Linux Distros Unpatched Vulnerability : CVE-2024-51744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are...

Fedora 41 : mingw-opencv (2025-d308a84c10)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d308a84c10 advisory. Backport fix for CVE-2025-53644. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Important: Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images

Updated RHEL-8 based Middleware Containers container images are now available The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2025:10698 see References Users of RHEL-8 based Middleware Containers container images are advis...

Fedora: Security Advisory (FEDORA-2025-5320059879)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-46651

Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...

CVE-2022-41886

TensorFlow is an open source platform for machine learning. When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also...

Debian dla-4129 : libapache2-mod-auth-openidc - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4129 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4129-1 [email protected] https://www.debian.org/lts/security/...

CLSA-2025-1743193221 Update of kernel

Backported els3..els12 patches and changelog...

CLSA-2025-1744372501 kernel: Fix of CVE-2024-1086

Backported els0..els3 patches and changelog including CVE-2024-1086...

electron33 -- multiple vulnerabilities

Electron develpers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2025-0445. Security: backported fix for CVE-2025-0995. Security: backported fix for CVE-2025-0998...

A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.

...

electron32 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-12693. Security: backported fix for CVE-2024-12694. Security: backported fix for CVE-2024-12695. Security: backported fix for CVE-2025-0434. Security: backported fix for CVE-2025-043...

CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

openSUSE Security Advisory (openSUSE-SU-2024:0381-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: Updated service-interconnect rhel9 container images for 1.4 LTS

Updated service-interconnect container images are now available for Service Interconnect 1.4 LTS for RHEL 9. Users of service-interconnect 1.4 LTS rhel9 container images are advised to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. Users...

AZL-52219 CVE-2024-51744 affecting package moby-engine for versions less than 25.0.3-13

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52183 CVE-2024-51744 affecting package cert-manager for versions less than 1.12.15-1

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52195 CVE-2024-51744 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52266 CVE-2024-51744 affecting package prometheus for versions less than 2.37.9-4

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

UBUNTU-CVE-2024-51744

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...