522 matches found
openSUSE 16 Security Update : go1.24 (openSUSE-SU-2026:20077-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20077-1 advisory. Update to go1.24.12 released 2026-01-15 bsc1236217 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the...
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:0221-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0221-1 advisory. - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105. Tenable has extracted the preceding descripti...
Oracle Primavera Gateway (January 2026 CPU)
The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Apache Log4j. Supported versions that ar...
SUSE-SU-2026:20132-1 Security update for go1.25
This update for go1.25 fixes the following issues: Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. - CVE-2025-68119: cmd/go: unexpected code execution when invoking...
OPENSUSE-SU-2026:20085-1 Security update for go1.25
This update for go1.25 fixes the following issues: Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. - CVE-2025-68119: cmd/go: unexpected code execution when invoking...
UBUNTU-CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
MiracleLinux 9 : kernel-5.14.0-427.31.1.el9_4 (AXSA:2024-8705:26)
"The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8705:26 advisory. kernel: phy: CVE-2024-26600 kernel: netfilter: multiple flaws CVE-2024-26808, CVE-2024-27065, CVE-2024-35899, CVE-2024-36005 kernel: cifs:...
MiracleLinux 7 : rh-nodejs10-nodejs-10.23.1-2.el7 (AXSA:2021-1479:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1479:01 advisory. libuv: buffer overflow in realpath CVE-2020-8252 nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS...
MiracleLinux 9 : java-11-openjdk-11.0.22.0.7-2.el9.ML.1 (AXSA:2024-7450:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7450:05 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...
MiracleLinux 8 : bogofilter-1.2.5-2.el8, evolution-data-server-3.28.5-14.el8, evolution-mapi-3.28.3-3.el8, evolution-3.28.5-14.el8, openchange-2.3-26.el8 (AXSA:2021-1388:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1388:01 advisory. evolution-data-server: Response injection via STARTTLS in SMTP and POP3 CVE-2020-14928 Tenable has extracted the preceding description block directly from th...
Astra Linux – Vulnerability in mbedtls
In Mbed TLS versions prior to 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uninitialized stack memory was used to construct the TLS Finished message. This could potentially lead to authentication bypasses, such as replay attacks...
kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails
A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...
CVE-2016-10790
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net SEC-192...
CVE-2025-40801
A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, JT Bi-Directional Translator for STEP All versions, NX V2412 All versions V2412.8900 with Cloud Entitlement bundled as NX X, NX V2506 All versions V2506.6000 with Cloud Entitlement bundled a...
SUSE SLES15 Security Update : kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2025:4311-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:4311-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.16 fixes one security issue The following security issue was fixed: - CVE-2025-38616:...
Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6)
This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.70 fixes one security issue The following security issue was fixed: CVE-2025-38616: tls: handle data disappearing from under the TLS ULP bsc1249537. Patch Instructions: To install this SUSE update use the SUSE recommended installati...
UBUNTU-CVE-2025-40149
In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...
Linux Distros Unpatched Vulnerability : CVE-2025-40149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let...
Advisory ROSA-SA-2025-3042
Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 unaffected versions = gnutls-3.6.16-8.0.0.1.rv30.4 affected versions gnutls-3.6.16-8.0.1.1.rv30.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...
Mbed TLS 安全漏洞
Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 3.6.5 that stems from a local timing attack and a direct call to mbedtlsmpimodinv or mbedtlsmpigcd, which could lead to...