131 matches found
Astra Linux - уязвимость в cpio
Debian’s cpio package contains a path traversal vulnerability. This issue was introduced by reverting the CVE-2015-1197 patches, which caused a regression in the --no-absolute-filenames option. Upstream has since provided a proper fix for this issue...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2, where its configuration file, known as grub.cfg, is created with the wrong permission set, allowing non-privileged users to read its contents. This represents a minor confidentiality issue, as those users could potentially access any encrypted passwords contained i...
CLSA-2026-1777307149 libarchive: Fix of CVE-2021-31566
CVE-2021-31566: extend backport with upstream 8a1bd5c and ede459d2 to close the trailing-slash variant of the fixup-list symlink-follow attack...
Fedora 44 : forgejo (2026-a02182de40)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a02182de40 advisory. This is an upstream bug and security fix release. Please view the upstream release notes for more details. Tenable has extracted the preceding description...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002608)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002608 advisory. Linux Kernel version 3.18 to 4.16 incorrectly handles an SGIO ioctl on /dev/sg0 with dxferdirection=SGDXFERFROMDEV and an empty 6-byte cmdp. This may lead to copying...
Fedora 43 : docker-buildkit (2025-94f9b9b1b1)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-94f9b9b1b1 advisory. - Update to release v0.26.3 - Resolves CVE-2024-25621: rhbz2419004, rhbz2419033, rhbz2419427 - Upstream fix Tenable has extracted the preceding...
Fedora 43 : suricata (2025-a366512b23)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a366512b23 advisory. Upstream security/bugfix release. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora 42 : suricata (2025-0490389cb0)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0490389cb0 advisory. upstream bugfix/security release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora 43 : forgejo (2025-45da53cabc)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-45da53cabc advisory. This is an upstream bug and security fix release. Please view the upstream release notes for more details. Tenable has extracted the preceding description...
Fedora 43 : suricata (2025-00748128e3)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-00748128e3 advisory. Upstream security and bugfix release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...
Fedora 41 : cri-o1.31 (2025-09e80a938d)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-09e80a938d advisory. - Update to release v1.31.13 - Resolves: rhbz2333357, rhbz2398406, rhbz2398661, rhbz2399063, rhbz2399337 - Upstream fix Tenable has extracted the...
EUVD-2022-34961
Malicious code in bioql PyPI...
Fedora 42 : forgejo (2025-bac4da5419)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-bac4da5419 advisory. This is an upstream security and bugfix release. Please refer to the upstream release notes for versions 12.0.2 and 12.0.3 for details about changes...
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
...
Fedora: Security Advisory (FEDORA-2025-a1ec5a674c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : kubernetes1.31 (2025-d78e6ddfe3)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d78e6ddfe3 advisory. - Update to release v1.31.12 - Resolves: rhbz2388412 - Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference - Upstream fix Tenabl...
Fedora 41 : kubernetes1.31 (2025-a1ec5a674c)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a1ec5a674c advisory. - Update to release v1.31.12 - Resolves: rhbz2388412 - Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference - Upstream fix Tenabl...
CVE-2025-52194
A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co...
Linux Distros Unpatched Vulnerability : CVE-2018-1000204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux Kernel version 3.18 to 4.16 incorrectly handles an SGIO ioctl on /dev/sg0 with dxferdirection=SGDXFERFROMDEV and an empty 6-byte cmdp. This may lead to...
crossbeam-channel Vulnerable to Double Free on Drop
The internal Channel type's Drop method has a race which could, in some circumstances, lead to a double-free. This could result in memory corruption. Quoting from the upstream description in merge request \1187: The problem lies in the fact that dicardallmessages contained two paths that could le...