The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5063709. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)

- Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. (CVE-2025-49751)

- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5063709

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.017

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/08/12, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5063709

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.19041.5965
Should be : 10.0.19041.6216

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5066791. It is, therefore, affected by multiple vulnerabilities

- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5066791

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

9.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.2

0.0824

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.2 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/10/14, Modified: 2025/11/18

The remote host is missing one of the following rollup KBs :
- 5066791

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.19041.5965
Should be : 10.0.19041.6456

An unsupported version of Microsoft Silverlight is installed on the remote host.

According to its version, the installation of the Microsoft Silverlight on the remote host is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Microsoft Silverlight has been discontinued. Please refer to the vendor for support.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2012/02/27, Modified: 2024/08/09

Path : C:\Program Files\Microsoft Silverlight\5.1.50907.0
Installed version : 5.1.50907.0
Security End of Life : October 11, 2021
Time since Security End of Life (Est.) : >= 4 years

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 135.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-07 advisory.

- Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-1020)

- An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. (CVE-2025-1009)

- An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. (CVE-2025-1010)

- The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user.
This could have been leveraged to perform a potential spoofing attack. (CVE-2025-1018)

- A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. (CVE-2025-1011)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 135.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0018

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/02/04, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 135.0

A web browser installed on the remote Windows host is affected by a vulnerability.

The version of Firefox installed on the remote Windows host is prior to 136.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-19 advisory.

- Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. This only affects Firefox on Windows. Other operating systems are unaffected.
(CVE-2025-2857)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 136.0.4 or later.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

8.7 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0005

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/03/28, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 136.0.4

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-28 advisory.

- Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-4091)

- A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. (CVE-2025-4083)

- Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM- level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

- Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
Other versions of Firefox are unaffected. (CVE-2025-4082)

- An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. (CVE-2025-4085)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 138.0 or later.

Critical

9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

7.9 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0005

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/04/29, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 138.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 138.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-36 advisory.

- An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. (CVE-2025-4919)

- An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object.
(CVE-2025-4918)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 138.0.4 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/05/17, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 138.0.4

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 139.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-47 advisory.

- An integer overflow was present in <code>OrderedHashTable</code> used by the JavaScript engine (CVE-2025-49710)

- Certain canvas operations could have lead to memory corruption. (CVE-2025-49709)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 139.0.4 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0004

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/06/10, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 139.0.4

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-51 advisory.

- Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-6436)

- If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires a secure transport established without errors. (CVE-2025-6433)

- A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

- An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. (CVE-2025-6425)

- The executable file warning did not warn users before opening files with the <code>terminal</code>
extension. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
(CVE-2025-6426)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 140.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0004

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/06/24, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 140.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 141.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-56 advisory.

- Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-8044)

- On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack.
Baseline-JIT, however, read the entire 64 bits. (CVE-2025-8027)

- On arm64, a WASM <code>brtable</code> instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address.
(CVE-2025-8028)

- In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. (CVE-2025-8041)

- Firefox for Android allowed a sandboxed iframe without the <code>allow-downloads</code> attribute to start downloads. (CVE-2025-8042)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 141.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0005

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/07/22, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 141.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 142.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-64 advisory.

- Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-9187)

- An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process.
(CVE-2025-9179)

- Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180)

- Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181)

- Spoofing issue in the Address Bar component of Firefox Focus for Android. (CVE-2025-9186)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 142.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/08/19, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 142.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 144.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-81 advisory.

- Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.
(CVE-2025-11721)

- Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

- A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. (CVE-2025-11709)

- A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. (CVE-2025-11710)

- There was a way to change the value of JavaScript Object properties that were supposed to be non- writeable. (CVE-2025-11711)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 144.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/10/14, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 144.0

A web browser installed on the remote Windows host is affected by a vulnerability.

The version of Firefox installed on the remote Windows host is prior to 144.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-86 advisory.

- Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. (CVE-2025-12380)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 144.0.2 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/10/28, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 144.0.2

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 145.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-87 advisory.

- Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-13027)

- Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. (CVE-2025-13023, CVE-2025-13026)

- Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. (CVE-2025-13021, CVE-2025-13022, CVE-2025-13025)

- Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. (CVE-2025-13012)

- Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. (CVE-2025-13016)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 145.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/11/11, Modified: 2025/11/19

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 145.0

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 221, 8 Update 211, 11 Update 3, or 12 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :

- 2D
- Libraries
- RMI
- Windows DLL

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Oracle JDK / JRE 12 Update 1 , 11 Update 3, 8 Update 211 / 7 Update 221 or later. If necessary, remove any affected versions.

Medium

9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

8.1 (CVSS:3.0/E:P/RL:O/RC:C)

7.4

0.1181

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

5.3 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2019/04/19, Modified: 2024/12/20

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.211 or greater

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :

- 2D
- Libraries
- Kerberos
- Networking
- JavaFX
- Hotspot
- Scripting
- Javadoc
- Deployment
- Concurrency
- JAXP
- Serialization
- Security

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Oracle JDK / JRE 13 Update 1, 11 Update 5, 8 Update 231 / 7 Update 241 or later. If necessary, remove any affected versions.

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0247

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

5.5 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2019/10/17, Modified: 2024/12/20

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.231 or greater

The remote host is affected by multiple vulnerabilities

The versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory.

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2024-47606)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2024-54534)

- Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.14 and 21.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data. (CVE-2025-23083)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply the appropriate patch according to the April 2025 Oracle Critical Patch Update advisory.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.1 (CVSS:3.0/E:F/RL:O/RC:C)

7.4

0.0067

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/04/18, Modified: 2025/08/12

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.451 or greater

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 2, 8 Update 181, 7 Update 191, or 6 Update 201. It is, therefore, affected by multiple vulnerabilities related to the following components :

- Concurrency. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2952)

- Deployment. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2964)

- JSSE. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2973)

- Java DB. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2938)

- JavaFX. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2941)

- Libraries. An easily exploitable vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2940)

- Security. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2972)

- Windows DLL. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2942)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Oracle JDK / JRE 10 Update 2, 8 Update 181 / 7 Update 191 / 6 Update 201 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Medium

9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

7.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.5

0.0183

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

5.0 (CVSS2#E:U/RL:OF/RC:C)

Published: 2018/07/20, Modified: 2025/01/27

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.181 or greater

The remote host is affected by multiple vulnerabilities

The versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory.

- Vulnerability in Oracle Java SE (component: JavaFX (libxml2)). Supported versions that are affected are Oracle Java SE: 8u451-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. (CVE-2024-40896)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. (CVE-2025-30749)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. (CVE-2025-50059)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply the appropriate patch according to the July 2025 Oracle Critical Patch Update advisory.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0023

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/07/18, Modified: 2025/10/30

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.461 or greater

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 11 Update 1, 8 Update 191, 7 Update 201, or 6 Update 211. It is, therefore, affected by multiple vulnerabilities related to the following components :

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Deployment (libpng) subcomponent could allow an unauthenticated, remote attacker with network access via HTTP to compromise Java SE, Java SE Embedded. (CVE-2018-13785)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Hotspot subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. (CVE-2018-3169)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the JavaFX subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3209)

- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the JNDI subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.
(CVE-2018-3149)
- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the JSSE subcomponent could allow an unauthenticated, remote attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit.
(CVE-2018-3180)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
(CVE-2018-3139)

- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the Scripting subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. (CVE-2018-3183)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Security subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. (CVE-2018-3136)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Serviceability subcomponent could allow a low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. (CVE-2018-3211)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the Sound subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3157)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the Utility subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3150)

Please consult the CVRF details for the applicable CVEs for additional information.

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Oracle JDK / JRE 11 Update 1, 8 Update 191 / 7 Update 201 / 6 Update 211 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Medium

9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

7.8 (CVSS:3.0/E:U/RL:O/RC:C)

7.3

0.0225

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

5.0 (CVSS2#E:U/RL:OF/RC:C)

Published: 2018/10/19, Modified: 2024/12/20

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.191 or greater

A compression utility installed on the remote Windows host is affected by multiple vulnerabilities.

The version of 7-Zip installed on the remote Windows host is below 23.00. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability exists in 7-zip due to an integer underflow. An unauthenticated, remote attacker can exploit this, by tricking a user into opening a specially crafted archive, to execute arbitrary code on the system. (CVE-2023-31102)

- A remote code execution vulnerability exists in 7-zip due to an out-of-bounds write. An unauthenticated, remote attacker can exploit this, by tricking a user into opening a specially crafted archive, to execute arbitrary code on the system. (CVE-2023-40481)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to 7-Zip version 23.00 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.374

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2023/08/31, Modified: 2024/11/22

Path : C:\Program Files\7-Zip
Installed version : 19.0.0.0
Fixed version : 23.00

The 7-zip instance installed on the remote host is affected by a heap based buffer overflow vulnerability.

The version of 7-Zip installed on the remote Windows host is below 24.01. It is, therefore, affected by multiple vulnerabilities:

- The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size:
buffer+512*i-2, for i=9, i=10, i=11, etc. (CVE-2023-52168)

- The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process. (CVE-2023-52169)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to 7-zip version 24.01 or later.

High

8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.3 (CVSS:3.0/E:U/RL:O/RC:C)

5.9

0.0039

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.3 (CVSS2#E:U/RL:OF/RC:C)

Published: 2024/10/17, Modified: 2024/10/18

Path : C:\Program Files\7-Zip
Installed version : 19.0.0.0
Fixed version : 24.01

The remote host is missing a security update.

The version of 7-Zip installed on the remote host is prior to 24.07. It is, therefore, affected by a remote code execution vulnerability as referenced in the ZDI-24-1532 advisory.

- This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip.
Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. (CVE-2024-11477)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to 7-Zip version 24.07 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.3951

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.3 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/11/22, Modified: 2025/01/24

Path : C:\Program Files\7-Zip
Installed version : 19.0.0.0
Fixed version : 24.07

The remote host is missing a security update.

The version of 7-Zip installed on the remote host is prior to 24.09. It is, therefore, affected by a vulnerability as referenced in the ZDI-25-045 advisory.

- The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to 7-Zip version 24.09 or later.

Medium

7.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.5 (CVSS:3.0/E:F/RL:O/RC:C)

7.4

0.3263

6.2 (CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

5.1 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/01/23, Modified: 2025/08/12

Path : C:\Program Files\7-Zip
Installed version : 19.0.0.0
Fixed version : 24.09

The remote host is missing a security update.

The version of 7-Zip installed on the remote host is prior to 25.00. It is, therefore, affected by multiple vulnerabilities:

- 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. (CVE-2025-11001, CVE-2025-11002)

- An error in Z-zip's RAR5 handler's error correction for corrupted items can lead to a buffer overflow, resulting in memory corruption and denial of service.
(CVE-2025-53816)

- A Null pointer dereference in 7-Zip's implementation of the Compound handler can lead to denial of service at specific values. (CVE-2025-53817)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to 7-Zip version 25.00 or later.

Medium

7.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

9.2

0.0031

6.2 (CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

I

Published: 2025/07/23, Modified: 2025/11/20

Path : C:\Program Files\7-Zip
Installed version : 19.0.0.0
Fixed version : 25.00

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5062554. It is, therefore, affected by multiple vulnerabilities

- Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
(CVE-2025-49659)

- Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48799)

- Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48820)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5062554

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0027

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/07/08, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5062554

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.19041.5965
Should be : 10.0.19041.6093

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5065429. It is, therefore, affected by multiple vulnerabilities

- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)

- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)

- Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. (CVE-2025-54099)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5065429

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0073

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/09, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5065429

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.19041.5965
Should be : 10.0.19041.6328

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5068781. It is, therefore, affected by multiple vulnerabilities

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2025-59509, CVE-2025-59513, CVE-2025-60706, CVE-2025-62208, CVE-2025-62209)
- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59511, CVE-2025-59512, CVE-2025-59514, CVE-2025-59515, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60707, CVE-2025-60709, CVE-2025-60716, CVE-2025-60717, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62215, CVE-2025-62217, CVE-2025-62218, CVE-2025-62219)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5068781

Critical

7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.5 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.0009

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/11/11, Modified: 2025/11/14

The remote host is missing one of the following rollup KBs :
- 5068781

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.19041.5965
Should be : 10.0.19041.6575

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5071546. It is, therefore, affected by multiple vulnerabilities

- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)

- Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. (CVE-2025-62457)

- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5071546

Critical

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.1

0.0821

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/12/09, Modified: 2025/12/17

The remote host is missing one of the following rollup KBs :
- 5071546

- C:\WINDOWS\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.19041.5965
Should be : 10.0.19041.6691

An application installed on the remote Windows host is affected by an elevation of privilege vulnerability.

The version of Microsoft Azure Data Studio installed on the remote Windows host is prior to 1.48.0. It is, therefore, affected by an unspecified elevation of privilege vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.

Medium

7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

6.4 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0214

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/03/15, Modified: 2024/03/18

Path : C:\Program Files\Azure Data Studio\
Installed version : 1.32.0.0
Fixed version : 1.48.0

The Windows app installed on the remote host is affected by code execution vulnerabilities.

The Windows 'Paint 3D' app installed on the remote host is affected by multiple code execution vulnerabilities. An attacker who successfully exploited one of the vulnerabilities could execute arbitrary code. Exploitation of the vulnerabilities requires that a program process a specially crafted file.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade the Windows 'Paint 3D' app to version 6.2305.16087.0, or later via the Microsoft Store.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

8.4

0.0374

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.3 (CVSS2#E:U/RL:OF/RC:C)

Published: 2023/07/13, Modified: 2025/05/23

Path : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe
Installed version : 6.1907.29027.0
Fixed version : 6.2305.16087.0

The Windows app installed on the remote host is affected by a code execution vulnerability..

The Windows 'Paint 3D' app installed on the remote host is affected by a code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file.

Upgrade the Windows 'Paint 3D' app to version 6.2105.4017.0, or later via the Microsoft Store.

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

5.9

0.0056

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

5.0 (CVSS2#E:U/RL:OF/RC:C)

Published: 2022/03/08, Modified: 2025/05/23

Path : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe
Installed version : 6.1907.29027.0
Fixed version : 6.2105.4017.0

The Microsoft Print 3D app installed on the remote host may be affected by a remote code execution vulnerability.

The Microsoft Print 3D app installed on the remote Windows host may be affected by a remote code execution vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to the Microsoft 3D Builder app via the Windows App Store.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.0077

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

6.0 (CVSS2#E:F/RL:OF/RC:C)

Published: 2023/02/20, Modified: 2024/03/27

Path : C:\Program Files\WindowsApps\Microsoft.Print3D_3.3.311.0_x64__8wekyb3d8bbwe
Installed version : 3.3.311.0
Fixed version : Upgrade to the Microsoft 3D Builder app to 3.3.791 or later via the Windows App Store.

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 136.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-14 advisory.

- Malicious pages could use Firefox for Android to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. (CVE-2024-9956)

- On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use- after-free in the Browser process. This could have led to a sandbox escape. (CVE-2025-1930)

- Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. (CVE-2025-1939)

- It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. (CVE-2025-1931)

- An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of- bounds access. Only affected version 122 and later. (CVE-2025-1932)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 136.0 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0018

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.6 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/03/04, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 136.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 137.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-20 advisory.

- Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-3034)

- Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-3030)

- JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after- free. (CVE-2025-3028)

- An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function.
(CVE-2025-3031)

- Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. (CVE-2025-3032)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 137.0 or later.

Critical

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.3 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0005

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/04/01, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 137.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 139.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-42 advisory.

- Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10.
Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-5268)

- A double-free could have occurred in `vpxcodecencinitmulti` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash.
(CVE-2025-5283)

- Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. (CVE-2025-5263)

- Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.
(CVE-2025-5264)

- Due to insufficient escaping of the ampersand character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.
(CVE-2025-5265)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 139.0 or later.

High

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.1 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0009

9.4 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)

7.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/05/27, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 139.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 143.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-73 advisory.

- Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142.
Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-10537)

- Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10527)

- Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
(CVE-2025-10528)

- Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR <
140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10529)

- Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 143 and Thunderbird < 143. (CVE-2025-10530)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 143.0 or later.

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0005

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/19, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 143.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 143.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-80 advisory.

- Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143.0.3. (CVE-2025-11152)

- JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3.
(CVE-2025-11153)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 143.0.3 or later.

High

8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)

7.5 (CVSS:3.0/E:U/RL:O/RC:C)

5.5

0.0002

9.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:C/A:P)

6.7 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/30, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 143.0.3

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 146.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-92 advisory.

- Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. (CVE-2025-14328, CVE-2025-14329)

- Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. (CVE-2025-14321)

- Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. (CVE-2025-14322)

- Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. (CVE-2025-14323)

- JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. (CVE-2025-14324)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 146.0 or later.

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.0004

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/12/09, Modified: 2025/12/12

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 146.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 146.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-98 advisory.

- Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
(CVE-2025-14861)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 146.0.1 or later.

High

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.0004

Published: 2025/12/18, Modified: 2025/12/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 134.0
Fixed version : 146.0.1

The text editor on the remote Windows host is affected by a arbitary code execution.

The version of Notepad++ installed on the remote host is prior to 8.1.1. It is, therefore, affected by a arbitary code execution vulnerability in the dbghelp.exe file, allowing a attacker with local access to abuse the uncontrolled search path to execute arbitrary code and gain access.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Notepad++ 8.1.1 or later.

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0006

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.3 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2024/08/09, Modified: 2025/06/20

Path : C:\Program Files (x86)\Notepad++
Installed version : 6.9.0.0
Fixed version : 8.1.1

The text editor on the remote Windows host is affected by DLL hijacking

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Notepad++ 8.4.1 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0004

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.6 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2024/10/04, Modified: 2025/09/22

Path : C:\Program Files (x86)\Notepad++
Installed version : 6.9.0.0
Fixed version : 8.4.1

The text editor on the remote Windows host is affected by multiple vulnerabilties.

The version of Notepad++ installed on the remote host is prior to 8.5.7. It is, therefore, affected by multiple buffer overflow vulnerabilties. An authenticated, local attacker could exploit these to cause a denial of service condition or the execution of arbitrary code.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Notepad++ 8.5.7 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0011

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.6 (CVSS2#E:POC/RL:OF/RC:C)

Published: 2023/09/26, Modified: 2023/09/27

Path : C:\Program Files (x86)\Notepad++
Installed version : 6.9.0.0
Fixed version : 8.5.7

A text editor on the remote Windows host is affected by privilege escalation.

The version of Notepad++ installed on the remote host is prior to 8.8.2. It is, therefore, affected by a privilege escalation vulnerability:

- Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
(CVE-2025-49144) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Notepad++ 8.8.2 or later.

Medium

7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

8.4

0.0001

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

I

Published: 2025/06/26, Modified: 2025/11/10

Path : C:\Program Files (x86)\Notepad++
Installed version : 6.9.0.0
Fixed version : 8.8.2

The remote host is affected by multiple vulnerabilities

The 8u401, 20.3.13, 21.3.9, 11.0.23, 17.0.10, 21.0.3, 22, and perf versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory.

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition.(CVE-2023-41993)

- Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. While the vulnerability is in Oracle GraalVM for JDK, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data.
(CVE-2024-21892)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.23, 17.0.10, 21.0.3, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.3, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. (CVE-2024-21011)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply the appropriate patch according to the April 2024 Oracle Critical Patch Update advisory.

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

7.4

0.2153

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2024/04/19, Modified: 2025/03/14

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.411 or greater

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 251, 8 Update 241, 11 Update 6, or 13 Update 2. It is, therefore, affected by multiple vulnerabilities:

- Oracle Java SE and Java SE Embedded are prone to a severe division by zero, over 'Multiple' protocol.
This issue affects the 'SQLite' component.(CVE-2019-16168)

- Oracle Java SE and Java SE Embedded are prone to format string vulnerability, leading to a read uninitialized stack data over 'Multiple' protocol. This issue affects the 'libxst' component.
(CVE-2019-13117, CVE-2019-13118)

- Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. An unauthenticated remote attacker can exploit this over 'Kerberos' protocol. This issue affects the 'Security' component.
(CVE-2020-2601, CVE-2020-2590)

- Oracle Java SE/Java SE Embedded are prone to a remote security vulnerability. An unauthenticated remote attacker can exploit this overmultiple protocols. This issue affects the 'Serialization' component.
(CVE-2020-2604, CVE-2020-2583)

- Oracle Java SE/Java SE Embedded are prone to a remote security vulnerability. Tn unauthenticated remote attacker can exploit this over multiple protocols. This issue affects the 'Networking' component.
(CVE-2020-2593, CVE-2020-2659)

- Oracle Java SE are prone to a remote security vulnerability. An unauthenticated remote attacker can exploit this over multiple protocols. This issue affects the 'Libraries' component. (CVE-2020-2654)

- Oracle Java SE are prone to a multiple security vulnerability. An unauthenticated remote attacker can exploit this over multiple protocols. This issue affects the 'JavaFX' component. (CVE-2020-2585)

- Oracle Java SE are prone to a multiple security vulnerability. An unauthenticate remote attacker can exploit this over 'HTTPS' protocols. This issue affects the 'JSSE' component. (CVE-2020-2655)

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Oracle JDK / JRE 13 Update 2 , 11 Update 6, 8 Update 241 / 7 Update 251 or later. If necessary, remove any affected versions.

Medium

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.1 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0457

6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2020/01/16, Modified: 2024/12/20

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.241 or greater

The remote host is affected by multiple vulnerabilities

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :

- Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over 'Multiple' protocol.
This issue affects the 'JavaFX (libxslt)' component. Successful attacks of this vulnerability allow unauthenticated attacker with network access to takeover of Java SE. (CVE-2019-18197)

- Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability.
An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2754, CVE-2020-2755)

- Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability.
An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Serialization' component. (CVE-2020-2756, CVE-2020-2757)

- Oracle Java SE prone to unauthorized read access vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol can result in unauthorized read access to a subset of Java SE accessible data. This issue affects the 'Advanced Management Console' component. (CVE-2020-2764)

- Oracle Java SE and Java SE Embedded are prone to unauthorized write/read access vulnerability. An unauthenticated remote attacker over 'HTTPS' can read, update, insert or delete access to some of Java SE accessible data. This issue affects the 'JSSE' component. (CVE-2020-2767)

- Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability.
An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2773)

It is also affected by other vulnerabilities; please see vendor advisories for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Oracle JDK / JRE 14 Update 1 , 11 Update 7, 8 Update 251 , 7 Update 261 or later.
If necessary, remove any affected versions.

Medium

8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:U/RL:O/RC:C)

7.3

0.0429

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

4.3 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2020/04/16, Modified: 2024/12/20

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.251 or greater

The remote host is affected by multiple vulnerabilities

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 271, 8 Update 261, 11 Update 8, or 14 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components as referenced in the July 2020 CPU advisory:

- Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.
Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14664)

- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14583)

- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note:
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14593)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Apply the appropriate patch according to the July 2020 Oracle Critical Patch Update advisory.

Medium

8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:U/RL:O/RC:C)

7.3

0.0183

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

4.3 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2020/07/16, Modified: 2024/12/20

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.261 or greater

The remote host is affected by multiple vulnerabilities.

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 321, 8 Update 311, 11 Update 13, or 17 Update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory:

- Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX (libxml)). The supported version that is affected is Java SE: 8u301. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE as well as unauthorized update, insert or delete access to some of Java SE accessible data and unauthorized read access to a subset of Java SE accessible data. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-3517)

- Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-35560)

- Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2021-35567)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Apply the appropriate patch according to the October 2021 Oracle Critical Patch Update advisory.

High

8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)

7.5 (CVSS:3.0/E:U/RL:O/RC:C)

5.9

0.0056

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

5.5 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2021/10/22, Modified: 2024/12/20

Path : C:\Program Files\Java\jre1.8.0_161\
Installed version : 8.0.161.12 / build 8.0.161
Fixed version : Upgrade to version 8.0.311 or greater

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components :

- AWT
- Concurrency
- Hotspot
- Install
- JAXP
- JMX
- Libraries
- RMI
- Security
- Serialization

Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

Medium

8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:U/RL:O/RC:C)

7.3

0.0346

5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

4.3 (CVSS2#E:U/RL:OF/RC:C)