Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their January 2026 Critical Patch Update. For more information please refer to Oracle's January 2026 CPU Advisory and the CVE links referenced below. Vulnerability Details...

BIT-PYTHON-MIN-2026-0672 Header injection in http.cookies.Morsel

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37765)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37765 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttmbodelayeddele...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37992)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37992 advisory. - In the Linux kernel, the following vulnerability has been resolved: netsched: Flush gsoskb list too during...

SUSE-SU-2026:0204-1 Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.73 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-40204: sctp: Fix MAC comparison to be constant-tim...

Oracle Linux 9 : gimp (ELSA-2026-0914)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0914 advisory. - fix CVE-2025-14422 - fix CVE-2025-14423 - fix CVE-2025-14424 - fix CVE-2025-14425 - fix CVE-2025-10920 - fix CVE-2025-10921 - fix CVE-2025-10922 - fi...

Oracle Solaris Critical Patch Update : jan2026_SRU11_4_88_207_01

The version of Solaris installed on the remote host is prior to 11.4.88.207.01. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11jan2026SRU1148820701 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's...

ROOT-OS-DEBIAN-12-CVE-2025-50422 CVE-2025-50422 in rootio-cairo - Patched by Root

Root has patched CVE-2025-50422 in the rootio-cairo package for Root:Debian:12. Multiple fixed versions available...

Oracle Critical Patch Update Advisory - January 2026

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

MiracleLinux 4 : rh-mysql56-mysql-5.6.38-1.AXS4 (AXSA:2017-2426:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2426:02 advisory. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Upda...

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities...

Fedora 43 : musescore (2026-afe4be8cb3)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-afe4be8cb3 advisory. This update adds a patch to fix CVE-2025-56225, a flaw in the bundled version of fluidsynth. Tenable has extracted the preceding description block directly...

CVE-2021-41135

The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...

CVE-2022-23627

ArchiSteamFarm ASF is a C application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn't adequately verify effective access of the user sending proxy i.e. Bots commands. In particular, a...

CVE-2021-41228

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

Linux Distros Unpatched Vulnerability : CVE-2022-50844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: Fix type of second parameter in odneditdpmtable callback With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992398)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992398 advisory. In the Linux kernel, the following vulnerability has been resolved: ca8210: fix maclen negative array access This patch fixes a buffer overflow access of skb-data if...

CLSA-2025-1766567499 Fix CVE(s): CVE-2020-1472

SECURITY UPDATE: elevation of privilege vulnerability - debian/patches/CVE-2020-1472.patch: fix vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC - CVE-2020-1472...

Security update for unbound

This update for unbound fixes the following issues: CVE-2025-11411: Fixed domain hijacking due to promiscuous records bsc1252525 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...