Oracle Linux 10 : kernel (ELSA-2025-21931)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21931 advisory. - fs/smb: Fix inconsistent refcnt update Paulo Alcantara RHEL-124955 CVE-2025-39819 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. Antoine Tenart...

RHEL 9 : libxml2 (RHSA-2025:22162)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22162 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

AlmaLinux 9 : libxml2 (ALSA-2025:22376)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:22376 advisory. libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 Tenable has extracted the preceding description block...

RHEL 9 : libxml2 (RHSA-2025:22163)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22163 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

RHEL 9 : libxml2 (RHSA-2025:22377)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22377 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : MuPDF vulnerabilities (USN-7888-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7888-1 advisory. It was discovered that MuPDF could be made to divide by zero. An attacker could possibly use this issue to...

Apache bRPC Denial of Service Vulnerability (CNVD-2026-00022)

Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. Apache bRPC suffers from a denial of service vulnerability due to an uncontrolled recursion flaw in the json2pb component. An attacker could exploit the...

RHEL 9 : libxml2 (RHSA-2025:22376)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22376 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

RHEL 9 : libxml2 (RHSA-2025:22177)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22177 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

CVE-2025-59789

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...

Security Bulletin: Elasticsearch node crash triggered by crafted pipeline using PatternBank recursion, affects watsonx.data

Summary A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigne...

Security Bulletin:Multiple Vulnerabilities in IBM Event Endpoint Management

Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.7.0 Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

RLSA-2025:22394 Moderate: qt6-qtsvg security update

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qtsvg: Uncontrolled recursion in Qt SVG module CVE-2025-10728 For more details...

qt6-qtsvg security update

An update is available for qt6-qtsvg. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Scalable Vector Graphics SVG is an XML-based language for describing...

RLSA-2025:22376 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 For more details about the security issues, including the impact, a CVSS...

libxml2 security update

An update is available for libxml2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of...

RockyLinux 9 : libxml2 (RLSA-2025:22376)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:22376 advisory. libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 Tenable has extracted the preceding description block...

RHEL 10 : qt6-qtsvg (RHSA-2025:22393)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22393 advisory. Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and...

RHEL 10 : qt6-qtsvg (RHSA-2025:22394)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22394 advisory. Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and...

Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls

Summary A DoS can occur that immediately halts the system due to the use of an unsafe function. Details According to RFC 5322, nested group structures a group inside another group are not allowed. Therefore, in lib/addressparser/index.js, the email address parser performs flattening when nested...