RHEL 9 : buildah (RHSA-2026:25252)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25252 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-2291)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 Actions which insert URLs into the...

RHEL 10 : osbuild-composer (RHSA-2026:22450)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22450 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...

TencentOS Server 3: grafana-pcp (TSSA-2026:0383)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0383 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

RHEL 9 : containernetworking-plugins (RHSA-2026:18913)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18913 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network...

RHEL 10 : podman (RHSA-2026:17040)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17040 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...

AlmaLinux 9 : image-builder (ALSA-2026:3839)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:3839 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RockyLinux 10 : delve (RLSA-2026:8842)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8842 advisory. crypto/x509: Incorrect enforcement of email constraints in crypto/x509 CVE-2026-27137 net/url: Incorrect parsing of IPv6 host literals in net/url...

Important: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : grafana (RHSA-2026:8860)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8860 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/url: Incorrect...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-102 (ALASECS-2026-102)

"The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-102 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Un...

Amazon Linux 2023 : runc (ALAS2023-2026-1541)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1541 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

RHEL 9 : osbuild-composer (RHSA-2026:5544)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5544 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...

Important: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Amazon Linux 2 : golang, --advisory ALAS2-2026-3203 (ALAS-2026-3203)

The version of golang installed on the remote host is prior to 1.25.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3203 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix...

RHEL 10 : rhc-worker-playbook (RHSA-2026:3970)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3970 advisory. A worker for yggdrasil that receives Ansible playbooks and executes them against the local host. Security Fixes: crypto/x509: golang: Denia...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...