MiracleLinux 9 : protobuf-c-1.3.3-13.el9 (AXSA:2023-6666:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6666:02 advisory. protobuf-c: unsigned integer overflow in parserequiredmember CVE-2022-48468 Tenable has extracted the preceding description block directly from the...

PT-2026-3750

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.53.3 Fleet versions 4.53.3 through 4.75.2 Fleet versions 4.75.2 through 4.76.2 Fleet versions 4.76.2 through 4.77.1 Fleet versions 4.77.1 through 4.78.3 Description A critical authentication issue exists in Fleet Devi...

MiracleLinux 9 : systemd-252-32.el9.ML.1 (AXSA:2024-7968:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7968:01 advisory. systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes CVE-2023-7008 Tenable has extracted the preceding description block...

MiracleLinux 8 : systemd-239-82.el8 (AXSA:2024-8329:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8329:02 advisory. systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes CVE-2023-7008 Tenable has extracted the preceding description block...

MiracleLinux 8 : grub2-2.02-156.el8.ML.1 (AXSA:2024-8448:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8448:04 advisory. grub2: grub2-set-bootflag can be abused by local pseudo-users CVE-2024-1048 grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001471 advisory. kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel modul...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001204)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001204 advisory. In the function wmisetie, the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ielen' argument can cause...

MiracleLinux 7 : icedtea-web-1.7.1-2.0.1.el7.AXS7 (AXSA:2019-3964:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3964:01 advisory. icedtea-web: path traversal while processing elements of JNLP files results in arbitrary file overwrite CVE-2019-10182 icedtea-web: directory...

MiracleLinux 7 : java-11-openjdk-11.0.1.13-3.el7 (AXSA:2019-3622:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3622:01 advisory. OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 OpenJDK: Unrestricted access to scripting engine Scripting, 8202936 CVE-2018-31...

Astra Linux – Vulnerability in xwayland, xorg-server

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension. Improper bounds checking in the XkbSetCompatMap function can lead to an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, resulting in memory corruption or a syste...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: perf: armspe: Prevent overflow in PERFIDX2OFF By casting nrpages to unsigned long, an overflow can be avoided when handling large AUX buffer sizes = 2 GiB...

Security Bulletin: Vulnerability in protobuf-c affects IBM Netezza Appliance

Summary The protobuf-c package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2022-48468 Vulnerability Details CVEID:CVE-2022-48468 DESCRIPTION: protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CWE:CWE-190: Integer...

CVE-2025-61686

A security issue was discovered in the react-router/node component of React Router. It is possible for an attacker manipulate an unsigned cookie to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the...

K000159060: Linux kernel vulnerability CVE-2024-56615

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the...

K000159059: Linux kernel vulnerability CVE-2024-56614

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit...

Path Traversal

React Router is vulnerable to Path Traversal. The vulnerability is due to the use of createFileSessionStorage with an unsigned cookie, which allows an attacker to manipulate session identifiers to attempt read/write operations outside the intended session file directory, potentially accessing...

CVE-2025-61686

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

CVE-2025-61686 React Router has Path Traversal in File Session Storage

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

CVE-2025-61686

CVE-2025-61686 affects React Router’s file session storage path handling when using createFileSessionStorage() with an unsigned cookie in @react-router/node (and Remix variants). The issue allows a path-traversal-like scenario where a server process with sufficient permissions may attempt to read...

CVE-2025-61686 React Router has Path Traversal in File Session Storage

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...