Don’t Just Replace Kenna- Evolve to Vulnerability Exposure Management

Cisco has announced the end-of-sale for Cisco Vulnerability Management formerly Kenna Security, leaving security teams with a critical decision: remain on a legacy path or transform. Yes, it is true that the Kenna Security platform will be supported until June 30th, 2028 but the platform won’t be...

Azure Linux 3.0 Security Update: kata-containers (CVE-2025-4432)

The version of kata-containers installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4432 advisory. - A flaw was found in Rust's Ring package. A panic May be triggered when overflow checking is enabled...

Azure Linux 3.0 Security Update: kata-containers (CVE-2022-23523)

The version of kata-containers installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-23523 advisory. - In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF...

Azure Linux 3.0 Security Update: kata-containers (CVE-2024-32650)

The version of kata-containers installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32650 advisory. - Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall int...

Azure Linux 3.0 Security Update: kata-containers (CVE-2020-25576)

The version of kata-containers installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-25576 advisory. - An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to...

CVE-2025-36059

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

CVE-2025-36058

CVE-2025-36058 affects IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers. The issue could disclose sensitve configuration information stored in a config map. Red Hat/IBM advisories and IBM Security Bulletins identify the affected versions as: IBM Cloud Pak for ...

CVE-2025-36058 Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

CVE-2025-36059

CVE-2025-36059 affects IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers: 25.0.0-IF002, 24.0.1-IF005, and 24.0.0-IF006. The root cause is a local user with container access being able to execute OS system calls. IBM bulletin notes remediation by applying fixed ...

CVE-2025-36059 Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

CVE-2025-36059 Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

MiracleLinux 9 : skopeo-1.9.2-1.el9 (AXSA:2023-5066:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5066:01 advisory. containers/storage: DoS via malicious image CVE-2021-20291 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs...

MiracleLinux 7 : podman-1.6.4-29.el7 (AXSA:2021-1611:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1611:02 advisory. podman: container users permissions are not respected in privileged containers CVE-2021-20188 Tenable has extracted the preceding description block directly...

MiracleLinux 7 : docker-1.13.1-161.git64e9980.0.1.el7.AXS7 (AXSA:2020-4546:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4546:03 advisory. runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc CVE-2019-16884 proglottis/gpgme: Use-after-free in GPGME binding...

MiracleLinux 8 : container-tools:1.0 (AXSA:2021-1556:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1556:01 advisory. podman: container users permissions are not respected in privileged containers CVE-2021-20188 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-9011:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9011:01 advisory. Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 Buildah: Podman: Improper Input...

MiracleLinux 9 : ignition-2.14.0-1.el9 (AXSA:2023-4920:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4920:01 advisory. ignition: configs are accessible from unprivileged containers in VMs running on VMware products CVE-2022-1706 Tenable has extracted the preceding description...

MiracleLinux 8 : container-tools:2.0 (AXSA:2021-1557:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1557:01 advisory. podman: container users permissions are not respected in privileged containers CVE-2021-20188 Tenable has extracted the preceding description block directly...

CVE-2026-23846

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...