MiracleLinux 8 : postgresql:10 (AXSA:2021-2311:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2311:01 advisory. postgresql: Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027 postgresql: Memory disclosure in INSERT ... ON...

SUSE CVE-2025-71143

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 "clk: Annotate struct clkhwonecelldata with countedby" annotated the hws member of 'struct clkhwonecelldata' with countedby, which informs the...

CLSA-2026-1768580474 php: Fix of CVE-2025-14178

CVE-2025-14178: fix integer overflow in arraymerge to prevent potential denial of service when merging arrays with total elements exceeding HTMAXSIZE...

CLSA-2026-1768663754 kernel: Fix of 38 CVEs

ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3 CVE-2025-38249 - drm/i915/gt: Fix timeline left held on VMA alloc error CVE-2025-38389 - md/raid1: Fix stack memory use after return in raid1reshape CVE-2025-38445 - atm: clip: Fix infinite recursive call of clippush...

SUSE CVE-2025-71136

In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842cplogstatus It's possible for cpread and hdmiread to return -EIO. Those values are further used as indexes for accessing arrays. Fix that by checking return...

OESA-2026-1124 libpng security update

The libpng package contains libraries used by other programs for reading and writing PNG format files. The PNG format was designed as a replacement for GIF and, to a lesser extent, TIFF, with many improvements and extensions and lack of patent problems. Security Fixes: LIBPNG is a reference libra...

drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer

...

um: init cpu_tasks[] earlier

...

media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()

...

SUSE CVE-2026-22853

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR's NDR array reader does not perform bounds checking on the on-wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004229)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004229 advisory. An array overflow was discovered in mt76addfragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003934)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003934 advisory. An array overflow was discovered in mt76addfragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.222.b10-0.el7 (AXSA:2019-3939:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3939:04 advisory. OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 OpenJDK: Insufficient checks of suppressed...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000960)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000960 advisory. Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGHIDMULTITOUCH is...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000859)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000859 advisory. The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collectio...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003675)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003675 advisory. Memory leak in the hwsimnewradionl function in drivers/net/wireless/mac80211hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of servic...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001469)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001469 advisory. An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c...

MiracleLinux 4 : firefox-60.2.2-1.0.1.AXS4 (AXSA:2018-3355:07)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3355:07 advisory. Mozilla: type confusion in JavaScript CVE-2018-12386 Mozilla: stack out-of-bounds read in Array.prototype.push CVE-2018-12387 Tenable has extracted...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.231-2.6.19.1.AXS4 (AXSA:2019-3940:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3940:03 advisory. OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 OpenJDK: Insufficient checks of suppressed...

devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the ArrayBuffer...