Azure Linux 3.0 Security Update: binutils (CVE-2025-1178)

The version of binutils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1178 advisory. - A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this...

Siemens SIMATIC Devices Linux Kernel Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2022-3625)

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlinkparamset/devlinkparamget of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The...

Oracle Linux 8 : bind9.16 (ELSA-2025-1676)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1676 advisory. - Fix application of patch for CVE-2024-11187 - Limit additional section records CPU processing CVE-2024-11187 Tenable has extracted the preceding description...

Azure Linux 3.0 Security Update: avahi (CVE-2024-52616)

The version of avahi installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52616 advisory. - A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup,...

PT-2025-18422

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc7 Description A deadlock vulnerability has been identified in the Linux kernel, specifically in the jfs file system. The issue arises when the ioctl$LOOP SET STATUS64 function is called with an offset...

JVN#91300609: RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres

RevoWorks SCVX and RevoWorks Browser provided by J’s Communication Co., Ltd. build a sandbox environment isolated from a server or a client's local environment. These products provide the function enabling execution of sanitizing files when downloading files from the sandbox environment to the...

SUSE CVE-2025-1376

A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elfstrptr in the library /libelf/elfstrptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The...

CVE-2025-1377

A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelfgetsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been...

CVE-2025-1373 FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

CVE-2025-1371

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handledynamicsymtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has...

CVE-2025-1371

GNU elfutils 0.192 is affected via readelf.c in the eu-read handle_dynamic_symtab code path, where a null pointer dereference can occur with local attack access. The vulnerability is described as exploitable locally, and public exploits/ PoCs have been disclosed. A patch is available (commit/tag ...

CVE-2025-1365

A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function processsymtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The explo...

CVE-2025-1352

A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function libdwthreadtail in the library libdwalloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. Th...

Microsoft Excel 2016 Multiple Vulnerabilities (KB5002687)

This host is missing an important security update according to Microsoft KB5002687 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Distribution's token authentication allows to inject an untrusted signing key in a JWT

Impact Systems running registry version 3.0.0-beta.1 with token authentication enabled. Patches Update to at least v3.0.0-rc.3 Workarounds There is no way to work around this issue without patching if your system requires token authentication. References The issue lies in how the JWK verification...

CVE-2025-24976

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

CVE-2024-54015

CVE-2024-54015 affects Siemens SIPROTEC 5 devices (multiple CP300/CP150 variants) with SNMP GET handling. The root cause is improper validation of SNMP GET requests, allowing an unauthenticated remote attacker to retrieve sensitive information via SNMPv2 GET using default credentials. Publicly st...

AZL-56655 CVE-2025-1176 affecting package binutils for versions less than 2.37-13

A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function bfdelfgcmarkrsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather...

AZL-56579 CVE-2025-1176 affecting package binutils for versions less than 2.41-4

A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function bfdelfgcmarkrsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather...