113 matches found
PYSEC-2026-945 Overflow in `ResizeNearestNeighborGrad`
Impact When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. import tensorflow as tf aligncorners = True halfpixelcenters = False grads = tf.constant1, shape=1,8,16,3, dtype=tf.float16 size = tf.constant1879048192,1879048192, shape=2, dtype=tf.int32...
Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
Summary The tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers which install them into the WireGuard peer configuration. Impact A...
Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking
Summary Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string "false" or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based accou...
Oracle Linux 8 : postgresql:13 (ELSA-2026-28208)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-28208 advisory. - Backport fix for CVE-2026-6478 from PostgreSQL 14.23 - Backport fixes for CVE-2026-6637, CVE-2026-6477, CVE-2026-6475, CVE-2026-6473 - fix CVE-2026-2004...
MiracleLinux 8 : xorg-x11-server-1.20.11-28.el8_10.2 (AXSA:2026-803:05)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-803:05 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...
xorg-x11-server security, bug fix, and enhancement update
An update is available for xorg-x11-server. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list X.Org is an open-source implementation of the X Window System. It...
ALSA-2026:26562 Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update
Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...
Facebook React has a Denial of Service Vulnerability in React Server Components
Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...
Oracle Linux 8 : virt:kvm_utils3 (ELSA-2026-50239)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50239 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501...
GHSA-574F-3G2M-X479 Bouncy Castle for Java GOST 28147 CTR mode reuses keystream after 255 blocks
The GOST 28147-2015 CTR mode implementation G3413CTRBlockCipher in the Legion of the Bouncy Castle BC-JAVA bcprov core module only increments the final byte of the counter, so the counter wraps after 255 blocks and the keystream is reused. Reusing CTR keystream allows an attacker who can observe...
Oracle Linux 10 : freerdp (ELSA-2026-6799)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6799 advisory. 2:3.10.3-5.5 - Fix use of nscprocessmessage - Increase timeout for TestSynchCritical Resolves: RHEL-155979 2:3.10.3-5.4 - Backport several CVE fixes...
Fedora 42 : mingw-binutils (2026-fe96f3532b)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fe96f3532b advisory. Backport fixes for multiple CVEs. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
freerdp security update
2:2.11.7-1.3 - Backport several CVE fixes Resolves: RHEL-151988, RHEL-152215...
PT-2026-27282
Name of the Vulnerable Software and Affected Versions Briefcase versions 0.3.0 through 0.3.25 Description Briefcase, a tool for converting Python projects into standalone native applications, has an issue where the installation process for Windows MSI installers, when set to install for All Users...
CVE-2026-3904
Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...
Oracle Linux 8 : freerdp (ELSA-2026-3334)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3334 advisory. 2:2.11.7-3 - Backport several CVE fixes Resolves: RHEL-148825, RHEL-148865, RHEL-148982 Tenable has extracted the preceding description block directly...
Fedora 42 : mingw-libsoup (2026-07b73214fc)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-07b73214fc advisory. Backport fixes for CVE-2026-0716, CVE-2026-0719. Tenable has extracted the preceding description block directly from the Fedora security advisory...
Oracle Linux 8 : freerdp (ELSA-2026-2081)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2081 advisory. 2:2.11.7-2 - Backport several CVE fixes Resolves: RHEL-142417, RHEL-142401, RHEL-142385, RHEL-142369, RHEL-142353 Resolves: RHEL-142337, RHEL-142321...
freerdp security update
2:2.11.7-2 - Backport several CVE fixes Resolves: RHEL-142417, RHEL-142401, RHEL-142385, RHEL-142369, RHEL-142353 Resolves: RHEL-142337, RHEL-142321...
Fedora 41 : mbedtls (2025-fe7ea8bbdd)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-fe7ea8bbdd advisory. Backport CVE fixes from 3.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...