RHEL 9 : libsoup (RHSA-2026:22323)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22323 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...

[SECURITY] Fedora 44 Update: libsoup3-3.6.6-8.fc44

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

ROS-20260529-73-0004

The vulnerability of the GNOME Remote Desktop remote desktop service is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to compromise data integrity and cause service failures through a specially created RDP packet...

CVE-2026-47274

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pamusb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

CVE-2026-47274

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pamusb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

CVE-2026-47274 pam_usb: Uncontrolled search path in pam_usb tools allows privilege escalation via PATH manipulation

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pamusb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

PT-2026-44087

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

SUSE SLES12 Security Update : openssh (SUSE-SU-2026:2025-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2025-1 advisory. This update for openssh fixes the following issues Tenable has extracted the preceding description block directly from the SUSE security...

Unity Linux 20.1070e Security Update: gnome-shell (UTSA-2026-016740)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016740 advisory. An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappea...

Unity Linux 20.1060e / 20.1070e Security Update: gnome-autoar (UTSA-2026-016654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016654 advisory. autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it...

Unity Linux 20.1060e / 20.1070e Security Update: gnome-autoar (UTSA-2026-016668)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016668 advisory. autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it...

gnome-shell bug fix and enhancement update

An update is available for gnome-shell. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Reverting “drm/amd: flush any delayed gfxoff on suspend entry” The commit ab4750332dbe “drm/amdgpu/sdma5.2: add begin/enduse ring callbacks” caused GFXOFF control to be used more heavily. The codepath that was removed from commit...

Astra Linux - уязвимость в yelp, yelp-xsl

A flaw was discovered in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability enables malicious users to input help documents, which may result in the exfiltration of user files to an external environment...

Astra Linux - уязвимость в glib2.0

A issue was discovered in GNOME GLib before version 2.78.5, and also in versions 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus...

Astra Linux - уязвимость в gdk-pixbuf

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw-compressed stream of image data in GIF files, where the lzw minimum code size is equal to 12...

Astra Linux - уязвимость в libgsf

There is an integer overflow vulnerability in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can lead to an integer overflow when processing the directory from the file, allowing an out-of-bounds ind...

Astra Linux - уязвимость в libgsf

There is an integer overflow vulnerability in the Compound Document Binary File format parser of v1.14.52 in the GNOME Project’s G Structured File Library libgsf. A specially crafted file can lead to an integer overflow, allowing for a heap-based buffer overflow when processing the sector...

Astra Linux - уязвимость в glib2.0

A issue was discovered in GNOME GLib before version 2.66.8. When the gfilereplace function is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly creates the target of the symlink as an empty file. This could potentially have security implications ...