CVE-2026-22264

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005182)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005182 advisory. In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: In the xskmapdeleteelem function an...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005193 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also...

Suricata resource management error vulnerability

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 8.0.3 and 7.0.14 contained a resource management vulnerability. This vulnerability stemmed from an unsigned integer overflow that could occur when generating too man...

CVE-2026-23992

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

CVE-2026-23992

CVE-2026-23992 concerns go-tuf prior to 2.3.1 where a compromised or misconfigured TUF repository can set the signature threshold to 0, effectively bypassing signature verification and allowing unauthorized modification of TUF metadata at rest or in transit (no integrity checks). The issue is lin...

CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

Azure Linux 3.0 Security Update: shim-unsigned-aarch64 (CVE-2019-14584)

The version of shim-unsigned-aarch64 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-14584 advisory. - Null pointer dereference in Tianocore EDK2 May allow an authenticated user to potentially...

📄 Malwarebytes Anti-Malware 2.x Privilege Escalation

This advisory hosts useful analysis of older research from 2016, when Google's Project Zero discovered multiple security issues in MalwareBytes Anti-Malware version 2.x. The software suffered from a combination of security flaws that allowed attackers to remotely tamper with...

UBUNTU-CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

MiracleLinux 9 : systemd-252-32.el9.ML.1 (AXSA:2024-7968:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7968:01 advisory. systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes CVE-2023-7008 Tenable has extracted the preceding description block...

MiracleLinux 8 : grub2-2.02-156.el8.ML.1 (AXSA:2024-8448:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8448:04 advisory. grub2: grub2-set-bootflag can be abused by local pseudo-users CVE-2024-1048 grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code...

MiracleLinux 8 : systemd-239-82.el8 (AXSA:2024-8329:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8329:02 advisory. systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes CVE-2023-7008 Tenable has extracted the preceding description block...

PT-2026-3750

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.53.3 Fleet versions 4.53.3 through 4.75.2 Fleet versions 4.75.2 through 4.76.2 Fleet versions 4.76.2 through 4.77.1 Fleet versions 4.77.1 through 4.78.3 Description A critical authentication issue exists in Fleet Devi...

MiracleLinux 9 : protobuf-c-1.3.3-13.el9 (AXSA:2023-6666:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6666:02 advisory. protobuf-c: unsigned integer overflow in parserequiredmember CVE-2022-48468 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : icedtea-web-1.7.1-2.0.1.el7.AXS7 (AXSA:2019-3964:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3964:01 advisory. icedtea-web: path traversal while processing elements of JNLP files results in arbitrary file overwrite CVE-2019-10182 icedtea-web: directory...

MiracleLinux 7 : java-11-openjdk-11.0.1.13-3.el7 (AXSA:2019-3622:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3622:01 advisory. OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 OpenJDK: Unrestricted access to scripting engine Scripting, 8202936 CVE-2018-31...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001471 advisory. kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel modul...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001204)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001204 advisory. In the function wmisetie, the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ielen' argument can cause...

Astra Linux – Vulnerability in xwayland, xorg-server

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension. Improper bounds checking in the XkbSetCompatMap function can lead to an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, resulting in memory corruption or a syste...