MiracleLinux 8 : python-pillow-5.1.1-12.el8 (AXSA:2020-528:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-528:03 advisory. python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 CVE-2020-11538 python-pillow: out-of-bounds read ...

PT-2026-3657

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system offers functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from...

MiracleLinux 7 : rh-mariadb105-galera-26.4.11-1.el7, rh-mariadb105-mariadb-10.5.16-2.el7 (AXSA:2022-3624:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3624:01 advisory. mariadb: convertconsttoint use-after-free when the BIGINT data type is used CVE-2021-46669 mariadb: lack of proper validation of the length of...

MiracleLinux 9 : ghostscript-9.54.0-17.el9_4 (AXSA:2024-8750:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8750:04 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-53591)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

MiracleLinux 9 : libinput-1.19.3-2.el9 (AXSA:2022-3984:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3984:02 advisory. libinput: format string vulnerability may lead to privilege escalation CVE-2022-1215 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : python-pillow-5.1.1-16.el8 (AXSA:2021-2760:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2760:01 advisory. python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25287 python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25288...

MiracleLinux 9 : systemd-250-12.el9.1 (AXSA:2023-4873:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4873:04 advisory. systemd: buffer overrun in formattimespan function CVE-2022-3821 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-400:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-400:02 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...

MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-211:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-211:01 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...

MiracleLinux 7 : libtiff-4.0.3-27.el7 (AXSA:2017-1282:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1282:01 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file...

DEBIAN-CVE-2025-15537

A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbffile::stringvalue of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

Updated gimp packages fix security vulnerabilities

XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. CVE-2025-2760 FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. CVE-2025-2761 Multiple heap buffer overflows in tga parser. CVE-2025-48797 Multiple use after free in xcf parser. CVE-2025-48798 XWD File...

Linux Distros Unpatched Vulnerability : CVE-2026-0897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote...

CVE-2026-22803

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...

OESA-2026-1135 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

OESA-2026-1133 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

OESA-2026-1131 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

OESA-2026-1110 libpcap security update

This is the official web site of tcpdump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture. Security Fixes: pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string...