The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15035 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: padata: fix UAF in padata_reorder (CVE-2025-21727)

    * kernel: can: peak_usb: fix use after free bugs (CVE-2021-47670)

    * kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)

    * kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (CVE-2025-38001)

    * kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)

    * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)

    * kernel: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead     (CVE-2022-49977)

    * kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)

    * kernel: Bluetooth: hci_core: Fix use-after-free in vhci_flush() (CVE-2025-38250)

    * kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15006 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15016 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: s390/ptrace: handle setting of fpc register correctly (CVE-2023-52598)

    * kernel: USB: core: Fix deadlock in port disable sysfs attribute (CVE-2024-26933)

    * kernel: powerpc/powernv: Add a null pointer check in opal_event_init() (CVE-2023-52686)

    * kernel: mmc: sdio: fix possible resource leaks in some error paths (CVE-2023-52730)

    * kernel: USB: core: Fix access violation during port device removal (CVE-2024-36896)

    * kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (CVE-2024-42090)

    * kernel: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (CVE-2025-21867)

    * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)

    * kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)

    * kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15013 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14997 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)

    * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15015 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15003 advisory.

    Kerberos is a network authentication system, which can improve the security of your network by eliminating     the insecure practice of sending passwords over the network in unencrypted form. It allows clients and     servers to authenticate to each other with the help of a trusted third party, the Kerberos key     distribution center (KDC).

    Security Fix(es):

    * krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions     (CVE-2025-3576)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15001 advisory.

    Kerberos is a network authentication system, which can improve the security of your network by eliminating     the insecure practice of sending passwords over the network in unencrypted form. It allows clients and     servers to authenticate to each other with the help of a trusted third party, the Kerberos key     distribution center (KDC).

    Security Fix(es):

    * krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions     (CVE-2025-3576)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15039 advisory.

    Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the     system, and then uses that database to ensure file integrity and detect system intrusions.

    Security Fix(es):

    * aide: improper output neutralization enables bypassing (CVE-2025-54389)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15034 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15012 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15038 advisory.

    Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the     system, and then uses that database to ensure file integrity and detect system intrusions.

    Security Fix(es):

    * aide: improper output neutralization enables bypassing (CVE-2025-54389)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15007 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15005 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: udp: Fix memory accounting leak. (CVE-2025-22058)

    * kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CVE-2025-37823)

    * kernel: ext4: only dirty folios when data journaling regular files (CVE-2025-38220)

    * kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)

    * kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464)

    * kernel: vsock: Fix transport_* TOCTOU (CVE-2025-38461)

    * kernel: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (CVE-2025-38472)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15020 advisory.

    The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage     devices, and technologies.

    Security Fix(es):

    * udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15023 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)

    * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption     (CVE-2025-23048)

    * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15036 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15021 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15008 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)

    * kernel: scsi: lpfc: Use memcpy() for BIOS version (CVE-2025-38332)

    * kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464)

    * kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate (CVE-2025-38477)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15019 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15009 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)

    * kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14998 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15057 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15011 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CVE-2025-37823)

    * kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200)

    * kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)

    * kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

    * kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464)

    * kernel: vsock: Fix transport_* TOCTOU (CVE-2025-38461)

    * kernel: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CVE-2025-38500)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15017 advisory.

    The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage     devices, and technologies.

    Security Fix(es):

    * udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15018 advisory.

    The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage     devices, and technologies.

    Security Fix(es):

    * udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15058 advisory.

    Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the     system, and then uses that database to ensure file integrity and detect system intrusions.

    Security Fix(es):

    * aide: improper output neutralization enables bypassing (CVE-2025-54389)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15010 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15031 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14749 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: driver: base: fix UAF when driver_attach failed (CVE-2022-49385)

    * kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)

    * kernel: tee: amdtee: fix race condition in amdtee_open_session (CVE-2023-53047)

    * kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)

    * kernel: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead     (CVE-2022-49977)

    * kernel: net: qrtr: start MHI channel after endpoit creation (CVE-2022-50044)

    * kernel: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte (CVE-2022-49991)

    * kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14750 advisory.

    The fence-agents packages provide a collection of scripts for handling remote power management for cluster     devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

    Security Fix(es):

    * requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14862 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:14844 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component     (CVE-2025-9182)

    * thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component     (CVE-2025-9179)

    * thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)

    * thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird     ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14878 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14748 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)

    * kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)

    * kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150)

    * kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)

    * kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)

    * kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)

    * kernel: drivers:md:fix a potential use-after-free bug (CVE-2022-50022)

    * kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)

    * kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14902 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)

    * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption     (CVE-2025-23048)

    * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14900 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * setuptools: Path Traversal Vulnerability in setuptools PackageIndex (CVE-2025-47273)

    * cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14870 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14828 advisory.

    The libarchive programming library can create and read several different streaming archive formats,     including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility,     scripting language bindings such as python-libarchive, and several popular desktop file managers.

    Security Fix(es):

    * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c     (CVE-2025-5914)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14903 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)

    * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption     (CVE-2025-23048)

    * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14841 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14869 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14827 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14826 advisory.

    PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package     contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML     documentation for the whole system.  These client programs can be located on the same machine as the     PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection.
    The PostgreSQL server can be found in the postgresql-server sub-package.

    Security Fix(es):

    * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)

    * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14742 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)

    * kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (CVE-2025-38001)

    * kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)

    * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)

    * kernel: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead     (CVE-2022-49977)

    * kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)

    * kernel: Bluetooth: hci_core: Fix use-after-free in vhci_flush() (CVE-2025-38250)

    * kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14811 advisory.

    This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the     code of a running kernel.  This patch module is targeted for kernel-5.14.0-427.13.1.el9_4.

    Security Fix(es):

    * kernel: tls: always refresh the queue when reading sock (CVE-2025-38471)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14810 advisory.

    The libarchive programming library can create and read several different streaming archive formats,     including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility,     scripting language bindings such as python-libarchive, and several popular desktop file managers.

    Security Fix(es):

    * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c     (CVE-2025-5914)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14808 advisory.

    The libarchive programming library can create and read several different streaming archive formats,     including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility,     scripting language bindings such as python-libarchive, and several popular desktop file managers.

    Security Fix(es):

    * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c     (CVE-2025-5914)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14691 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (CVE-2025-21867)

    * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)

    * kernel: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead     (CVE-2022-49977)

    * kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)

    * kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:14743 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component     (CVE-2025-9182)

    * thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component     (CVE-2025-9179)

    * thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)

    * thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird     ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
260470	RHEL 8 : kernel (RHSA-2025:15035)	high
260469	RHEL 8 : postgresql:12 (RHSA-2025:15006)	high
260468	RHEL 9 : kernel (RHSA-2025:15016)	high
260467	RHEL 8 : postgresql:13 (RHSA-2025:15013)	high
260466	RHEL 7 : httpd (RHSA-2025:14997)	high
260465	RHEL 9 : postgresql:16 (RHSA-2025:15015)	high
260464	RHEL 8 : krb5 (RHSA-2025:15003)	medium
260463	RHEL 8 : krb5 (RHSA-2025:15001)	medium
260462	RHEL 9 : aide (RHSA-2025:15039)	medium
260461	RHEL 8 : postgresql:12 (RHSA-2025:15034)	high
260460	RHEL 8 : postgresql:12 (RHSA-2025:15012)	high
260459	RHEL 9 : aide (RHSA-2025:15038)	medium
260458	RHEL 9 : python3.12 (RHSA-2025:15007)	high
260457	RHEL 10 : kernel (RHSA-2025:15005)	high
260456	RHEL 10 : udisks2 (RHSA-2025:15020)	high
260455	RHEL 9 : httpd (RHSA-2025:15023)	critical
260454	RHEL 6 : httpd (RHSA-2025:15036)	high
260453	RHEL 8 : postgresql:13 (RHSA-2025:15021)	high
260452	RHEL 8 : kernel (RHSA-2025:15008)	high
260451	RHEL 9 : python3.9 (RHSA-2025:15019)	high
260450	RHEL 8 : kernel-rt (RHSA-2025:15009)	high
260449	RHEL 7 : httpd (RHSA-2025:14998)	high
260448	RHEL 8 : postgresql:13 (RHSA-2025:15057)	high
260447	RHEL 9 : kernel (RHSA-2025:15011)	high
260446	RHEL 8 : udisks2 (RHSA-2025:15017)	high
260445	RHEL 9 : udisks2 (RHSA-2025:15018)	high
260444	RHEL 8 : aide (RHSA-2025:15058)	medium
260443	RHEL 9 : python3.11 (RHSA-2025:15010)	high
260442	RHEL 8 : postgresql:15 (RHSA-2025:15031)	high
260054	RHEL 9 : kernel-rt (RHSA-2025:14749)	high
260053	RHEL 8 : fence-agents (RHSA-2025:14750)	medium
260052	RHEL 9 : postgresql:15 (RHSA-2025:14862)	high
260051	RHEL 10 : thunderbird (RHSA-2025:14844)	high
260050	RHEL 9 : postgresql (RHSA-2025:14878)	high
260049	RHEL 7 : kernel (RHSA-2025:14748)	high
260048	RHEL 9 : httpd (RHSA-2025:14902)	critical
260047	RHEL 8 : python39:3.9 (RHSA-2025:14900)	high
260046	RHEL 9 : postgresql (RHSA-2025:14870)	high
260045	RHEL 7 : libarchive (RHSA-2025:14828)	critical
260044	RHEL 9 : httpd (RHSA-2025:14903)	critical
260043	RHEL 8 : python3.11 (RHSA-2025:14841)	high
260042	RHEL 9 : postgresql (RHSA-2025:14869)	high
260041	RHEL 9 : postgresql:16 (RHSA-2025:14827)	high
260040	RHEL 10 : postgresql16 (RHSA-2025:14826)	high
260039	RHEL 8 : kernel (RHSA-2025:14742)	high
260038	RHEL 9 : kpatch-patch-5_14_0-427_13_1, kpatch-patch-5_14_0-427_31_1, kpatch-patch-5_14_0-427_44_1, kpatch-patch-5_14_0-427_55_1, and kpatch-patch-5_14_0-427_68_2 (RHSA-2025:14811)	high
260037	RHEL 8 : libarchive (RHSA-2025:14810)	critical
260036	RHEL 8 : libarchive (RHSA-2025:14808)	critical
259947	RHEL 9 : kernel-rt (RHSA-2025:14691)	high
259946	RHEL 8 : thunderbird (RHSA-2025:14743)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

high

high

high

high

high

medium

medium

medium

high

high

medium

high

high

high

critical

high

high

high

high

high

high

high

high

high

high

medium

high

high

high

medium

high

high

high

high

critical

high

high

critical

critical

high

high

high

high

high

high

critical

critical

high

high