MiracleLinux 8 : binutils-2.30-108.el8.1 (AXSA:2022-2955:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2955:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : xmlrpc-c-1.51.0-5.el8.1 (AXSA:2022-3167:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3167:01 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 Tenable has extracted the preceding description block...

MiracleLinux 7 : expat-2.1.0-14.el7 (AXSA:2022-3129:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3129:02 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

MiracleLinux 8 : expat-2.2.5-4.el8.3 (AXSA:2022-3114:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3114:01 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

MiracleLinux 7 : firefox-91.7.0-3.0.1.el7.AXS7 (AXSA:2022-3096:07)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3096:07 advisory. Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 expat: Malformed ...

MiracleLinux 4 : glibc-2.12-1.212.3.1.AXS4 (AXSA:2021-1437:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1437:03 advisory. glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding CVE-2019-25013 glibc: stack corruption fr...

MiracleLinux 7 : binutils-2.27-44.base.el7.1 (AXSA:2021-2508:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2508:04 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 9 : less-590-2.el9 (AXSA:2023-6105:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6105:01 advisory. less: crafted data can result in less -R not filtering ANSI escape sequences sent to the terminal CVE-2022-46663 Tenable has extracted the preceding...

MiracleLinux 7 : glibc-2.17-322.el7 (AXSA:2021-1374:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1374:01 advisory. glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding CVE-2019-25013 glibc: stack corruption fr...

MiracleLinux 8 : gcc-toolset-11-annobin-9.85-1.el8.1, gcc-toolset-11-binutils-2.36.1-1.el8.1, gcc-toolset-11-gcc-11.2.1-1.2.el8 (AXSA:2021-2882:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2882:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : firefox-91.7.0-3.el8.ML.1 (AXSA:2022-3095:06)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3095:06 advisory. Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 expat: Malformed ...

MiracleLinux 8 : kernel-4.18.0-348.el8 (AXSA:2021-2785:26)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2785:26 advisory. kernel: out-of-bounds reads in pinctrl subsystem CVE-2020-0427 kernel: Improper input validation in some IntelR Ethernet E810 Adapter drivers...

MiracleLinux 9 : grub2-2.06-46.el9.3.ML.1 (AXSA:2023-5114:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5114:03 advisory. grub2: Buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot bypass CVE-2022-2601 grub2: Heap based...

MiracleLinux 8 : grub2-2.02-142.el8.1.ML.1 (AXSA:2023-4726:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4726:01 advisory. grub2: Buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot bypass CVE-2022-2601 grub2: Heap based...

Directory Traversal

Overview swingmusic is a Swing Music Affected versions of this package are vulnerable to Directory Traversal via the listfolders function in the /folder/dir-browser endpoint. An attacker can access arbitrary directories on the server filesystem by sending crafted requests as an authenticated...

CLSA-2026-1768821437 pki-servlet-engine: Fix of 2 CVEs

CVE-2025-31651: fix improper neutralization of escape, meta, or control sequences - CVE-2025-55752: fix relative path traversal vulnerability...

MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-400:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-400:02 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...

MiracleLinux 8 : thunderbird-91.7.0-2.el8.ML.1 (AXSA:2022-3104:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3104:04 advisory. Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 expat: Malformed ...

MiracleLinux 8 : glibc-2.28-151.el8 (AXSA:2021-1780:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1780:06 advisory. glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding CVE-2019-25013 glibc: regular-expression...

MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-211:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-211:01 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...