The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9020 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9022 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    Security Fix(es):

    * cjson: segmentation violation trigger through the second parameter of function cJSON_SetValuestring at     cJSON.c (CVE-2024-31755)

    Users of Red Hat Satellite are advised to upgrade to these updated     packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9017 advisory.

    The buildah package provides a tool for facilitating building OCI container images. Among other things,     buildah enables you to: Create a working container, either from scratch or using an image as a starting     point; Create an image, either from a working container or using the instructions in a Dockerfile; Build     both Docker and OCI images.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9019 advisory.

    The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-     ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI     concerns itself only with network connectivity of containers and removing allocated resources when the     container is deleted.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9018 advisory.

    The skopeo command lets you inspect images from container image registries, get images and image layers,     and use signatures to create and verify files.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9016 advisory.

    libxslt is a library for transforming XML files into other textual formats (including HTML, plain text,     and other XML representations of the underlying data) using the standard XSLT stylesheet transformation     mechanism.

    Security Fix(es):

    * libxslt: Processing web content may disclose sensitive information (CVE-2023-40403)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9025 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8984 advisory.

    The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries     and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8982 advisory.

    The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries     and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8983 advisory.

    The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries     and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8975 advisory.

    The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries     and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8981 advisory.

    GStreamer is a streaming media framework based on graphs of filters which operate on media data. The     gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

    Security Fix(es):

    * GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-3887)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8977 advisory.

    GStreamer is a streaming media framework based on graphs of filters which operate on media data. The     gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

    Security Fix(es):

    * GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-3887)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8976 advisory.

    GStreamer is a streaming media framework based on graphs of filters which operate on media data. The     gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

    Security Fix(es):

    * GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-3887)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8978 advisory.

    GStreamer is a streaming media framework based on graphs of filters which operate on media data. The     gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

    Security Fix(es):

    * GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-3887)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8980 advisory.

    GStreamer is a streaming media framework based on graphs of filters which operate on media data. The     gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

    Security Fix(es):

    * GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-3887)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8979 advisory.

    GStreamer is a streaming media framework based on graphs of filters which operate on media data. The     gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

    Security Fix(es):

    * GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability     (CVE-2025-3887)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8974 advisory.

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8796 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: powerpc/lib: Validate size for vector operations (CVE-2023-52606)

    * kernel: tracing: Ensure visibility when inserting an element into tracing_map (CVE-2024-26645)

    * kernel: inet: inet_defrag: prevent sk release while still in use (CVE-2024-26921)

    * kernel: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'     (CVE-2024-27042)

    * kernel: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (CVE-2024-35930)

    * kernel: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
    (CVE-2024-36933)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8807 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8958 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8937 advisory.

    ModSecurity is an open source intrusion detection and prevention engine for web applications.

    Security Fix(es):

    * modsecurity: ModSecurity Has Possible DoS Vulnerability (CVE-2025-47947)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8743 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: um: Fix out-of-bounds read in LDT setup (CVE-2022-49395)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8784 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link (CVE-2025-3909)

    * thunderbird: Sender Spoofing via Malformed From Header in Thunderbird (CVE-2025-3875)

    * thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:///     Links (CVE-2025-3877)

    * thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking (CVE-2025-3932)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8756 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link (CVE-2025-3909)

    * thunderbird: Sender Spoofing via Malformed From Header in Thunderbird (CVE-2025-3875)

    * thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:///     Links (CVE-2025-3877)

    * thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking (CVE-2025-3932)

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details     (CVE-2025-5267)

    * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)

    * firefox: thunderbird: Memory safety bugs (CVE-2025-5268)

    * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)

    * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content     (CVE-2025-5263)

    * firefox: thunderbird: Memory safety bug (CVE-2025-5269)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8737 advisory.

    The golang packages provide the Go programming language compiler.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8744 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: um: Fix out-of-bounds read in LDT setup (CVE-2022-49395)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8655 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard     math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system.
    Without these libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH (CVE-2025-4802)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8665 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    * grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect     (CVE-2025-4123)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8666 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8643 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: net: gso: fix ownership in __udp_gso_segment (CVE-2025-21926)

    * kernel: vlan: enforce underlying device type (CVE-2025-21920)

    * kernel: xsk: fix an integer overflow in xp_create_and_assign_umem() (CVE-2025-21997)

    * kernel: net: fix geneve_opt length integer overflow (CVE-2025-22055)

    * kernel: ext4: fix OOB read when checking dotdot dir (CVE-2025-37785)

    * kernel: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (CVE-2025-37943)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8663 advisory.

    The libsoup packages provide an HTTP client and server library for GNOME.

    Security Fix(es):

    * libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content (CVE-2025-2784)

    * libsoup: Denial of Service attack to websocket server (CVE-2025-32049)

    * libsoup: OOB Read on libsoup through function  soup_multipart_new_from_message in soup-multipart.c     leads to crash or  exit of process (CVE-2025-32914)

    * libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup     (CVE-2025-4948)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8645 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8664 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * tornado: Tornado Multipart Form-Data Denial of Service (CVE-2025-47287)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8640 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8633 advisory.

    The skopeo command lets you inspect images from container image registries, get images and image layers,     and use signatures to create and verify files.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8635 advisory.

    FastCGI Perl bindings.

    Security Fix(es):

    * perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2     (aka fcgi) library (CVE-2025-40907)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8634 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8630 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details     (CVE-2025-5267)

    * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)

    * firefox: thunderbird: Memory safety bugs (CVE-2025-5268)

    * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)

    * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content     (CVE-2025-5263)

    * firefox: thunderbird: Memory safety bug (CVE-2025-5269)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8631 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details     (CVE-2025-5267)

    * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)

    * firefox: thunderbird: Memory safety bugs (CVE-2025-5268)

    * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)

    * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content     (CVE-2025-5263)

    * firefox: thunderbird: Memory safety bug (CVE-2025-5269)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8626 advisory.

    ModSecurity is an open source intrusion detection and prevention engine for web applications.

    Security Fix(es):

    * modsecurity: ModSecurity Has Possible DoS Vulnerability (CVE-2025-47947)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8629 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details     (CVE-2025-5267)

    * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)

    * firefox: thunderbird: Memory safety bugs (CVE-2025-5268)

    * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)

    * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content     (CVE-2025-5263)

    * firefox: thunderbird: Memory safety bug (CVE-2025-5269)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8627 advisory.

    ModSecurity is an open source intrusion detection and prevention engine for web applications.

    Security Fix(es):

    * modsecurity: ModSecurity Has Possible DoS Vulnerability (CVE-2025-47947)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8642 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details     (CVE-2025-5267)

    * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)

    * firefox: thunderbird: Memory safety bugs (CVE-2025-5268)

    * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)

    * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content     (CVE-2025-5263)

    * firefox: thunderbird: Memory safety bug (CVE-2025-5269)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8636 advisory.

    FastCGI Perl bindings.

    Security Fix(es):

    * perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2     (aka fcgi) library (CVE-2025-40907)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8639 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8628 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details     (CVE-2025-5267)

    * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)

    * firefox: thunderbird: Memory safety bugs (CVE-2025-5268)

    * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)

    * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content     (CVE-2025-5263)

    * firefox: thunderbird: Memory safety bug (CVE-2025-5269)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8625 advisory.

    FastCGI Perl bindings.

    Security Fix(es):

    * perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2     (aka fcgi) library (CVE-2025-40907)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8632 advisory.

    The buildah package provides a tool for facilitating building OCI container images. Among other things,     buildah enables you to: Create a working container, either from scratch or using an image as a starting     point; Create an image, either from a working container or using the instructions in a Dockerfile; Build     both Docker and OCI images.

    Security Fix(es):

    * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8607 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

    * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

    * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details     (CVE-2025-5267)

    * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)

    * firefox: thunderbird: Memory safety bugs (CVE-2025-5268)

    * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)

    * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content     (CVE-2025-5263)

    * firefox: thunderbird: Memory safety bug (CVE-2025-5269)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
238341	RHEL 9 : podman (RHSA-2025:9020)	critical
238340	RHEL 9 : Satellite 6.17.1 Async Update (Moderate) (RHSA-2025:9022)	high
238339	RHEL 9 : buildah (RHSA-2025:9017)	critical
238338	RHEL 9 : containernetworking-plugins (RHSA-2025:9019)	critical
238337	RHEL 9 : skopeo (RHSA-2025:9018)	critical
238336	RHEL 9 : libxslt (RHSA-2025:9016)	medium
238335	RHEL 8 : container-tools:rhel8 (RHSA-2025:9025)	critical
238327	RHEL 9 : grafana-pcp (RHSA-2025:8984)	critical
238326	RHEL 9 : grafana-pcp (RHSA-2025:8982)	critical
238325	RHEL 8 : grafana-pcp (RHSA-2025:8983)	critical
238304	RHEL 9 : grafana-pcp (RHSA-2025:8975)	critical
238303	RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2025:8981)	high
238302	RHEL 9 : gstreamer1-plugins-bad-free (RHSA-2025:8977)	high
238301	RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2025:8976)	high
238300	RHEL 9 : gstreamer1-plugins-bad-free (RHSA-2025:8978)	high
238299	RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2025:8980)	high
238298	RHEL 9 : gstreamer1-plugins-bad-free (RHSA-2025:8979)	high
238297	RHEL 8 : go-toolset:rhel8 (RHSA-2025:8974)	critical
238288	RHEL 9 : kernel (RHSA-2025:8796)	high
238287	RHEL 8 : firefox (RHSA-2025:8807)	high
238251	RHEL 8 : libxml2 (RHSA-2025:8958)	high
238250	RHEL 9 : mod_security (RHSA-2025:8937)	high
238064	RHEL 8 : kernel (RHSA-2025:8743)	high
238063	RHEL 8 : thunderbird (RHSA-2025:8784)	high
238062	RHEL 8 : thunderbird (RHSA-2025:8756)	high
238061	RHEL 9 : golang (RHSA-2025:8737)	critical
238060	RHEL 8 : kernel-rt (RHSA-2025:8744)	high
237980	RHEL 9 : glibc (RHSA-2025:8655)	high
237979	RHEL 9 : grafana (RHSA-2025:8665)	critical
237978	RHEL 10 : grafana (RHSA-2025:8666)	critical
237977	RHEL 9 : kernel (RHSA-2025:8643)	high
237976	RHEL 8 : libsoup (RHSA-2025:8663)	high
237975	RHEL 8 : firefox (RHSA-2025:8645)	high
237974	RHEL 7 : python-tornado (RHSA-2025:8664)	high
237970	RHEL 8 : firefox (RHSA-2025:8640)	high
237969	RHEL 9 : skopeo (RHSA-2025:8633)	critical
237968	RHEL 9 : perl-FCGI (RHSA-2025:8635)	medium
237967	RHEL 9 : podman (RHSA-2025:8634)	critical
237966	RHEL 8 : thunderbird (RHSA-2025:8630)	high
237965	RHEL 8 : thunderbird (RHSA-2025:8631)	high
237964	RHEL 8 : mod_security (RHSA-2025:8626)	high
237963	RHEL 8 : thunderbird (RHSA-2025:8629)	high
237962	RHEL 8 : mod_security (RHSA-2025:8627)	high
237961	RHEL 9 : thunderbird (RHSA-2025:8642)	high
237960	RHEL 10 : perl-FCGI (RHSA-2025:8636)	medium
237959	RHEL 8 : firefox (RHSA-2025:8639)	high
237958	RHEL 8 : thunderbird (RHSA-2025:8628)	high
237957	RHEL 7 : perl-FCGI (RHSA-2025:8625)	medium
237956	RHEL 9 : buildah (RHSA-2025:8632)	critical
237872	RHEL 9 : thunderbird (RHSA-2025:8607)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

critical

high

critical

critical

critical

medium

critical

critical

critical

critical

critical

high

high

high

high

high

high

critical

high

high

high

high

high

high

high

critical

high

high

critical

critical

high

high

high

high

high

critical

medium

critical

high

high

high

high

high

high

medium

high

high

medium

critical

high