MiracleLinux 3 : glibc-2.5-58.2.0.1.AXS3 (AXSA:2011-151:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-151:01 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as t...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.12

Red Hat OpenShift Service Mesh 2.6.12 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

Astra Linux - уязвимость в inetutils

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

Astra Linux - уязвимость в binutils

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function linkorderscan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high...

Astra Linux - уязвимость в botan

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

MiracleLinux 8 : glibc-2.28-251.el8_10.16 (AXSA:2025-9854:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9854:05 advisory. glibc: buffer overflow in the GNU C Library's assert CVE-2025-0395 Tenable has extracted the preceding description block directly from the MiracleLinux...

RHEL 9 : gcc-toolset-14-binutils (RHSA-2026:0341)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0341 advisory. Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof...

RHEL 9 : gcc-toolset-13-binutils (RHSA-2026:0342)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0342 advisory. Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof...

RHEL 9 : tar (RHSA-2026:0434)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0434 advisory. The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: Tar path traversal CVE-2025-45582 F...

RHEL 9 : skopeo (RHSA-2026:0477)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0477 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...

MiracleLinux 8 : grafana-9.2.10-26.el8_10 (AXSA:2025-11628:15)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11628:15 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2025-11505:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11505:01 advisory. os/exec: Unexpected paths returned from LookPath in os/exec CVE-2025-47906 golang: archive/tar: Unbounded allocation when parsing GNU sparse map...

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

tar: Tar path traversal

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

TencentOS Server 4: gnupg2 (TSSA-2026:0002)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0002 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Wget2: arbitrary file write via metalink path traversal in gnu wget2

...