RockyLinux 10 : yggdrasil (RLSA-2026:19126)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19126 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 ke...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:2195-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2195-1 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: -...

PT-2026-46078

Name of the Vulnerable Software and Affected Versions Net::Async::Statsd::Client versions prior to 0.006 Description Net::Async::Statsd::Client for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted...

RockyLinux 10 : podman (RLSA-2026:19017)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19017 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denia...

RockyLinux 10 : skopeo (RLSA-2026:19031)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19031 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

AlmaLinux 9 : .NET 9.0 (ALSA-2026:21296)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21296 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from the...

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

DEBIAN-CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

CVE-2026-42507

CVE-2026-42507 affects the Go net/textproto package. The root issue is that error returns include user-controlled input as part of the error string, which could allow an attacker to inject misleading content into errors that are printed or logged. The connected sources confirm this behavior acros...

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

Improper Output Neutralization for Logs

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. Go Vulnerability Report: When returning errors, functions in the net/textproto package would include its input as part of the...

GO-2026-5039 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

OPENSUSE-SU-2026:20893-1 Security update for cloudflared

This update for cloudflared fixes the following issues: Changes in cloudflared: - Update version to 2026.5.2 Add more information to proxy-dns removal message Update tail command to use /management/logs endpoint Add cloudflared management token command Fix bugs Update golang.org/x/net to 0.55.0...

CVE-2026-0611

Summary: CVE-2026-0611 affects Spacelabs Healthcare Sentinel 10.5.x and higher and Sentinel 11.x.x prior to 11.6.0. A deprecated .NET Remoting HTTP channel exposed on port 8989 allows unauthenticated remote code execution by supplying valid .NET URI endpoints, enabling arbitrary file read/write a...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

OPENSUSE-SU-2026:20888-1 Security update for apptainer

This update for apptainer fixes the following issues: Changes in apptainer: - CVE-2026-39821: Update golang.org/x/net to 0.55.0. bsc1266656 - Add improved handling of suid-starter: Add system group apptainer Make sure, only users belonging to this group are able to run the application. Document...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2025-68310: s390/pci: Use pciueventers in PCI recovery bsc1255160. CVE-2025-71183: btrfs: always detect...