Azure Linux 3.0 Security Update: kernel (CVE-2025-37883)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37883 advisory. - In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for getzeroedpage A...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21790)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21790 advisory. - In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlanvnigroupinit return...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26988)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26988 advisory. - In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38265)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38265 advisory. - In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38153)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38153 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of...

Azure Linux 3.0 Security Update: kernel (CVE-2023-52696)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52696 advisory. - In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer chec...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38227)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38227 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21966)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21966 advisory. - In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37772)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37772 advisory. - In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix workqueue crash in...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38262)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38262 advisory. - In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart...

GHSA-R92C-9C7F-3PJ8 OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may cause high CPU usage when encountering maliciously-crafted .zip archives for either provider or module distribution packages. Those who depend on modules or providers...

OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may cause high CPU usage when encountering maliciously-crafted .zip archives for either provider or module distribution packages. Those who depend on modules or providers...

CLSA-2026-1768911013 libpng: Fix of CVE-2025-64720

CVE-2025-64720: fix buffer overflow in pnginitreadtransformations function during palette compositing with optimized alpha...

CVE-2026-1218

CVE-2026-1218 affects Bjskzy Zhiyou ERP up to version 11.0. The vulnerability targets the function initRCForm in the file RichClientService.class of the component com.artery.richclient.RichClientService , where manipulation can trigger an XML External Entity (XXE) reference. It is exploitable rem...

MiracleLinux 8 : opensc-0.20.0-7.el8_9 (AXSA:2024-7353:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7353:02 advisory. OpenSC: Potential PIN bypass when card tracks its own login state CVE-2023-40660 OpenSC: multiple memory issues with pkcs15-init enrollment tool...

MiracleLinux 8 : cloud-init-19.4-11.el8 (AXSA:2021-1222:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1222:01 advisory. cloud-init: Use of random.choice when generating random password CVE-2020-8631 cloud-init: Too short random password length in ccsetpassword in...

MiracleLinux 8 : cloud-init-19.4-1.el8.7 (AXSA:2020-635:05)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-635:05 advisory. cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 The default cloud-init configuration, in cloud-init 0.6.2 and newer,...

MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.3.el7.AXS7 (AXSA:2024-8831:30)

"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8831:30 advisory. xen/blkfront: force data bouncing when backend is untrusted CVE-2022-33742 ALSA: Fix deadlocks with kctl removals at disconnection CVE-2024-38600...

MiracleLinux 8 : cloud-init-20.3-10.el8.5 (AXSA:2021-2312:08)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2312:08 advisory. cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Tenable has extracted the preceding description block...

MiracleLinux 9 : cloud-init-23.1.1-11.el9.ML.1 (AXSA:2023-7004:08)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-7004:08 advisory. cloud-init: sensitive data could be exposed in logs CVE-2023-1786 Tenable has extracted the preceding description block directly from the MiracleLinux securi...