Advisory ROSA-SA-2026-3121

software: binutils 2.38 WASP: ROSA-CHROME unaffected versions = binutils-2.38-7 affected versions binutils-2.38-7 CVE-ID: CVE-2025-5244 BDU-ID: 2025-10924 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the elfgcsweep function of the ld component of the GNU Binutils software development tool is...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.372.b07-1.el8 (AXSA:2023-5313:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5313:07 advisory. OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

MiracleLinux 9 : thunderbird-102.5.0-2.el9.ML.1 (AXSA:2023-5045:06)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5045:06 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

MiracleLinux 9 : firefox-115.4.0-1.el9.ML.1 (AXSA:2023-6565:41)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6565:41 advisory. Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR...

MiracleLinux 8 : thunderbird-115.14.0-1.el8_10.ML.1 (AXSA:2024-8693:19)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8693:19 advisory. Thunderbird: 115.14/128.1 mozilla: Fullscreen notification dialog can be obscured by document content CVE-2024-7518 mozilla: Out of bounds memory...

MiracleLinux 8 : java-17-openjdk-17.0.7.0.7-1.el8 (AXSA:2023-5307:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5307:05 advisory. OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

MiracleLinux 7 : kernel-3.10.0-229.7.2.el7 (AXSA:2015-216:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-216:01 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000859)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000859 advisory. The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collectio...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001902)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001902 advisory. Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002505)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002505 advisory. Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002061)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002061 advisory. The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collectio...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001823)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001823 advisory. The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collectio...

SUSE CVE-2026-0885

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000759 advisory. Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001771)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001771 advisory. iouring UAF, Unix SCM garbage collection Tenable has extracted the preceding description block directly from the Unity Linux security advisory. Note that Nessus has...

CVE-2026-0885

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic once fallocation fails for pinfile syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2746! CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted...

CVE-2026-0885 Use-after-free in the JavaScript: GC component

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

MiracleLinux 8 : firefox-140.3.0-1.el8_10.ML.1 (AXSA:2025-10906:31)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10906:31 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect...

CVE-2022-31146

Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC pass will...