SUSE-SU-2026:20019-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems bsc1244325...

SUSE-SU-2026:20014-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems bsc1244325...

Linux Distros Unpatched Vulnerability : CVE-2023-54172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction On hardware that supports Indirect Branch Tracking IBT, Hyper-V VMs with ConfigVersion 9.3 o...

Linux Distros Unpatched Vulnerability : CVE-2023-54233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then...

Linux Distros Unpatched Vulnerability : CVE-2023-54078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: max9286: Free control handler The control handler is leaked in some probe-time error paths, as well as in the remove path. Fix it. CVE-2023-54078 Note th...

Linux Distros Unpatched Vulnerability : CVE-2023-54063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: Fix OOB read in indxinsertintobuffer Syzbot reported a OOB read bug: BUG: KASAN: slab-out-of- bounds in indxinsertintobuffer+0xaa3/0x13b0...

Linux Distros Unpatched Vulnerability : CVE-2022-50744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: lpfc: Fix hard lockup when reading the rxmonitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX/rxmonitor, a hard lockup simil...

Linux Distros Unpatched Vulnerability : CVE-2025-14424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

Linux Distros Unpatched Vulnerability : CVE-2025-68724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary bl...

Linux Distros Unpatched Vulnerability : CVE-2023-54048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/bnxtre: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any...

Linux Distros Unpatched Vulnerability : CVE-2023-54030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performance, and in the worst case scenar...

Linux Distros Unpatched Vulnerability : CVE-2025-14860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1. CVE-2025-14860 Note that Nessus relies on the presence ...

Linux Distros Unpatched Vulnerability : CVE-2025-14956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file...

Linux Distros Unpatched Vulnerability : CVE-2025-68461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document. CVE-2025-6846...

Linux Distros Unpatched Vulnerability : CVE-2025-63757

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow vulnerability in the yuv2ya16Xctemplate function in libswscale/output.c in FFmpeg 8.0. CVE-2025-63757 Note that Nessus relies on the presence o...

Linux Distros Unpatched Vulnerability : CVE-2025-68168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit was not properly initializing TxBlock0.waitor waitqueue...

Linux Distros Unpatched Vulnerability : CVE-2025-68202

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schedext: Fix unsafe locking in the scxdumpstate For built with CONFIGPREEMPTRT=y kernels, the dumplock will be converted sleepable spinlock and not disable-ir...

Linux Distros Unpatched Vulnerability : CVE-2025-67724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers...

Linux Distros Unpatched Vulnerability : CVE-2024-38798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDK2 contains a vulnerability in BIOS where an attacker may cause Exposure of Sensitive Information to an Unauthorized Actor by local access. Successful...

Linux Distros Unpatched Vulnerability : CVE-2023-53816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdkfd: fix potential kgdmem UAFs kgdmem pointers returned by kfdprocessdevicetranslatehandle are only guaranteed to be valid while p-mutex is held. As soon...