium

high

medium

low

low

medium

high

medium

high

high

high

high

high

high

high