MiracleLinux 9 : webkit2gtk3-2.36.7-1.el9.1 (AXSA:2023-5048:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5048:03 advisory. webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution CVE-2022-42856 Tenable has extracted the preceding description...

MiracleLinux 8 : texlive-20180414-29.el8 (AXSA:2023-6183:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6183:03 advisory. texlive: arbitrary code execution allows document complied with older version CVE-2023-32700 Tenable has extracted the preceding description block directly...

MiracleLinux 7 : fwupdate-12-6.0.1.el7.AXS7 (AXSA:2020-255:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-255:01 advisory. grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process CVE-2020-10713 grub2: grubmalloc does not validate allocation...

MiracleLinux 9 : webkit2gtk3-2.46.1-2.el9_4 (AXSA:2024-8945:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8945:04 advisory. webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution CVE-2024-40776 webkitgtk: webkit2gtk: Processing maliciously crafted web...

Server-Side Template Injection (SSTI) vulnerability exist in Genshi

Overview A Server-Side Template Injection SSTI vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval’ and ‘exec’ functions while allowing fallback access to Python built-in objects. If an...

MiracleLinux 9 : webkit2gtk3-2.40.5-1.el9 (AXSA:2023-6828:17)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6828:17 advisory. webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to...

MiracleLinux 9 : webkit2gtk3-2.36.7-1.el9 (AXSA:2023-4955:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4955:02 advisory. webkitgtk: Use-after-free leading to arbitrary code execution CVE-2022-22624 webkitgtk: Use-after-free leading to arbitrary code execution...

MiracleLinux 8 : xmlrpc-c-1.51.0-5.el8.1 (AXSA:2022-3167:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3167:01 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 Tenable has extracted the preceding description block...

MiracleLinux 9 : webkit2gtk3-2.36.7-1.el9.2 (AXSA:2023-5160:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5160:05 advisory. webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution CVE-2023-23529 Tenable has extracted the preceding...

MiracleLinux 9 : webkit2gtk3-2.42.5-1.el9 (AXSA:2024-8032:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8032:02 advisory. webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-40414 webkitgtk: Processing web content may lead to arbitrary code...

MiracleLinux 8 : mariadb:10.3 (AXSA:2021-1698:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1698:01 advisory. mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user CVE-2021-27928 Tenable has...

MiracleLinux 7 : libsndfile-1.0.25-12.el7.1 (AXSA:2021-2390:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2390:02 advisory. libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution CVE-2021-3246 CVEs: CVE-2021-3246 Tenable has extracted the preceding...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : SimGear vulnerability (USN-7965-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7965-1 advisory. It was discovered that SimGear could be made to bypass the sandboxing of Nasal scripts. An attacker could possibly...

Ubuntu: Security Advisory (USN-7965-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 7 : expat-2.1.0-14.el7 (AXSA:2022-3129:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3129:02 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

MiracleLinux 9 : ghostscript-9.54.0-16.el9_4 (AXSA:2024-8422:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8422:02 advisory. ghostscript: OPVP device arbitrary code execution via custom Driver library CVE-2024-33871 Tenable has extracted the preceding description block directly fro...

USN-7969-1: Dungeon Crawl Stone Stoup vulnerability

David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An attacker could possibly use this issue to execute arbitrary code...

CVE-2026-23883

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a use-after-free vulnerability by enticing a client to connect to it. This can lead to a client-side crash, resulting in a Denial of Service DoS, and potentially allow for arbitrary...

CVE-2026-23533

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a client-side heap buffer overflow vulnerability in the RDPGFX ClearCodec decode path. This occurs when maliciously crafted residual data causes out-of-bounds writes during color...

EUVD-2026-3305

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...