SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python311 (SUSE-SU-2026:1349-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1349-1 advisory. - Updated to Python 3.11.15 - CVE-2025-6075: If the value passed to os.path.expandvars is...

AlmaLinux 8 : perl:5.32 (ALSA-2026:8096)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:8096 advisory. perl: Perl threads have a working directory race condition where file operations may target unintended paths CVE-2025-40909 Tenable has extracted the preceding...

perl:5.32 security update

perl 4:5.32.1-474 - Resolves: RHEL-153834 - Fix CVE-2025-40909 - Clone dirhandles without fchdir 4:5.32.1-473 - Fix CVE-2023-47038 - Added perl-autouse and perl-ExtUtils-MM-Utils to perl run-requires 4:5.32.1-472 - Add definition of OPTIMIZE to .ph files, if optimizing is used bug2159760...

Security Bulletin: Multiple vulnerabilities in Python affect AIX

Summary Vulnerabilities in Python could allow a null pointer dereference CVE-2026-32776, CVE-2026-32778, an infinite loop CVE-2026-32777, or impact availability CVE-2025-12084. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-32776...

Security Bulletin: Vulnerability impacts AIX due to cURL libcurl (CVE-2025-14524)

Summary Vulnerability in cURL libcurl might wrongly pass on an OAuth2 bearer token CVE-2025-14524. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details CVEID:CVE-2025-14524 DESCRIPTION: When an OAuth2...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries (CVE-2026-1577)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries. Vulnerability Details CVEID:CVE-2026-1577 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of servic...

Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.127 (CVE-2025-67735)

Summary IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.127 CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...

Windows Persistence Bits Job

This module establishes persistence through a BITS job that downloads and executes a payload. Background Intelligent Transfer Service BITS is a Windows service for transferring files in the background using idle network bandwidth. BITS jobs are persistent and will resume across reboots until...

Security Bulletin: due to the use of Apache Log4j, IBM Transformation Extender Advanced is vulnerable to Host Mismatch

Summary Apache Log4j is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. Apache Log4j has been updated to address CVE-2025-68161 which causes hostname mismatch. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The...

Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules. PKIX draft CompositeVerifier accepts empty signature sequence as valid. This issue affects BC-JAVA: from 1.49 before 1.84...

EUVD-2026-22871

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules. PKIX draft CompositeVerifier accepts empty signature sequence as valid. This issue affects BC-JAVA: from 1.49 before 1.84...

GHSA-WG6Q-6289-32HP Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules. PKIX draft CompositeVerifier accepts empty signature sequence as valid. This issue affects BC-JAVA: from 1.49 before 1.84...

Security Bulletin: A vulnerability in Apache Commons Lang may affect IBM Jazz Reporting Service (CVE-2025-48924)

Summary Apache Commons Lang is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lan...

Security Bulletin: A vulnerability in Apache Commons FileUpload may affect IBM Jazz Reporting Service (CVE-2025-48976)

Summary Apache Commons FileUpload is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVECVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...

Vulnerability impacts AIX due to cURL libcurl (CVE-2025-14524)

IBM SECURITY ADVISORY First Issued: Wed Apr 15 15:24:39 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory9.asc Security Bulletin: Vulnerability impacts AIX due to cURL libcurl CVE-2025-14524...

Multiple vulnerabilities in Python affect AIX

IBM SECURITY ADVISORY First Issued: Wed Apr 15 15:19:52 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory19.asc Security Bulletin: Multiple vulnerabilities in Python affect AIX...

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Apache Avro, Jackson, Vert.x, plexus-utils and Netty Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils...

Security Bulletin: IBM i is affected by a privilege escalation vulnerability in Web Administration GUI [CVE-2026-2311]

Summary Web Administration GUI for IBM i is vulnerable to privilege escalation caused by an invalid authorization check as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-2311 DESCRIPTION: IBM i is vulnerable to privilege escalation caused by an invalid IBM i...

Security update for python311

This update for python311 fixes the following issues: Updated to Python 3.11.15 CVE-2025-6075: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables bsc1252974. CVE-2025-11468: header injection when folding a long...

SUSE-SU-2026:1349-1 Security update for python311

This update for python311 fixes the following issues: - Updated to Python 3.11.15 - CVE-2025-6075: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables bsc1252974. - CVE-2025-11468: header injection when folding a...