MiracleLinux 7 : firefox-91.7.0-3.0.1.el7.AXS7 (AXSA:2022-3096:07)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3096:07 advisory. Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 expat: Malformed ...

MiracleLinux 7 : pam-1.1.8-23.0.1.0.2.el7.AXS7 (AXSA:2025-10893:07)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10893:07 advisory. CVE-2025-6020: fix potential privilege escalation in pamnamspace CVEs: CVE-2025-6020 A flaw was found in linux-pam. The module pamnamespace may use access...

PT-2026-3742

Summary The getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, ...

MiracleLinux 8 : expat-2.2.5-4.el8.3 (AXSA:2022-3114:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3114:01 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

MiracleLinux 8 : mingw-expat-2.4.8-1.el8 (AXSA:2022-4252:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4252:02 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

MiracleLinux 9 : pam-1.5.1-19.el9 (AXSA:2024-7776:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7776:01 advisory. pam: allowing unprivileged user to block another user namespace CVE-2024-22365 Tenable has extracted the preceding description block directly from the...

Exploit for OS Command Injection in Docker

!DOIhttps://img.shields.io/badge/DOI-10.5281%2Fzenodo.183047...

SUSE CVE-2025-14986

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

SUSE CVE-2025-14987

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

SUSE CVE-2025-71118

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Namespace if startnode is NULL Although commit 0c9992315e73 "ACPICA: Avoid walking the ACPI Namespace if it is not there" fixed the situation when both startnode and acpigblrootnode are NULL, the Linux...

ACPICA: Avoid walking the Namespace if start_node is NULL

...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001063)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001063 advisory. The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000806)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000806 advisory. The doremount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNTLOCKREADONLY bit across a remount of a bind mount, which allows...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001402)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001402 advisory. An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001547)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001547 advisory. A vulnerability was found in the Linux kernels cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001499)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001499 advisory. A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000878)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000878 advisory. The sctpdopeeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003601)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003601 advisory. An issue was discovered in rdstcpkillsock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000570 advisory. The clonemnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNTREADONLY flag, which allows local users to bypa...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000768)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000768 advisory. Use-after-free vulnerability in drivers/net/ppp/pppgeneric.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service memory corruption and...