Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.13 / 11.0.x < 11.2.0 (JSDSERVER-16478)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16478 advisory. - Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 o...

MiracleLinux 7 : nss-softokn-3.90.0-6.0.1.el7.AXS7 (AXSA:2025-9721:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9721:01 advisory. Network Security Services Softoken Cryptographic Module Security fixes: - CVE-2023-5388: fix timing attack against RSA decryption - Bug 1784253: avoid...

MiracleLinux 8 : httpd:2.4 (AXSA:2025-10834:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10834:01 advisory. httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible usi...

MiracleLinux 9 : nginx-1.20.1-22.el9_6.2.ML.1 (AXSA:2025-10488:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10488:02 advisory. nginx: Memory corruption in the ngxhttpmp4module CVE-2022-41741 nginx: Memory disclosure in the ngxhttpmp4module CVE-2022-41742 nginx: specially...

ROS-20260113-7312

A vulnerability in the navi10issupportfinegraineddpm function in the drivers/gpu/drm/amd/pm/swsmu/smu11/navi10ppt.c module of the amdpgu driver of the Linux kernel is related to incorrect index calculation. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integri...

NSecsoft NSecKrnl 安全漏洞

NSecsoft NSecKrnl is the underlying core module of a terminal protection software from China Anzai NSecsoft. A security vulnerability exists in NSecsoft NSecKrnl, which originates from a local attacker being able to terminate another user's process via a specially crafted IOCTL request...

PT-2026-2625

CVE-2025-9435 Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module https://t.co/X5Q8U1d7zf...

MiracleLinux 9 : firefox-128.6.0-1.el9_5.ML.1 (AXSA:2025-9549:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9549:02 advisory. firefox: Use-after-free when breaking lines in text CVE-2025-0238 firefox: Memory corruption when using JavaScript Text Segmentation CVE-2025-0241...

MiracleLinux 9 : python3.12-3.12.5-2.el9_5.3 (AXSA:2025-9842:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9842:01 advisory. cpython: python: Uncontrolled CPU resource consumption when in http.cookies module CVE-2024-7592 Tenable has extracted the preceding description block direct...

MiracleLinux 7 : python3-setuptools-39.2.0-10.0.5.0.1.el7.AXS7 (AXSA:2025-11012:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11012:02 advisory. CVE-2022-40897: fix Regular Expression Denial of Service ReDoS in packageindex.py CVE-2024-6345: fix remote code execution in packageindex module...

MiracleLinux 8 : perl-CPAN-2.18-402.el8_10 (AXSA:2025-9982:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9982:02 advisory. perl-CPAN: Bypass of verification of signatures in CHECKSUMS files CVE-2020-16156 Tenable has extracted the preceding description block directly from the...

PT-2026-2598

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The tpms2 get pcr allocation function does not limit the number of PCR banks, potentially leading to harm from external I/O. The issue is addressed by capping the limit to eight banks...

MiracleLinux 9 : perl-Module-ScanDeps-1.30-6.el9 (AXSA:2025-10130:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10130:01 advisory. module-scandeps: local privilege escalation via unsanitized input CVE-2024-10224 Tenable has extracted the preceding description block directly from the...

keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

(0Day) npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The...

ROS-20260112-7365

A vulnerability in the pca953xirqbussyncunlock function in the drivers/gpio/gpio-pca953x.c module of the Linux operating system kernel GPIO driver is related to jib,rfvb. Exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity and availability of protect...

ROS-20260112-7378

A vulnerability in the nl80211setchannel function of the net/wireless/nl80211.c module of the Linux operating system kernel is related to incorrect input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260112-7345

A vulnerability in the l2capsockrecvcb function in the net/bluetooth/l2capsock.c module of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected information...

ROS-20260112-7336

A vulnerability in the svctcplistendataready function in the net/sunrpc/svcsock.c module of the Linux kernel's RPC Remote Procedure Call protocol implementation is related to the reuse of previously freed memory due to competitive access to a resource race condition. Exploitation of the...

ROS-20260112-7319

A vulnerability in the ax25addrax25dev function of module net/ax25/ax25dev.c of the Linux operating system kernel is related to resource leakage. Exploitation of the vulnerability could allow an attacker to cause a denial of service...