Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sqlite: lemon-3.52.0-1.1.hum1 aarch64, x8664 sqlite-3.52.0-1.1.hum1 aarch64, x8664 sqlite-analyzer-3.52.0-1.1.hum1 aarch64, x8664 sqlite-debug-3.52.0-1.1.hum1 aarch64, x8664...

CVE-2026-27806

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...

CVE-2026-27806

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...

Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit

Summary The Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the password is inserted into Tcl brace-quoted send %s, a...

GHSA-RPHV-H674-5HP2 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit

Summary The Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the password is inserted into Tcl brace-quoted send %s, a...

CVE-2026-27806

Fleet Orbit is affected prior to version 4.81.1 where the Orbit agent’s FileVault rotation flow collects a local user’s password through a GUI dialog and interpolates it into a Tcl/expect script executed via exec.Command("expect", "-c", script). The password is inserted into a Tcl brace-quoted se...

CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...

Fleet 操作系统命令注入漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.1 contained a...

PT-2026-31406

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...

NewStart CGSL MAIN 6.06 (SP) : tcl Vulnerability (NS-SA-2026-0011)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has tcl packages installed that are affected by a vulnerability: - The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows...

AZL-79452 CVE-2026-3381 affecting package tcl 8.6.13-3

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

AZL-79484 CVE-2026-3381 affecting package tcl 8.6.13-3

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...

CVE-2025-64691

CVE-2025-64691 affects AVEVA Process Optimization (Code Injection) where an authenticated OS-standard user can tamper TCL Macro scripts to escalate privileges to OS system, potentially fully compromising the Model Application Server. Public summaries describe local, authenticated, user-level acce...

MiracleLinux 3 : tcl-8.4.13-6.AXS3 (AXSA:2013-11:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-11:01 advisory. The Tcl Tool Command Language provides a powerful platform for creating integration applications that tie together diverse applications, protocols,...

MiracleLinux 3 : postgresql-8.1.22-1.1.0.1.AXS3 (AXSA:2010-459:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-459:02 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and...

CVE-1999-0711

The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root...

CVE-2019-16242

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI...

CVE-2019-16241

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. Thi...