RHCOS 4 : OpenShift Container Platform 4.18.6 (RHSA-2025:3068)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3068 advisory. - go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Note that Nessus has not tested for this issue but has instead...

RHCOS 4 : OpenShift Container Platform 4.17.22 (RHSA-2025:3061)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3061 advisory. - go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Note that Nessus has not tested for this issue but has instead...

SUSE-SU-2026:0592-1 Security update for vexctl

This update for vexctl fixes the following issues: - Update to version 0.4.1+git78.f951e3a: - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. bsc1239186 - CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in...

SUSE SLES15 / openSUSE 15 Security Update : apptainer (SUSE-SU-2026:0439-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0439-1 advisory. Security fixes: - CVE-2024-45310: Fixed runc being tricked into creating empty files/directories on host bsc1257432 -...

MiracleLinux 9 : buildah-1.39.4-1.el9_6 (AXSA:2025-10448:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10448:02 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 9 : osbuild-composer-132.2-3.el9_6.ML.1 (AXSA:2025-11084:08)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11084:08 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 9 : skopeo-1.18.1-1.el9_6 (AXSA:2025-10461:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10461:02 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Tenable has extracted the preceding description block directly from the MiracleLin...

CLSA-2025-1764152728 osbuild-composer: Fix of CVE-2025-27144

CVE-2025-27144: fix memory exhaustion vulnerability when parsing compact JWS or JWE input by updating the code to split JWT tokens...

Moderate: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

ALSA-2025:19566 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: go-jose: G...

RHEL 9 : osbuild-composer (RHSA-2025:19594)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:19594 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

RHEL 10 : osbuild-composer (RHSA-2025:19566)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:19566 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

Fedora: Security Advisory (FEDORA-2025-3d0ada20e1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RockyLinux 10 : skopeo (RLSA-2025:7467)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7467 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Tenable has extracted the preceding description block directly from the RockyLinux...

RockyLinux 10 : buildah (RLSA-2025:7459)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7459 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Tenable has extracted the preceding description block directly from the RockyLinux...

buildah security update

An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...

skopeo security update

An update is available for skopeo. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The skopeo command lets you inspect images from container image registries, ge...

RLSA-2025:7397 Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 For more details about the security issues, including t...

RockyLinux 9 : buildah (RLSA-2025:7389)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7389 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Tenable has extracted the preceding description block directly from the RockyLinux...

RockyLinux 10 : opentelemetry-collector (RLSA-2025:7479)

The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2025:7479 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in...