446642 matches found
SUSE SLED15 / SLES15 Security Update : ffmpeg-4 (SUSE-SU-2026:2445-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2445-1 advisory. This update for ffmpeg-4 fixes the following issues Update to version 4.4.7: - CVE-2023-6601: HLS Unsafe File...
SUSE SLES15 Security Update : wireshark (SUSE-SU-2026:2437-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2437-1 advisory. This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile impo...
RockyLinux 8 : dracut (RLSA-2026:26534)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26534 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...
SUSE SLES15 Security Update : kubevirt (SUSE-SU-2026:2400-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2400-1 advisory. Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms wit...
SUSE SLES15 Security Update : kubevirt-1.6 (SUSE-SU-2026:2401-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2401-1 advisory. This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: -...
SUSE SLED15 / SLES15 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2442-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2442-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description...
SUSE SLES12 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2408-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2408-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description block directly from the SUSE...
Debian dla-4635 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4635 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4635-1 [email protected]...
Linux Distros Unpatched Vulnerability : CVE-2026-52910
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF pr...
Fedora 43 : restic (2026-e6094447f0)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6094447f0 advisory. Update to 0.19.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
SUSE SLES16 Security Update : google-guest-agent (SUSE-SU-2026:22128-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22128-1 advisory. Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific...
SUSE SLES15 Security Update : openssl-3-livepatches (SUSE-SU-2026:2411-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2411-1 advisory. - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS12 MAC verification bsc1256878. - CVE-2025-15467: Stack buffer overflow in CM...
SUSE SLED15 / SLES15 Security Update : alloy (SUSE-SU-2026:2438-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2438-1 advisory. This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v...
python311-3.11.15-6.1 on GA media (moderate)
python311-3.11.15-6.1 on GA media Announcement ID: openSUSE-SU-2026:11068-1 Rating: moderate Cross-References: CVE-2026-1502 CVE-2026-3446 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 CVSS scores: CVE-2026-1502 SUSE : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2026-1502 SUSE : 5.7...
Fedora 45 : docker-buildkit (2026-c6481c190e)
The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c6481c190e advisory. Automatic update for docker-buildkit-0.31.0-1.fc45. Changelog Wed Jun 17 2026 Bradley G Smith - 0.31.0-1 - Update to release v0.31.0 - Resolve...
CVE-2026-56082 Supabase - Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC
Capgo Cap-go/capgo before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.recordbuildtime, which is granted to the anon role and callable with only the public Supabase publishable sbpublishable anon key. An unauthenticated attacker...
Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`
Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...
GHSA-H8W8-99G7-QMVJ Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`
Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the AtomicReferenceupdate function when the current value is Float::NAN. An attacker can cause indefinite busy retry loops and CPU exhaustion by supplying malicious numeric data. Remediation Upgrade concurrent-ruby to...
GHSA-9GGV-8W38-R7PM TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)
Impact Blind SQL injection vulnerability in UpdateQueryBuilder and SoftDeleteQueryBuilder affecting MySQL and MariaDB users. UpdateQueryBuilder and SoftDeleteQueryBuilder including their addOrderBy variants do not validate the order parameter against an allowlist of permitted values ASC/DESC. The...