590 matches found
CLSA-2026-1769084608 mariadb: Fix of 5 CVEs
Updated to the 10.5.29 tarball - CVE-2025-30722: fix mariadb-dump wrong quoting character by using ' not " and using quoteforequal - CVE-2025-30693: fix incorrect undo logging for indexes on virtual columns by properly encoding/decoding large index IDs in InnoDB undo log records - CVE-2025-21490:...
MiracleLinux 9 : less-590-3.el9_3 (AXSA:2024-7665:02)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7665:02 advisory. less: missing quoting of shell metacharacters in LESSCLOSE handling CVE-2022-48624 Tenable has extracted the preceding description block directly from the...
MiracleLinux 8 : fwupd-1.5.9-1.el8.ML.1 (AXSA:2022-2904:01)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-2904:01 advisory. grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled CVE-2020-14372 grub2: Use-after-free in rmmod...
MiracleLinux 9 : python3.9-3.9.21-1.el9_5 (AXSA:2024-9439:09)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9439:09 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Improper validation of IPv6 and IPvFuture addresses...
MiracleLinux 8 : grub2-2.02-90.1.0.1.el8 (AXSA:2021-1565:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1565:02 advisory. grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled CVE-2020-14372 grub2: Use-after-free in rmmod...
Gearboxcomputers WifiHotSpot code-related vulnerabilities
Gearboxcomputers WifiHotSpot is a virtual router software developed by Gearboxcomputers. Version 1.0.0.0 of WifiHotSpot contains a code vulnerability. This vulnerability stems from the service path in WifiHotSpotService.exe that lacks quotation marks, which may lead to privilege escalation...
Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file
Summary The user-provided string repository in the helmv3 manager is appended to the helm registry login command without proper sanitization. Details Adversaries can provide a maliciously crafted Chart.yaml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute...
MiracleLinux 9 : postgresql:16 (AXSA:2025-9703:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9703:01 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...
MiracleLinux 8 : postgresql:12 (AXSA:2025-9814:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9814:01 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...
MiracleLinux 8 : postgresql:15 (AXSA:2025-9712:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9712:01 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...
MiracleLinux 8 : libpq-13.20-1.el8_10 (AXSA:2025-9707:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9707:02 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...
MiracleLinux 8 : python39:3.9 (AXSA:2025-11636:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11636:01 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts...
MiracleLinux 7 : postgresql-9.2.24-9.0.5.el7.AXS7 (AXSA:2025-11539:05)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11539:05 advisory. CVE-2025-1094: fix potential SQL injections allowed by an improper encoding validation in data quoting functions CVEs: CVE-2025-1094 Improper neutralization...
MiracleLinux 8 : postgresql:13 (AXSA:2025-9711:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9711:01 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...
MiracleLinux 9 : libpq-13.20-1.el9_5 (AXSA:2025-9696:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9696:01 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...
MiracleLinux 9 : postgresql:15 (AXSA:2025-9702:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9702:01 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...
OESA-2026-1025 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
CVE-2023-40185
shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping or quoting for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expecte...
PHP 8.2.x < 8.2.30 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.2.x prior to 8.2.30, 8.3.x prior to 8.3.29, 8.4.x prior to 8.4.16, or 8.5.x prior to 8.5.1. It is, therefore, affected by multiple vulnerabilities: - Information leak of memory in getimagesize...
PHP 8.5.x < 8.5.1 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.2.x prior to 8.2.30, 8.3.x prior to 8.3.29, 8.4.x prior to 8.4.16, or 8.5.x prior to 8.5.1. It is, therefore, affected by multiple vulnerabilities: - Information leak of memory in getimagesize...