RLSA-2026:19061 Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

CVE-2026-42000

Insufficient Validation of Names During AXFR...

Security Bulletin: Security vulnerability in Golang affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Golang affects IBM Robotic Process Automation. Golang is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2026-25518 DESCRIPTION:...

CVE-2026-33190

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports DoT, DoH, DoH3, DoQ, and gRPC because it trusts the transport writer's TsigStatus instead of performing verification itself. The DoH and DoH3 writer's TsigStatus...

Wireshark 2.0.x < 2.0.13 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.0.13. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.13 advisory. - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed i...

Linux Distros Unpatched Vulnerability : CVE-2026-6238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA leng...

CVE-2026-6777

Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

PT-2026-33963

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Thunderbird versions prior to 150 Description An issue exists in the Networking: DNS component. Recommendations Update to version 150 for Firefox. Update to version 150 for Thunderbird...

Linux Distros Unpatched Vulnerability : CVE-2026-35406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes...

Linux Distros Unpatched Vulnerability : CVE-2026-24028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS...

Authenticated query containing a TKEY record may cause named to terminate unexpectedly

...

CVE-2021-27393

A vulnerability has been identified in Nucleus NET All versions, Nucleus ReadyStart V3 All versions V2013.08, Nucleus Source Code Versions including affected DNS modules. The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS...

CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2026-1417)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

MiracleLinux 8 : bind-9.11.36-11.el8_9.1, dhcp-4.3.6-49.el8_9.1.ML.1 (AXSA:2024-7687:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7687:01 advisory. bind9: Parsing large DNS messages may cause excessive CPU load CVE-2023-4408 bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator...

MiracleLinux 9 : oci-seccomp-bpf-hook-1.2.10-2.el9 (AXSA:2024-9099:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9099:02 advisory. golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 Tenable has extracted the preceding description block directly from the MiracleLinu...

CVE-2020-7308

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining...

K000157948: BIND vulnerability CVE-2025-40780

Security Advisory Description In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through...

TencentOS Server 4: bind (TSSA-2025:0854)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0854 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...