Azure Linux 3.0 Security Update: kernel (CVE-2025-37817)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37817 advisory. - In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in...

Azure Linux 3.0 Security Update: kernel (CVE-2024-50012)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50012 advisory. - In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on...

Azure Linux 3.0 Security Update: multus (CVE-2020-28851)

The version of multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28851 advisory. - In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing the...

CVE-2025-68137

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parseheader allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtract...

CVE-2025-68137 EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parseheader allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtract...

CVE-2025-68137 EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parseheader allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtract...

EUVD-2025-206317

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parseheader allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtract...

CVE-2025-68137

EVerest before version 2025.10.0 is affected by an integer overflow in SdpPacket::parse_header(). After reading an 8-byte header, the remaining length can be set to 7, and the calculation of the remaining length yields a negative value that is interpreted as SIZE_MAX. This can cause an infinite l...

Everest-core security vulnerabilities

Everest-core is a major component of the open-source electric vehicle charging software stack developed by EVerest. Versions of everest-core prior to 2025.10.0 contained security vulnerabilities. These vulnerabilities were caused by integer overflows in the SdpPacket::parseheader function, which...

MiracleLinux 8 : python3-3.6.8-51.el8.1.ML.1 (AXSA:2023-6176:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6176:05 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : graphviz-2.40.1-43.el8 (AXSA:2021-2661:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2661:01 advisory. graphviz: off-by-one in parsereclbl in lib/common/shapes.c CVE-2020-18032 Tenable has extracted the preceding description block directly from the MiracleLinu...

PT-2026-3655

A NULL pointer dereference in the parse meta function src/httpd daap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

MiracleLinux 8 : python3.11-3.11.2-2.el8.1 (AXSA:2023-6179:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6179:02 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : kernel-5.14.0-70.26.1.el9_0 (AXSA:2022-4303:19)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4303:19 advisory. kernel: heap overflow in nftseteleminit CVE-2022-34918 kernel: vulnerability of buffer overflow in nftsetdescconcatparse CVE-2022-2078 Tenable has...

MiracleLinux 8 : dotnet8.0-8.0.105-1.el8_10.ML.1 (AXSA:2024-8469:12)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8469:12 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...

MiracleLinux 9 : avahi-0.8-15.el9 (AXSA:2023-6723:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6723:02 advisory. avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket CVE-2021-3468 avahi: reachable assertion in...

MiracleLinux 7 : python3-3.6.8-13.el7 (AXSA:2020-4552:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4552:01 advisory. python: Cookie domain check returns incorrect results CVE-2018-20852 python: email.utils.parseaddr wrongly parses email addresses CVE-2019-16056...

MiracleLinux 7 : python-2.7.5-93.0.1.el7.AXS7 (AXSA:2023-6068:37)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6068:37 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...