MiracleLinux 9 : git-lfs-3.4.1-4.el9_4 (AXSA:2024-8856:07)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8856:07 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

MiracleLinux 8 : poppler-20.11.0-6.el8 (AXSA:2023-5901:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5901:03 advisory. poppler: integer overflow in JBIG2 decoder using malformed files CVE-2022-38784 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : golang-1.17.12-1.el9, go-toolset-1.17.12-1.el9 (AXSA:2022-4035:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4035:01 advisory. golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header...

MiracleLinux 8 : git-lfs-3.4.1-3.el8_10 (AXSA:2024-8855:06)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8855:06 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

MiracleLinux 9 : buildah-1.33.9-1.el9_4 (AXSA:2024-8904:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8904:08 advisory. go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion CVE-2024-34155...

MiracleLinux 7 : poppler-0.26.5-43.1.0.1.el7.AXS7 (AXSA:2024-8643:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8643:05 advisory. CVE-2022-38784: fix integer overflow in JBIG2 decoder CVEs: CVE-2022-38784 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2...

MiracleLinux 9 : grafana-9.2.10-17.el9_4 (AXSA:2024-8844:13)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8844:13 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

Libheif uncompressed codec lacks bounds check leading to application crash

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory...

MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2023-5973:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5973:01 advisory. python: int type in PyLongFromString does not limit amount of digits converting text to int leading to DoS CVE-2020-10735 python: open redirection...

MiracleLinux 7 : tigervnc-1.8.0-21.el7 (AXSA:2020-559:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-559:04 advisory. tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder CVE-2019-15691 tigervnc: Heap buffer overflow triggered from...

MiracleLinux 9 : skopeo-1.16.1-2.el9_5 (AXSA:2024-9497:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9497:07 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

CVE-2026-23833

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

CVE-2026-23833

ESPHome CVE-2026-23833: An integer overflow in the API component protobuf decoder (bounds check ptr + field_length in components/api/proto.cpp) allows denial-of-service by sending a large field_length. Affects ESPHome versions 2025.9.0–2025.12.6 across all supported devices (ESP32/ESP8266/RP2040/...

CVE-2026-23833 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

PT-2026-3475

Name of the Vulnerable Software and Affected Versions ESPHome versions 2025.9.0 through 2025.12.6 Description ESPHome is a system for remote microcontroller control via Home Automation systems. An integer overflow in the API component’s protobuf decoder can lead to denial-of-service attacks when...

ESPHome Input Validation Vulnerability

ESPHome is an open-source system for configuring and managing smart hardware. It is used to control Esp8266/Esp32 hardware, enabling home automation control. The version 2025.9.0 to 2025.12.6 of ESPHome contains a vulnerability related to input validation errors. This vulnerability stems from...

PT-2026-3528

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-13 and 6.9.13-38 Description ImageMagick is a free and open-source software used for editing and manipulating digital images. A heap buffer overflow vulnerability exists in the XBM image decoder ReadXBMImage...

Debian dla-4440 : ffmpeg - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4440 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4440-1 [email protected]...

[SECURITY] [DLA 4440-1] ffmpeg security update

Debian LTS Advisory DLA-4440-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara January 16, 2026 https://wiki.debian.org/LTS Package : ffmpeg Version : 7:4.3.9-0+deb11u2 CVE ID : CVE-2023-6603 CVE-2024-36615 CVE-2025-1594 CVE-2025-7700 CVE-2025-9951...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the valueDecoder function in decoder.py. An attacker can cause memory exhaustion by submitting a malformed RELATIVE-OID containing excessive continuation octets. PoC python import...