PT-2026-4822

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.1 Description pnpm, a package manager, contains a flaw in its binary fetcher that permits malicious packages to write files outside the designated extraction directory. This issue arises from two attack vectors:...

FreeBSD : Mozilla -- multiple vulnerabilities (06061c59-f212-11f0-9ca3-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 06061c59-f212-11f0-9ca3-b42e991fc52e advisory. Incorrect boundary conditions in the Graphics component. Use-after-free in the IPC component...

K000159600: Rack vulnerability CVE-2022-30123

Security Advisory Description A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. CVE-2022-30123 Impact There is no impact; F5 products are not affected by this vulnerability...

OPENSUSE-SU-2026:20046-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: - Mozilla Thunderbird 140.6.0 ESR MFSA 2025-96 bsc1254551 CVE-2025-14321 bmo1992760 Use-after-free in the WebRTC: Signaling component CVE-2025-14322 bmo1996473 Sandbox escape due to incorrect boundary...

OESA-2026-1087 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

RLSA-2026:0694 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memor...

firefox security update

An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

RLSA-2026:0667 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memor...

SUSE SLES16 Security Update : MozillaFirefox (SUSE-SU-2026:20031-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20031-1 advisory. Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: Fixed: Various security fixes. MFSA 2025-94...

MiracleLinux 7 : ghostscript-9.25-2.el7.3 (AXSA:2019-4385:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4385:04 advisory. ghostscript: -dSAFER escape in .charkeys 701841 CVE-2019-14869 Tenable has extracted the preceding description block directly from the MiracleLinux security...

RockyLinux 8 : firefox (RLSA-2026:0667)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0667 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...

MiracleLinux 4 : firefox-60.8.0-1.0.1.AXS4 (AXSA:2019-3929:04)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3929:04 advisory. Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 CVE-2019-11709 Mozilla: Sandbox escape via installation of malicious language...

MiracleLinux 7 : ruby-2.0.0.648-35.0.1.el7.AXS7 (AXSA:2019-3890:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3890:02 advisory. rubygems: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8324 rubygems: Escape sequence injection vulnerability in gem own...

MiracleLinux 7 : firefox-60.9.0-1.0.1.el7.AXS7 (AXSA:2019-4298:05)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4298:05 advisory. Mozilla: Sandbox escape through Firefox Sync CVE-2019-9812 Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9...

MiracleLinux 7 : flatpak-0.8.8-4.el7 (AXSA:2018-3332:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3332:02 advisory. flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake CVE-2018-6560 Tenable has extracted the preceding description block directly...

MiracleLinux 4 : thunderbird-60.7.2-2.AXS4 (AXSA:2019-3916:03)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3916:03 advisory. Mozilla: Type confusion in Array.pop CVE-2019-11707 thunderbird: Stack buffer overflow in icalrecuraddbydayrules in icalrecur.c CVE-2019-11705...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004447)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004447 advisory. An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001133)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001133 advisory. Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Tenable has extracted the preceding description block directly from the Unity...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001402)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001402 advisory. An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount...