The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1340 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and     Thunderbird 128.7 (CVE-2025-1017)

    * firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20,     Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)

    * firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows     (CVE-2025-1013)

    * firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011)

    * thunderbird: Unsanitized address book fields (CVE-2025-1015)

    * firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)

    * thunderbird: Address of e-mail sender can be spoofed by malicious email (CVE-2025-0510)

    * firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014)

    * firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1341 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and     Thunderbird 128.7 (CVE-2025-1017)

    * firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20,     Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)

    * firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows     (CVE-2025-1013)

    * firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011)

    * thunderbird: Unsanitized address book fields (CVE-2025-1015)

    * firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)

    * thunderbird: Address of e-mail sender can be spoofed by malicious email (CVE-2025-0510)

    * firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014)

    * firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1130 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.45. See the     following advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2025:1128

    Security Fix(es):

    * jinja2: Jinja has a sandbox breakout through malicious filenames     (CVE-2024-56201)
    * jinja2: Jinja has a sandbox breakout through indirect reference to format     method (CVE-2024-56326)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1342 advisory.

    The gcc-toolset-13-gcc13 package contains the GNU Compiler Collection version 10.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1319 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and     Thunderbird 128.7 (CVE-2025-1017)

    * firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20,     Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)

    * firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows     (CVE-2025-1013)

    * firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011)

    * thunderbird: Unsanitized address book fields (CVE-2025-1015)

    * firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)

    * thunderbird: Address of e-mail sender can be spoofed by malicious email (CVE-2025-0510)

    * firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014)

    * firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1317 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and     Thunderbird 128.7 (CVE-2025-1017)

    * firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20,     Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)

    * firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows     (CVE-2025-1013)

    * firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011)

    * thunderbird: Unsanitized address book fields (CVE-2025-1015)

    * firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)

    * thunderbird: Address of e-mail sender can be spoofed by malicious email (CVE-2025-0510)

    * firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014)

    * firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1329 advisory.

    Doxygen can generate an online class browser (in HTML) and/or a reference manual (in LaTeX) from a set of     documented source files. The documentation is extracted directly from the sources. Doxygen can also be     configured to extract the code structure from undocumented source files.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1318 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and     Thunderbird 128.7 (CVE-2025-1017)

    * firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20,     Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)

    * firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows     (CVE-2025-1013)

    * firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011)

    * thunderbird: Unsanitized address book fields (CVE-2025-1015)

    * firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)

    * thunderbird: Address of e-mail sender can be spoofed by malicious email (CVE-2025-0510)

    * firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014)

    * firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1311 advisory.

    The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as     related support libraries.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1301 advisory.

    The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as     related support libraries.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1315 advisory.

    Doxygen can generate an online class browser (in HTML) and/or a reference manual (in LaTeX) from a set of     documented source files. The documentation is extracted directly from the sources. Doxygen can also be     configured to extract the code structure from undocumented source files.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1312 advisory.

    The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as     related support libraries.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1305 advisory.

    The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as     related support libraries.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1306 advisory.

    The gcc-toolset-13-gcc package contains the GNU Compiler Collection version 13.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1330 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)     protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    * openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1300 advisory.

    The gcc-toolset-14-gcc13 package contains the GNU Compiler Collection version 14.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1303 advisory.

    The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as     related support libraries.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1309 advisory.

    The gcc-toolset-13-gcc13 package contains the GNU Compiler Collection version 13.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1310 advisory.

    The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as     related support libraries.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1304 advisory.

    The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as     related support libraries.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1314 advisory.

    Doxygen can generate an online class browser (in HTML) and/or a reference manual (in LaTeX) from a set of     documented source files. The documentation is extracted directly from the sources. Doxygen can also be     configured to extract the code structure from undocumented source files.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1308 advisory.

    The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as     related support libraries.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1296 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious     Containerfile (CVE-2024-11218)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1278 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1291 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1283 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and     Thunderbird 128.7 (CVE-2025-1017)

    * firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20,     Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)

    * firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows     (CVE-2025-1013)

    * firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011)

    * firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)

    * firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014)

    * firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1295 advisory.

    The buildah package provides a tool for facilitating building OCI container images. Among other things,     buildah enables you to: Create a working container, either from scratch or using an image as a starting     point; Create an image, either from a working container or using the instructions in a Dockerfile; Build     both Docker and OCI images.

    Security Fix(es):

    * podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious     Containerfile (CVE-2024-11218)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1281 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1275 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious     Containerfile (CVE-2024-11218)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1292 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and     Thunderbird 128.7 (CVE-2025-1017)

    * firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20,     Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)

    * firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows     (CVE-2025-1013)

    * firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011)

    * thunderbird: Unsanitized address book fields (CVE-2025-1015)

    * firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)

    * thunderbird: Address of e-mail sender can be spoofed by malicious email (CVE-2025-0510)

    * firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014)

    * firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1282 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:1122 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.17.16. See the     following advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2025:1120

    Security Fix(es):

    * cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary     Unmounting (CVE-2025-0750)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.17/updating/updating_a_cluster/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1280 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1267 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1270 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1262 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1268 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    * kernel: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (CVE-2024-53113)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1264 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1269 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    * kernel: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (CVE-2024-53113)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1266 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1247 advisory.

    Doxygen can generate an online class browser (in HTML) and/or a reference manual (in LaTeX) from a set of     documented source files. The documentation is extracted directly from the sources. Doxygen can also be     configured to extract the code structure from undocumented source files.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:1250 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * jinja2: Jinja has a sandbox breakout through indirect reference to format method (CVE-2024-56326)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1254 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    * kernel: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (CVE-2024-53113)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1256 advisory.

    Doxygen can generate an online class browser (in HTML) and/or a reference manual (in LaTeX) from a set of     documented source files. The documentation is extracted directly from the sources. Doxygen can also be     configured to extract the code structure from undocumented source files.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1253 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format     (CVE-2024-53104)

    * kernel: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (CVE-2024-53113)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1216 advisory.

    Threading Building Blocks (TBB) is a C++ runtime library that abstracts the low-level threading details     necessary for optimal multi-core performance.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1217 advisory.

    Threading Building Blocks (TBB) is a C++ runtime library that abstracts the low-level threading details     necessary for optimal multi-core performance.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1213 advisory.

    Threading Building Blocks (TBB) is a C++ runtime library that abstracts the low-level threading details     necessary for optimal multi-core performance.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1214 advisory.

    Threading Building Blocks (TBB) is a C++ runtime library that abstracts the low-level threading details     necessary for optimal multi-core performance.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1211 advisory.

    Threading Building Blocks (TBB) is a C++ runtime library that abstracts the low-level threading details     necessary for optimal multi-core performance.

    Security Fix(es):

    * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods     (CVE-2020-11023)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
216154	RHEL 8 : thunderbird (RHSA-2025:1340)	critical
216152	RHEL 8 : thunderbird (RHSA-2025:1341)	critical
216151	RHEL 9 : OpenShift Container Platform 4.15.45 (RHSA-2025:1130)	medium
216149	RHEL 9 : gcc-toolset-13-gcc (RHSA-2025:1342)	medium
216121	RHEL 9 : thunderbird (RHSA-2025:1319)	critical
216120	RHEL 9 : thunderbird (RHSA-2025:1317)	critical
216112	RHEL 9 : doxygen (RHSA-2025:1329)	medium
216111	RHEL 9 : thunderbird (RHSA-2025:1318)	critical
216110	RHEL 8 : gcc (RHSA-2025:1311)	medium
216109	RHEL 8 : gcc (RHSA-2025:1301)	medium
216108	RHEL 9 : doxygen (RHSA-2025:1315)	medium
216107	RHEL 8 : gcc (RHSA-2025:1312)	medium
216106	RHEL 9 : gcc (RHSA-2025:1305)	medium
216105	RHEL 8 : gcc-toolset-13-gcc (RHSA-2025:1306)	medium
216104	RHEL 9 : openssl (RHSA-2025:1330)	medium
216103	RHEL 9 : gcc-toolset-14-gcc (RHSA-2025:1300)	medium
216102	RHEL 9 : gcc (RHSA-2025:1303)	medium
216101	RHEL 9 : gcc-toolset-13-gcc (RHSA-2025:1309)	medium
216100	RHEL 8 : gcc (RHSA-2025:1310)	medium
216099	RHEL 9 : gcc (RHSA-2025:1304)	medium
216098	RHEL 8 : doxygen (RHSA-2025:1314)	medium
216097	RHEL 8 : gcc (RHSA-2025:1308)	medium
216071	RHEL 9 : podman (RHSA-2025:1296)	high
216070	RHEL 8 : kernel (RHSA-2025:1278)	high
216069	RHEL 8 : kernel (RHSA-2025:1291)	high
216068	RHEL 8 : firefox (RHSA-2025:1283)	critical
216067	RHEL 9 : buildah (RHSA-2025:1295)	high
216066	RHEL 7 : kernel (RHSA-2025:1281)	high
216065	RHEL 8 : container-tools:rhel8 (RHSA-2025:1275)	high
216064	RHEL 8 : thunderbird (RHSA-2025:1292)	critical
216063	RHEL 7 : kernel (RHSA-2025:1282)	high
216062	RHEL 8 / 9 : OpenShift Container Platform 4.17.16 (RHSA-2025:1122)	medium
216061	RHEL 7 : kernel-rt (RHSA-2025:1280)	high
216058	RHEL 8 : kernel (RHSA-2025:1267)	high
216057	RHEL 9 : kernel (RHSA-2025:1270)	high
216056	RHEL 9 : kernel (RHSA-2025:1262)	high
216054	RHEL 9 : kernel (RHSA-2025:1268)	high
216053	RHEL 8 : kernel (RHSA-2025:1264)	high
216049	RHEL 9 : kernel-rt (RHSA-2025:1269)	high
216048	RHEL 8 : kernel (RHSA-2025:1266)	high
215972	RHEL 8 : doxygen (RHSA-2025:1247)	medium
215971	RHEL 7 : python-jinja2 (RHSA-2025:1250)	medium
215970	RHEL 9 : kernel-rt (RHSA-2025:1254)	high
215969	RHEL 7 : doxygen (RHSA-2025:1256)	medium
215968	RHEL 9 : kernel (RHSA-2025:1253)	high
215467	RHEL 8 : tbb (RHSA-2025:1216)	medium
215466	RHEL 8 : tbb (RHSA-2025:1217)	medium
215465	RHEL 9 : tbb (RHSA-2025:1213)	medium
215464	RHEL 8 : tbb (RHSA-2025:1214)	medium
215463	RHEL 9 : tbb (RHSA-2025:1211)	medium

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

critical

critical

medium

medium

critical

critical

medium

critical

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high

high

high

critical

high

high

high

critical

high

medium

high

high

high

high

high

high

high

high

medium

medium

high

medium

high

medium

medium

medium

medium

medium