org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-22709 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

SmartDNS security vulnerability

SmartDNS is a local-running DNS server developed by Nick Peng. Versions of SmartDNS prior to 47.1 contained a security vulnerability, which was caused by a stack buffer overflow in the SVBC record resolver...

AZL-75207 CVE-2026-24401 affecting package avahi for versions less than 0.8-7

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...

CVE-2026-24401 Avahi has Uncontrolled Recursion in lookup_handle_cname function

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...

OESA-2026-1199 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

Azure Linux 3.0 Security Update: bind (CVE-2024-12705)

The version of bind installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12705 advisory. - Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted...

Azure Linux 3.0 Security Update: fluent-bit (CVE-2025-31498)

The version of fluent-bit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-31498 advisory. - c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in...

MiracleLinux 8 : nginx:1.20 (AXSA:2022-3028:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3028:01 advisory. nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Tenable has extracted the preceding descripti...

MiracleLinux 8 : bind-9.11.36-3.el8 (AXSA:2022-3460:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3460:02 advisory. bind: Lame cache can be abused to severely degrade resolver performance CVE-2021-25219 Tenable has extracted the preceding description block directly from th...

MiracleLinux 9 : bind-9.16.23-11.el9 (AXSA:2023-5457:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5457:04 advisory. bind: processing large delegations may severely degrade resolver performance CVE-2022-2795 bind: flooding with UPDATE requests may lead to DoS...

MiracleLinux 8 : bind-9.11.36-8.el8 (AXSA:2023-5855:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5855:05 advisory. bind: processing large delegations may severely degrade resolver performance CVE-2022-2795 Tenable has extracted the preceding description block directly fro...

EUVD-2026-2855

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

MiracleLinux 7 : bind-9.9.4-51.2.0.1.el7.AXS7 (AXSA:2018-2550:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2550:01 advisory. A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A...

MiracleLinux 7 : glibc-2.17-222.el7 (AXSA:2018-2926:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2926:01 advisory. glibc: realpath buffer underflow when getcwd returns relative path allows privilege escalation CVE-2018-1000001 glibc: Buffer overflow in glob with...

CVE-2026-0915

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

CVE-2026-0915

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

CVE-2026-0915 getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

CVE-2026-0915 getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2026-1060)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver

A flaw was found in the Linux kernel’s phylink subsystem: when phylinkresolve executes while pl-statemutex is held, it may acquire pl-phydev-lock out of order relative to other paths phylinkbringupphy or phylinkdisconnectphy that acquire pl-phydev-lock prior to pl-statemutex. This lock inversion...