MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2022-3591:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3591:01 advisory. modauthopenidc: open redirect in oidcvalidateredirecturl CVE-2021-32786 modauthopenidc: hardcoded static IV and AAD with a reused key in AES GCM...

MiracleLinux 8 : linux-firmware-20240610-122.git90df68d2.el8_10 (AXSA:2024-8543:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8543:07 advisory. kernel: Reserved fields in guest message responses may not be zero initialized CVE-2023-31346 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : cloud-init-23.1.1-10.el8.ML.1 (AXSA:2023-7278:09)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-7278:09 advisory. cloud-init: sensitive data could be exposed in logs CVE-2023-1786 Tenable has extracted the preceding description block directly from the MiracleLinux securi...

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

SUSE CVE-2025-71115

In the Linux kernel, the following vulnerability has been resolved: um: init cputasks earlier This is currently done in umlfinishsetup, but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse, which has coverage annotations, and then the checks in checkkcovmode...

ROS-20260119-7335

A vulnerability in the net/bluetooth/l2capsock.c component of the Linux operating system kernel is related to memory initialization errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CLSA-2026-1768663754 kernel: Fix of 38 CVEs

ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3 CVE-2025-38249 - drm/i915/gt: Fix timeline left held on VMA alloc error CVE-2025-38389 - md/raid1: Fix stack memory use after return in raid1reshape CVE-2025-38445 - atm: clip: Fix infinite recursive call of clippush...

CVE-2026-21913

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager IDM of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On EX4000 models with 48 ports EX4000-48T, EX4000-48P, EX4000-48MP a high volu...

OESA-2026-1074 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsainitone The hpdaallocctlrinfo allocates h and its field replymap. However, in hpsainitone, if allocpercpu failed, the...

crypto: af_alg - zero initialize memory allocated via sock_kmalloc

...

crypto: seqiv - Do not use req->iv after crypto_aead_encrypt

...

um: init cpu_tasks[] earlier

...

SUSE CVE-2025-71113

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests allocated with sockkmalloc were left uninitialized, relying on callers to set fields explicitly. This resulted in the...

MiracleLinux 4 : rh-postgresql94-postgresql-9.4.14-2.AXS4 (AXSA:2017-2465:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2465:03 advisory. Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use...

MiracleLinux 7 : rh-postgresql94-postgresql-9.4.14-2.el7 (AXSA:2017-2466:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2466:03 advisory. Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use...

MiracleLinux 7 : sssd-1.13.0-40.el7 (AXSA:2015-829:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-829:03 advisory. Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001542)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001542 advisory. The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too fa...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001094)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001094 advisory. Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of...

MiracleLinux 4 : httpd24-httpd-2.4.25-9.AXS4.1 (AXSA:2017-2175:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2175:02 advisory. It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000642 advisory. The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to...