The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0092 advisory.

    This module manages common properties of domains for one or more virtual hosts. Specifically it can use     the ACME protocol to automate certificate provisioning.  Certificates will be configured for managed     domains and their virtual hosts automatically, including at renewal.

    Security Fix(es):

    * mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0095 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0128 advisory.

    Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.

    Security Fix(es):

    * poppler: Out-of-Bounds Read in Poppler (CVE-2025-32365)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0124 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0136 advisory.

    MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is     a client/server implementation consisting of a server daemon (mariadbd) and many different client programs     and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities.

    Security Fix(es):

    * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)

    * mariadb: MariaDB Server Crash Due to Empty Backtrace Log (CVE-2023-52969)

    * mariadb: MariaDB Server Crash (CVE-2023-52971)

    * mariadb: MariaDB Server Crash via Item_direct_view_ref (CVE-2023-52970)

    * mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)

    * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)

    * mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation     (CVE-2025-13699)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0077 advisory.

    Spice client MSI installers for Windows clients

    Security Fix(es):

    * sqlite: Integer Truncation in SQLite (CVE-2025-6965)

    * libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)

    * libtiff: Libtiff Write-What-Where (CVE-2025-9900)

    * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small     document that is submitted for parsing (CVE-2025-59375)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0093 advisory.

    This module manages common properties of domains for one or more virtual hosts. Specifically it can use     the ACME protocol to automate certificate provisioning.  Certificates will be configured for managed     domains and their virtual hosts automatically, including at renewal.

    Security Fix(es):

    * mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0094 advisory.

    This module manages common properties of domains for one or more virtual hosts. Specifically it can use     the ACME protocol to automate certificate provisioning.  Certificates will be configured for managed     domains and their virtual hosts automatically, including at renewal.

    Security Fix(es):

    * mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0126 advisory.

    Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.

    Security Fix(es):

    * poppler: Out-of-Bounds Read in Poppler (CVE-2025-32365)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0127 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0135 advisory.

    The GNU tar program can save multiple files in an archive and restore files from an archive.

    Security Fix(es):

    * tar: Tar path traversal (CVE-2025-45582)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0090 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0079 advisory.

    Perl is a high-level programming language that is commonly used for system administration utilities and     web programming.

    Security Fix(es):

    * perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS     (CVE-2023-31484)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0075 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0067 advisory.

    The GNU tar program can save multiple files in an archive and restore files from an archive.

    Security Fix(es):

    * tar: Tar path traversal (CVE-2025-45582)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0061 advisory.

    MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

    Security Fix(es):

    * mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation     (CVE-2025-13699)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0074 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0078 advisory.

    Spice client MSI installers for Windows clients

    Security Fix(es):

    * sqlite: Integer Truncation in SQLite (CVE-2025-6965)

    * libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)

    * libtiff: Libtiff Write-What-Where (CVE-2025-9900)

    * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small     document that is submitted for parsing (CVE-2025-59375)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0029 advisory.

    This module manages common properties of domains for one or more virtual hosts. Specifically it can use     the ACME protocol to automate certificate provisioning.  Certificates will be configured for managed     domains and their virtual hosts automatically, including at renewal.

    Security Fix(es):

    * mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0036 advisory.

    Xwayland is an X server for running X clients under Wayland.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0033 advisory.

    Xwayland is an X server for running X clients under Wayland.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0030 advisory.

    This module manages common properties of domains for one or more virtual hosts. Specifically it can use     the ACME protocol to automate certificate provisioning.  Certificates will be configured for managed     domains and their virtual hosts automatically, including at renewal.

    Security Fix(es):

    * mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0031 advisory.

    Xwayland is an X server for running X clients under Wayland.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0035 advisory.

    Xwayland is an X server for running X clients under Wayland.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0034 advisory.

    Xwayland is an X server for running X clients under Wayland.

    Security Fix(es):

    * xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)

    * xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)

    * xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0052 advisory.

    Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from     archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU     linker), nm (for listing symbols from object files), objcopy (for copying and translating object files),     objdump (for displaying information from object files), ranlib (for generating an index for the contents     of an archive), readelf (for displaying detailed information about binary files), size (for listing the     section sizes of an object or archive file), strings (for listing printable strings from files), strip     (for discarding symbols), and addr2line (for converting addresses to file and line).

    Security Fix(es):

    * binutils: GNU Binutils Linker heap-based overflow (CVE-2025-11083)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0004 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0014 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0017 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0015 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0019 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0013 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0007 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0010 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753)

    * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0003 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0009 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753)

    * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0022 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0011 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753)

    * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0027 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10922)

    * gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-10934)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0025 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0020 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0026 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0018 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0021 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0023 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0006 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0012 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753)

    * httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0024 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0002 advisory.

    The GNU tar program can save multiple files in an archive and restore files from an archive.

    Security Fix(es):

    * tar: Tar path traversal (CVE-2025-45582)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0016 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and     Thunderbird 146 (CVE-2025-14333)

    * firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2025-14322)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

    * firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

    * firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

    * firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
281869	RHEL 9 : mod_md (RHSA-2026:0092)	high
281868	RHEL 9 : httpd (RHSA-2026:0095)	high
281867	RHEL 10 : poppler (RHSA-2026:0128)	high
281866	RHEL 10 : thunderbird (RHSA-2026:0124)	critical
281861	RHEL 10 : mariadb10.11 (RHSA-2026:0136)	medium
281860	RHEL 8 : spice-client-win (RHSA-2026:0077)	high
281859	RHEL 10 : mod_md (RHSA-2026:0093)	high
281858	RHEL 9 : mod_md (RHSA-2026:0094)	high
281857	RHEL 9 : poppler (RHSA-2026:0126)	high
281856	RHEL 10 : firefox (RHSA-2026:0127)	critical
281855	RHEL 10 : tar (RHSA-2026:0135)	medium
281854	RHEL 9 : httpd (RHSA-2026:0090)	high
281786	RHEL 7 : perl (RHSA-2026:0079)	high
281785	RHEL 7 : httpd (RHSA-2026:0075)	high
281784	RHEL 9 : tar (RHSA-2026:0067)	medium
281762	RHEL 9 : mariadb (RHSA-2026:0061)	high
281761	RHEL 6 : httpd (RHSA-2026:0074)	high
281760	RHEL 8 : spice-client-win (RHSA-2026:0078)	high
281750	RHEL 9 : mod_md (RHSA-2026:0029)	high
281749	RHEL 9 : xorg-x11-server-Xwayland (RHSA-2026:0036)	high
281748	RHEL 8 : xorg-x11-server-Xwayland (RHSA-2026:0033)	high
281747	RHEL 9 : mod_md (RHSA-2026:0030)	high
281746	RHEL 9 : xorg-x11-server-Xwayland (RHSA-2026:0031)	high
281745	RHEL 8 : xorg-x11-server-Xwayland (RHSA-2026:0035)	high
281744	RHEL 9 : xorg-x11-server-Xwayland (RHSA-2026:0034)	high
281743	RHEL 9 : gcc-toolset-14-binutils (RHSA-2026:0052)	medium
281672	RHEL 9 : thunderbird (RHSA-2026:0004)	critical
281671	RHEL 8 : firefox (RHSA-2026:0014)	critical
281670	RHEL 9 : firefox (RHSA-2026:0017)	critical
281669	RHEL 8 : firefox (RHSA-2026:0015)	critical
281668	RHEL 9 : thunderbird (RHSA-2026:0019)	critical
281667	RHEL 9 : firefox (RHSA-2026:0013)	critical
281666	RHEL 7 : firefox (RHSA-2026:0007)	critical
281665	RHEL 8 : httpd:2.4 (RHSA-2026:0010)	high
281664	RHEL 9 : thunderbird (RHSA-2026:0003)	critical
281663	RHEL 8 : httpd:2.4 (RHSA-2026:0009)	high
281662	RHEL 8 : thunderbird (RHSA-2026:0022)	critical
281661	RHEL 8 : httpd:2.4 (RHSA-2026:0011)	high
281660	RHEL 8 : gimp:2.8 (RHSA-2026:0027)	high
281659	RHEL 10 : thunderbird (RHSA-2026:0025)	critical
281658	RHEL 9 : thunderbird (RHSA-2026:0020)	critical
281657	RHEL 8 : thunderbird (RHSA-2026:0026)	critical
281656	RHEL 9 : firefox (RHSA-2026:0018)	critical
281655	RHEL 8 : thunderbird (RHSA-2026:0021)	critical
281654	RHEL 8 : thunderbird (RHSA-2026:0023)	critical
281653	RHEL 8 : firefox (RHSA-2026:0006)	critical
281652	RHEL 8 : httpd:2.4 (RHSA-2026:0012)	high
281651	RHEL 8 : thunderbird (RHSA-2026:0024)	critical
281650	RHEL 10 : tar (RHSA-2026:0002)	medium
281649	RHEL 9 : firefox (RHSA-2026:0016)	critical

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

high

high

critical

medium

high

high

high

high

critical

medium

high

high

high

medium

high

high

high

high

high

high

high

high

high

high

medium

critical

critical

critical

critical

critical

critical

critical

high

critical

high

critical

high

high

critical

critical

critical

critical

critical

critical

critical

high

critical

medium

critical