Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of libnghttp2-sys (CVE-2025-7207, CVE-2025-12875)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.90.0.0 uses the libnghttp2-sys-0.1.11+1.64.0 crate, which wraps a vulnerable version 1.64 of the nghttp2 library. Vulnerability Details CVEID:CVE-2025-12875 DESCRIPTION: A weakness has been identified in mruby 3.4.0...

MiracleLinux 7 : ghostscript-9.07-28.el7 (AXSA:2017-2183:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2183:05 advisory. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics...

Linux Distros Unpatched Vulnerability : CVE-2025-7207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file...

MAL-2025-7207 Malicious code in @crabas0npm/consectetur-unde-quae (npm)

The package @crabas0npm/consectetur-unde-quae was found to contain malicious code...

CVE-2025-7207

A flaw was found in mruby. The scopenew function in mrbgems/mruby-compiler/core/codegen.c contains a heap-based buffer manipulation, potentially leading to memory corruption. A local attacker can trigger this vulnerability through crafted input, resulting in a potential denial of service...

CVE-2025-7207

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...

CVE-2025-7207

Summary (CVE-2025-7207): A heap-based buffer overflow affects mruby up to 3.4.0-rc2, specifically the function scope_new in file mrbgems/mruby-compiler/core/codegen.c (component nregs Handler). The vulnerability can be triggered locally; an attack requires local access, and the exploit has been d...

CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...

CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...

CVE-2025-7207

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...

Photon OS 5.0: Cpio PHSA-2025-5.0-0537

An update of the cpio package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0537. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2020-7207

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine IE. This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will...

CVE-2006-7207

Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors...

Linux Distros Unpatched Vulnerability : CVE-2023-7207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in...

Linux Distros Unpatched Vulnerability : CVE-2017-7207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The memgetbitsrectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference via a...

Ubuntu 20.04 LTS : Git vulnerabilities (USN-7207-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7207-2 advisory. USN-7207-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 20.04 LTS. Tenable has extracted the preceding...

RHEL 9 : cpio (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cpio: directory traversal through symlinks CVE-2015-1197 - cpio: path traversal vulnerability CVE-2023-72...

SUSE: Security Advisory (SUSE-SU-2024:0305-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0305-2 Security update for cpio

This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 bsc1218571, bsc1219238...

RHEL 6 : cpio (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cpio: improper input validation when writing tar header fields leads to unexpected tar generation...