The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14599 advisory.

    This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the     code of a running kernel.  This patch module is targeted for kernel-5.14.0-284.52.1.el9_2.

    Security Fix(es):

    * kernel: tls: always refresh the queue when reading sock (CVE-2025-38471)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14575 advisory.

    The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new     image formats. It is used by toolkits such as GTK+ or clutter.

    Security Fix(es):

    * gdk?pixbuf: Heap?buffer?overflow in gdk?pixbuf (CVE-2025-7345)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14592 advisory.

    Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the     system, and then uses that database to ensure file integrity and detect system intrusions.

    Security Fix(es):

    * aide: improper output neutralization enables bypassing (CVE-2025-54389)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14560 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14557 advisory.

    Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need     to recompile programs to handle authentication.

    Security Fix(es):

    * linux-pam: Linux-pam directory Traversal (CVE-2025-6020)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14546 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14553 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14525 advisory.

    The libarchive programming library can create and read several different streaming archive formats,     including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility,     scripting language bindings such as python-libarchive, and several popular desktop file managers.

    Security Fix(es):

    * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c     (CVE-2025-5914)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14528 advisory.

    The libarchive programming library can create and read several different streaming archive formats,     including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility,     scripting language bindings such as python-libarchive, and several popular desktop file managers.

    Security Fix(es):

    * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c     (CVE-2025-5914)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14486 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    Security Fix(es):

    * angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)

    * webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)

    * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43212)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43216)

    * webkitgtk: Processing maliciously crafted web content may disclose sensitive user information     (CVE-2025-43227)

    * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app     (CVE-2025-43265)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14510 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: net_sched: ets: Fix double list add in class with netem as child qdisc (CVE-2025-37914)

    * kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200)

    * kernel: ice: fix eswitch code memory leak in reset scenario (CVE-2025-38417)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14511 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: can: peak_usb: fix use after free bugs (CVE-2021-47670)

    * kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)

    * kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (CVE-2025-38001)

    * kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)

    * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)

    * kernel: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead     (CVE-2022-49977)

    * kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)

    * kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14493 advisory.

    Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the     system, and then uses that database to ensure file integrity and detect system intrusions.

    Security Fix(es):

    * aide: improper output neutralization enables bypassing (CVE-2025-54389)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14433 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    Security Fix(es):

    * angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)

    * webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)

    * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43212)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43216)

    * webkitgtk: Processing maliciously crafted web content may disclose sensitive user information     (CVE-2025-43227)

    * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app     (CVE-2025-43265)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14422 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    Security Fix(es):

    * angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)

    * webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)

    * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43212)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43216)

    * webkitgtk: Processing maliciously crafted web content may disclose sensitive user information     (CVE-2025-43227)

    * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app     (CVE-2025-43265)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14434 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    Security Fix(es):

    * angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)

    * webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)

    * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43212)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43216)

    * webkitgtk: Processing maliciously crafted web content may disclose sensitive user information     (CVE-2025-43227)

    * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app     (CVE-2025-43265)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14497 advisory.

    This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the     code of a running kernel.  This patch module is targeted for kernel-5.14.0-570.17.1.el9_6.

    Security Fix(es):

    * kernel: tls: always refresh the queue when reading sock (CVE-2025-38471)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14438 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: udp: Fix memory accounting leak. (CVE-2025-22058)

    * kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:14442 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component     (CVE-2025-9182)

    * thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component     (CVE-2025-9179)

    * thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)

    * thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird     ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14439 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: udp: Fix memory accounting leak. (CVE-2025-22058)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14423 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    Security Fix(es):

    * angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)

    * webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)

    * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43212)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43216)

    * webkitgtk: Processing maliciously crafted web content may disclose sensitive user information     (CVE-2025-43227)

    * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app     (CVE-2025-43265)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:14417 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component     (CVE-2025-9182)

    * thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component     (CVE-2025-9179)

    * thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)

    * thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird     ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14421 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    Security Fix(es):

    * angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)

    * webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)

    * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43212)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43216)

    * webkitgtk: Processing maliciously crafted web content may disclose sensitive user information     (CVE-2025-43227)

    * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app     (CVE-2025-43265)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14413 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)

    * kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)

    * kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14418 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (CVE-2025-21919)

    * kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CVE-2025-22020)

    * kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)

    * kernel: net: ch9200: fix uninitialised access during mii_nway_restart (CVE-2025-38086)

    * kernel: i2c/designware: Fix an initialization issue (CVE-2025-38380)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14420 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: udp: Fix memory accounting leak. (CVE-2025-22058)

    * kernel: net_sched: ets: Fix double list add in class with netem as child qdisc (CVE-2025-37914)

    * kernel: ice: fix eswitch code memory leak in reset scenario (CVE-2025-38417)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14432 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    Security Fix(es):

    * angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)

    * webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)

    * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)

    * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43212)

    * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash     (CVE-2025-43216)

    * webkitgtk: Processing maliciously crafted web content may disclose sensitive user information     (CVE-2025-43227)

    * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app     (CVE-2025-43265)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14414 advisory.

    Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

    Security Fix(es):

    * squid: denial of service in URN processing (CVE-2021-28651)

    * squid-cache: Squid Buffer Overflow (CVE-2025-54574)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14416 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component     (CVE-2025-9182)

    * thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component     (CVE-2025-9179)

    * thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)

    * thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)

    * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird     ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14183 advisory.

    Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

    Security Fix(es):

    * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)

    * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)

    * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)

    * tomcat: http/2 MadeYouReset DoS attack through HTTP/2 control frames (CVE-2025-48989)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52520)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52434)

    * tomcat: Apache Tomcat denial of service (CVE-2025-53506)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14180 advisory.

    Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

    Security Fix(es):

    * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)

    * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)

    * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)

    * tomcat: http/2 MadeYouReset DoS attack through HTTP/2 control frames (CVE-2025-48989)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52520)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52434)

    * tomcat: Apache Tomcat denial of service (CVE-2025-53506)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14177 advisory.

    Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

    Security Fix(es):

    * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)

    * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)

    * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)

    * tomcat: http/2 MadeYouReset DoS attack through HTTP/2 control frames (CVE-2025-48989)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52520)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52434)

    * tomcat: Apache Tomcat denial of service (CVE-2025-53506)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14179 advisory.

    Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

    Security Fix(es):

    * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)

    * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)

    * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)

    * tomcat: http/2 MadeYouReset DoS attack through HTTP/2 control frames (CVE-2025-48989)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52520)

    * tomcat: Apache Tomcat denial of service (CVE-2025-53506)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14142 advisory.

    The libarchive programming library can create and read several different streaming archive formats,     including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility,     scripting language bindings such as python-libarchive, and several popular desktop file managers.

    Security Fix(es):

    * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c     (CVE-2025-5914)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14182 advisory.

    Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

    Security Fix(es):

    * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)

    * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)

    * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)

    * tomcat: http/2 MadeYouReset DoS attack through HTTP/2 control frames (CVE-2025-48989)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52520)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52434)

    * tomcat: Apache Tomcat denial of service (CVE-2025-53506)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14138 advisory.

    The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec,     commonly used with the WebM multimedia container file format.

    Security Fix(es):

    * libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14178 advisory.

    Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet     and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by     Sun under the Java Community Process.  Tomcat is developed in an open and participatory environment and     released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the     best-of-breed developers from around the world.

    Security Fix(es):

    * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)

    * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)

    * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)

    * tomcat: http/2 MadeYouReset DoS attack through HTTP/2 control frames (CVE-2025-48989)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52520)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52434)

    * tomcat: Apache Tomcat denial of service (CVE-2025-53506)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14181 advisory.

    Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

    Security Fix(es):

    * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)

    * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)

    * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)

    * tomcat: http/2 MadeYouReset DoS attack through HTTP/2 control frames (CVE-2025-48989)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52520)

    * tomcat: Apache Tomcat denial of service (CVE-2025-52434)

    * tomcat: Apache Tomcat denial of service (CVE-2025-53506)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14140 advisory.

    The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec,     commonly used with the WebM multimedia container file format.

    Security Fix(es):

    * libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14136 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)

    * kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)

    * kernel: can: peak_usb: fix use after free bugs (CVE-2021-47670)

    * kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)

    * kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)

    * kernel: net: ch9200: fix uninitialised access during mii_nway_restart (CVE-2025-38086)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14141 advisory.

    The libarchive programming library can create and read several different streaming archive formats,     including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility,     scripting language bindings such as python-libarchive, and several popular desktop file managers.

    Security Fix(es):

    * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c     (CVE-2025-5914)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14130 advisory.

    The libarchive programming library can create and read several different streaming archive formats,     including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility,     scripting language bindings such as python-libarchive, and several popular desktop file managers.

    Security Fix(es):

    * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c     (CVE-2025-5914)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14135 advisory.

    The libarchive programming library can create and read several different streaming archive formats,     including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility,     scripting language bindings such as python-libarchive, and several popular desktop file managers.

    Security Fix(es):

    * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c     (CVE-2025-5914)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14139 advisory.

    The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec,     commonly used with the WebM multimedia container file format.

    Security Fix(es):

    * libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14137 advisory.

    The libarchive programming library can create and read several different streaming archive formats,     including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility,     scripting language bindings such as python-libarchive, and several popular desktop file managers.

    Security Fix(es):

    * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c     (CVE-2025-5914)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14118 advisory.

    The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate     System.

    Security Fix(es):

    * com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14117 advisory.

    The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate     System.

    Security Fix(es):

    * com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14116 advisory.

    The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate     System.

    Security Fix(es):

    * com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14126 advisory.

    The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate     System.

    Security Fix(es):

    * com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14127 advisory.

    The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate     System.

    Security Fix(es):

    * com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
255223	RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 (RHSA-2025:14599)	high
255222	RHEL 9 : gdk-pixbuf2 (RHSA-2025:14575)	high
255221	RHEL 10 : aide (RHSA-2025:14592)	medium
255195	RHEL 8 : python3 (RHSA-2025:14560)	high
255194	RHEL 8 : pam (RHSA-2025:14557)	high
255193	RHEL 8 : python3.12 (RHSA-2025:14546)	high
255192	RHEL 8 : python-cryptography (RHSA-2025:14553)	high
255185	RHEL 8 : libarchive (RHSA-2025:14525)	critical
255184	RHEL 8 : libarchive (RHSA-2025:14528)	critical
254442	RHEL 8 : webkit2gtk3 (RHSA-2025:14486)	high
254441	RHEL 10 : kernel (RHSA-2025:14510)	high
254440	RHEL 8 : kernel (RHSA-2025:14511)	high
254439	RHEL 9 : aide (RHSA-2025:14493)	medium
254431	RHEL 8 : webkit2gtk3 (RHSA-2025:14433)	high
254430	RHEL 9 : webkit2gtk3 (RHSA-2025:14422)	high
254429	RHEL 8 : webkit2gtk3 (RHSA-2025:14434)	high
254428	RHEL 9 : kpatch-patch-5_14_0-570_17_1 (RHSA-2025:14497)	high
254427	RHEL 8 : kernel (RHSA-2025:14438)	high
254426	RHEL 8 : firefox (RHSA-2025:14442)	high
254425	RHEL 8 : kernel-rt (RHSA-2025:14439)	high
254424	RHEL 9 : webkit2gtk3 (RHSA-2025:14423)	high
254415	RHEL 10 : firefox (RHSA-2025:14417)	high
254414	RHEL 9 : webkit2gtk3 (RHSA-2025:14421)	high
254413	RHEL 7 : kernel (RHSA-2025:14413)	high
254412	RHEL 8 : kernel (RHSA-2025:14418)	high
254411	RHEL 9 : kernel (RHSA-2025:14420)	high
254410	RHEL 8 : webkit2gtk3 (RHSA-2025:14432)	high
254409	RHEL 7 : squid (RHSA-2025:14414)	high
254408	RHEL 9 : firefox (RHSA-2025:14416)	high
253062	RHEL 9 : tomcat (RHSA-2025:14183)	high
253061	RHEL 9 : tomcat (RHSA-2025:14180)	high
253060	RHEL 8 : tomcat (RHSA-2025:14177)	high
253059	RHEL 10 : tomcat (RHSA-2025:14179)	high
253050	RHEL 9 : libarchive (RHSA-2025:14142)	critical
253049	RHEL 8 : tomcat (RHSA-2025:14182)	high
253048	RHEL 9 : libvpx (RHSA-2025:14138)	medium
253047	RHEL 10 : tomcat9 (RHSA-2025:14178)	high
253046	RHEL 9 : tomcat (RHSA-2025:14181)	high
253045	RHEL 9 : libvpx (RHSA-2025:14140)	medium
252956	RHEL 8 : kernel (RHSA-2025:14136)	high
252955	RHEL 9 : libarchive (RHSA-2025:14141)	critical
252954	RHEL 9 : libarchive (RHSA-2025:14130)	critical
252953	RHEL 8 : libarchive (RHSA-2025:14135)	critical
252952	RHEL 9 : libvpx (RHSA-2025:14139)	medium
252951	RHEL 10 : libarchive (RHSA-2025:14137)	critical
252944	RHEL 8 : pki-deps:10.6 (RHSA-2025:14118)	high
252943	RHEL 8 : pki-deps:10.6 (RHSA-2025:14117)	high
252942	RHEL 8 : pki-deps:10.6 (RHSA-2025:14116)	high
252941	RHEL 8 : pki-deps:10.6 (RHSA-2025:14126)	high
252940	RHEL 8 : pki-deps:10.6 (RHSA-2025:14127)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

high

medium

high

high

high

high

critical

critical

high

high

high

medium

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

critical

high

medium

high

high

medium

high

critical

critical

critical

medium

critical

high

high

high

high

high