Azure Linux 3.0 Security Update: kernel (CVE-2024-49961)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49961 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: i2c: ar0521: Use cansleep version...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56663)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56663 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NL80211ATTRMLOLINKID...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49862)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49862 advisory. - In the Linux kernel, the following vulnerability has been resolved: powercap: intelrapl: Fix off by one in...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37893)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37893 advisory. - In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix off-by-one error in...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46852)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46852 advisory. - In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA he...

PT-2026-3887

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting ...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47682)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47682 advisory. - In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix off-by-one error in...

Azure Linux 3.0 Security Update: fltk / teckit (CVE-2015-2158)

The version of fltk / teckit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2015-2158 advisory. - Off-by-one error in the pngcrushmeasureidat function in pngcrush.c in pngcrush before 1.7.84 allows...

Can you use too many LOLBins to drop some RATs?

Recently, our team came across an infection attempt that stood out—not for its sophistication, but for how determined the attacker was to take a “living off the land” approach to the extreme. The end goal was to deploy Remcos , a Remote Access Trojan RAT, and NetSupport Manager , a legitimate...

MiracleLinux 8 : nginx:1.18 (AXSA:2021-2309:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2309:01 advisory. nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Tenable has extracted the preceding descripti...

MiracleLinux 8 : graphviz-2.40.1-43.el8 (AXSA:2021-2661:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2661:01 advisory. graphviz: off-by-one in parsereclbl in lib/common/shapes.c CVE-2020-18032 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 9 : libvirt-10.0.0-6.2.el9.ML.1 (AXSA:2024-8065:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8065:03 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In...

MiracleLinux 8 : gimp:2.8 (AXSA:2024-7549:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7549:01 advisory. gimp: PSD buffer overflow RCE CVE-2023-44442 gimp: psp off-by-one RCE CVE-2023-44444 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : nginx:1.20 (AXSA:2022-3028:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3028:01 advisory. nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Tenable has extracted the preceding descripti...

MiracleLinux 4 : spice-server-0.12.4-16.AXS4.3 (AXSA:2019-3705:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3705:01 advisory. spice: Off-by-one error in array access in spice/server/memslot.c CVE-2019-3813 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : nginx:1.16 (AXSA:2021-2307:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2307:01 advisory. nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Tenable has extracted the preceding descripti...

MiracleLinux 8 : glibc-2.28-164.el8.3 (AXSA:2022-3103:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3103:01 advisory. glibc: Off-by-one buffer overflow/underflow in getcwd CVE-2021-3999 glibc: Stack-based buffer overflow in svcunixcreate via long pathnames...

MiracleLinux 9 : gimp-2.99.8-4.el9_3 (AXSA:2024-7511:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7511:01 advisory. gimp: dds buffer overflow RCE CVE-2023-44441 gimp: PSD buffer overflow RCE CVE-2023-44442 gimp: psp integer overflow RCE CVE-2023-44443 gimp: psp...

MiracleLinux 7 : rh-nginx118-nginx-1.18.0-3.el7 (AXSA:2021-1813:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1813:01 advisory. nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Tenable has extracted the preceding descripti...

MiracleLinux 8 : httpd:2.4 (AXSA:2021-2541:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2541:01 advisory. httpd: modsession: NULL pointer dereference when parsing Cookie header CVE-2021-26690 httpd: Unexpected URL matching with 'MergeSlashes OFF'...