PT-2026-39599

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

RHEL 8 : nginx:1.24 (RHSA-2026:6907)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6907 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

Fedora: Security Advisory (FEDORA-2026-c2049f7220)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2026-1459)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2026:0690-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 9 : bind-9.16.23-11.el9 (AXSA:2023-5457:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5457:04 advisory. bind: processing large delegations may severely degrade resolver performance CVE-2022-2795 bind: flooding with UPDATE requests may lead to DoS...

MiracleLinux 8 : ruby:3.3 (AXSA:2024-8830:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8830:01 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2025-2549)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:4171-1 Security update for the Linux Kernel (Live Patch 51 for SUSE Linux Enterprise 15 SP3)

This update for the SUSE Linux Enterprise kernel 5.3.18-150300.59.185 fixes various security issues The following security issues were fixed: - CVE-2022-50388: nvme: fix multipath crash caused by flush request when blktrace is enabled bsc1250295. - CVE-2022-50432: kernfs: fix use-after-free in...

Fedora 41 : git-lfs (2025-5872b9ec46)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5872b9ec46 advisory. Update to latest version 2404637 Fix CVE-2025-22870, CVE-2025-47910, CVE-2025-47906, CVE-2025-26625 Tenable has extracted the preceding description...

openSUSE Security Advisory (SUSE-SU-2025:03300-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, assign themselves elevated privileges and gain access to sensitive data. Microsoft has since released updates to fix the vulnerabilities marked...

CLSA-2024-1718796396 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u412-b08. That fixes following CVEs: - CVE-2024-21011: Long Exception message leading to crash - CVE-2024-21085: Pack200 excessive memory allocation - CVE-2024-21068: Integer overflow in C1 compiler address generation - CVE-2024-21094: C2...