Fedora 43 : calibre (2026-9cc418c23e)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9cc418c23e advisory. Update to 9.6.0. Fixes rhbz2452087 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Fedora 43 : pgadmin4 (2026-bef5344f9f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bef5344f9f advisory. Update to pgadmin4-9.13. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2019-25380

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters su...

PT-2026-8370

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DEST PORT, or...

PT-2026-8362

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT PAGE or CHILDREN parameters to...

PT-2026-6788

Name of the Vulnerable Software and Affected Versions calibre versions 9.1.0 and earlier Description calibre is an e-book manager. A path traversal flaw exists in the EPUB conversion process. A crafted EPUB file can potentially corrupt existing files that the calibre process has write access to...

Security update for kernel-livepatch-MICRO-6-0_Update_9

This update for kernel-livepatch-MICRO-6-0Update9 fixes the following issues: CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:20790-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_9

This update for kernel-livepatch-MICRO-6-0-RTUpdate9 fixes the following issues: - CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow bsc1245685 - CVE-2025-38181: calipso: fix null-ptr-deref in calipsoreqset,delattr bsc1246001 - CVE-2025-38498: dochangetype: refuse to operate on...

SUSE-SU-2025:20731-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_9

This update for kernel-livepatch-MICRO-6-0-RTUpdate9 fixes the following issues: - CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow bsc1245685 - CVE-2025-38181: calipso: fix null-ptr-deref in calipsoreqset,delattr bsc1246001 - CVE-2025-38498: dochangetype: refuse to operate on...

Security update for kernel-livepatch-MICRO-6-0_Update_9

This update for kernel-livepatch-MICRO-6-0Update9 fixes the following issues: CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

SUSE-SU-2025:20765-1 Security update for kernel-livepatch-MICRO-6-0_Update_9

This update for kernel-livepatch-MICRO-6-0Update9 fixes the following issues: - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030...

SUSE-SU-2025:20646-1 Security update for kernel-livepatch-MICRO-6-0_Update_9

This update for kernel-livepatch-MICRO-6-0Update9 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350 -...

CVE-2024-47942

A vulnerability has been identified in Solid Edge SE2024 All versions V224.0 Update 9. The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system...

CVE-2024-47940

A vulnerability has been identified in Solid Edge SE2024 All versions V224.0 Update 9. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the curre...

PT-2024-8708 · Siemens · Solid Edge

Name of the Vulnerable Software and Affected Versions: Solid Edge SE2024 versions prior to V224.0 Update 9 Description: A vulnerability has been identified that allows an attacker to execute code in the context of the current process by exploiting an out of bounds read past the end of an allocate...

PT-2024-8715 · Siemens · Solid Edge

Name of the Vulnerable Software and Affected Versions: Solid Edge SE2024 versions prior to V224.0 Update 9 Description: A DLL hijacking issue has been identified, which could allow an attacker to execute arbitrary code by placing a crafted DLL file on the system. The vulnerability is related to a...

SUSE CVE-2007-4381

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...

PT-2021-21267 · Yellowfin · Yellowfin

Name of the Vulnerable Software and Affected Versions: Yellowfin versions prior to 9.6.1 Description: The issue allows enumeration and download of uploaded images through an Insecure Direct Object Reference vulnerability. This can be exploited by sending a specially crafted HTTP GET request to th...

PT-2021-15283 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R12 Description: A vulnerability could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. Recommendations: For versions prior to 9.1R12,...

Microsoft Exchange Server 输入验证错误漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. An input validation error vulnerability exists in Microsoft Exchange Server. The...