Security Bulletin: IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945.

Summary IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature...

Security update for java-25-openjdk

This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.2+10 January 2026 CPU Security fixes: CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. CVE-2026-21933: Fixed Oracle...

SUSE-SU-2026:20391-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-25.1 fixes one security issue The following security issue was fixed: - CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize bsc1249241. The following non security issue was fixed: - fix addrbitset issue on big-endian machines bsc12569...

SUSE-SU-2026:20389-1 Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-31.1 fixes one security issue The following security issue was fixed: - CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize bsc1249241. The following non security issue was fixed: - fix addrbitset issue on big-endian machines bsc12569...

Security update for container-suseconnect

This update for container-suseconnect rebuilds it against the current GO security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product:...

CVE-2026-22264 Suricata detect/alert: heap-use-after-free on alert queue expansion

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their January 2026 Critical Patch Update. For more information please refer to Oracle's January 2026 CPU Advisory and the CVE links referenced below. Vulnerability Details...

BIT-PYTHON-MIN-2026-0672 Header injection in http.cookies.Morsel

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37992)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37992 advisory. - In the Linux kernel, the following vulnerability has been resolved: netsched: Flush gsoskb list too during...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37765)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37765 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttmbodelayeddele...

SUSE-SU-2026:0204-1 Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.73 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-40204: sctp: Fix MAC comparison to be constant-tim...

Oracle Linux 9 : gimp (ELSA-2026-0914)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0914 advisory. - fix CVE-2025-14422 - fix CVE-2025-14423 - fix CVE-2025-14424 - fix CVE-2025-14425 - fix CVE-2025-10920 - fix CVE-2025-10921 - fix CVE-2025-10922 - fi...

Oracle Solaris Critical Patch Update : jan2026_SRU11_4_88_207_01

The version of Solaris installed on the remote host is prior to 11.4.88.207.01. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11jan2026SRU1148820701 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's...

ROOT-OS-DEBIAN-12-CVE-2025-50422 CVE-2025-50422 in rootio-cairo - Patched by Root

Root has patched CVE-2025-50422 in the rootio-cairo package for Root:Debian:12. Multiple fixed versions available...

Oracle Critical Patch Update Advisory - January 2026

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

MiracleLinux 4 : rh-mysql56-mysql-5.6.38-1.AXS4 (AXSA:2017-2426:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2426:02 advisory. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Upda...

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities...

Fedora 43 : musescore (2026-afe4be8cb3)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-afe4be8cb3 advisory. This update adds a patch to fix CVE-2025-56225, a flaw in the bundled version of fluidsynth. Tenable has extracted the preceding description block directly...

CVE-2021-41135

The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...