RHEL 9 : kernel (RHSA-2026:25218)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25218 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: use dstdevrcu in...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-2272)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating out-of-placeCVE-2026-31431 Tenable has...

RHEL 9 : rhc (RHSA-2026:24337)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24337 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security...

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

CVE-2026-45854

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which crypto algorithms are implemented in silicon. Supported algorithms are registered on this basis...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in Bouncy Castle Crypto (CVE-2025-14813, CVE-2026-5598)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in Bouncy Castle Crypto CVE-2025-14813, CVE-2026-5598. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm...

RHEL 8 : kpatch-patch-4_18_0-372_137_1, kpatch-patch-4_18_0-372_145_1, kpatch-patch-4_18_0-372_158_1, kpatch-patch-4_18_0-372_170_1, and kpatch-patch-4_18_0-372_181_1 (RHSA-2026:16111)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16111 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

RHCOS 4 / 8 : OpenShift Container Platform 4.11.0 (RHSA-2022:5068)

The remote Red Hat Enterprise Linux CoreOS 4 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5068 advisory. - golang.org/x/crypto: empty plaintext packet causes panic CVE-2021-43565 - golang: net/http: improper sanitization of...

SUSE CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181

Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-47914 DESCRIPTION: SSH Agent...

Moderate: delve security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

Security update for qemu

This update for qemu fixes the following issues: CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. Patch Instructions: To install this SUSE update use the...

kernel security update

3.10.0-1160.119.1.0.15 - Bluetooth: L2CAP: fix use-after-free in l2capconndel CVE-2022-3640 Orabug: 38742878 - Bluetooth: L2CAP: Fix use-after-free caused by l2capchanput Orabug: 38742878 - Bluetooth: L2CAP: Fix user-after-free CVE-2022-50386 Orabug: 38742878 - wifi: brcmfmac: fix use-after-free...

CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

CVE-2026-23967 sm-crypto Affected by Signature Malleability in SM2-DSA

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a...

@3w5h/knowledge_query (=1.0.30), @3w5h/utils (>=1.0.0 <=1.0.7) +576 more potentially affected by CVE-2026-23965 via sm-crypto (>=0.0.9 <=0.3.8)

sm-crypto NPM version =0.0.9, =1.0.0, =0.1.0, =4.4.42, =0.0.2, =2.2.6, =2.2.6, =2.2.6, =2.3.10, =2.1.4, =2.2.6, =2.2.6, =2.2.6, =2.1.15, =2.3.9 and more Source cves: CVE-2026-23965 Source advisory: OSV:GHSA-HPWG-XG7M-3P6M...

@3w5h/knowledge_query (=1.0.30), @3w5h/utils (>=1.0.0 <=1.0.7) +576 more potentially affected by CVE-2026-23965 via sm-crypto (>=0.0.9 <=0.3.8)

sm-crypto NPM version =0.0.9, =1.0.0, =0.1.0, =4.4.42, =0.0.2, =2.2.6, =2.2.6, =2.2.6, =2.3.10, =2.1.4, =2.2.6, =2.2.6, =2.2.6, =2.1.15, =2.3.9 and more Source cves: CVE-2026-23965 Source advisory: SNYK:JS-SMCRYPTO-15054484...

cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23967 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

@arkxos/arkos-app-gateway-manage (=0.1.0), @arkxos/arkos-app-system (>=0.1.0 <=0.1.1) +81 more potentially affected by CVE-2026-23967 via sm-crypto (>=0.0.9 <=0.3.13)

sm-crypto NPM version =0.0.9, =0.1.0, =1.0.30, =0.1.26, =1.0.0, =1.0.0, =1.0.9, =1.0.1, =1.1.1, =3.0.0, =4.0.0, =4.3.0 and more Source cves: CVE-2026-23967 Source advisory: OSV:GHSA-QV7W-V773-3XQM...

cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23966 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...