Fedora 43 : rubygem-yard (2026-2d0a32ddc0)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2d0a32ddc0 advisory. Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 43 : python-starlette (2026-e0f378428e)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e0f378428e advisory. Backport fix for CVE-2026-48710 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 44 : python-starlette (2026-3bce8d3f11)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3bce8d3f11 advisory. Backport fix for CVE-2026-48710 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 44 : haveged (2026-12643837bd)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-12643837bd advisory. Backport fix for CVE-2026-41054: privilege escalation via command socket Tenable has extracted the preceding description block directly from the Fedora...

SUSE CVE-2026-45999

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

Fedora 44 : rrdtool (2026-87a8048005)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-87a8048005 advisory. This is an update backporting some safety checks from the rrdtool-1.10.0. Tenable has extracted the preceding description block directly from the Fedora...

UBUNTU-CVE-2026-45999

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

PT-2026-43866

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An unsigned underflow exists in the z erofs lz4 handle overlap function within the erofs component. Specifically, crafted images containing illegal extents where !partial decoding is true a...

Linux Distros Unpatched Vulnerability : CVE-2026-45999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpag...

Fedora 42 : rrdtool (2026-93281f2f96)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-93281f2f96 advisory. This is an update backporting some safety checks from the rrdtool-1.10.0. Tenable has extracted the preceding description block directly from the Fedora...

Exploit for CVE-2026-42945

NGINX Rift — CVE-2026-42945 Vulnerability Scanning and Verific...

CLSA-2026-1779697425 postgresql: Fix of CVE-2026-6478

CVE-2026-6478: backport upstream prerequisite that introduces the timingsafebcmp constant-time memory comparison helper, then apply it to SCRAM and MD5 authentication paths that previously used memcmp or strcmp on password hashes, computed keys, and SCRAM nonces, to prevent timing-side-channel...

Exploit for CVE-2026-42945

ingress-nginx CVE-2026-42945 backport kit This repository doc...

Oracle Linux 7 : gdk-pixbuf2 (ELSA-2026-12114)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-12114 advisory. - Backport fixes for CVE-2026-5201 Orabug: 39288631 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

CLSA-2026-1777976277 Fix CVE(s): CVE-2022-24834

SECURITY UPDATE: Integer overflow in Lua cmsgpack library - debian/patches/CVE-2022-24834.patch: partial backport hardening deps/lua/src/luacmsgpack.c against integer overflows in mpbufappend and the encode/decode helpers cmsgpack-only; the cjson half of the upstream fix is dead code under...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: xfs: Do not propagate ENODATA disk errors into the xattr code. ENODATA also known as ENOATTR has a very specific meaning in the xfs xattr code: it indicates that the requested attribute name could not be found. However, a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed an incomplete backport in cfidsinvalidationworker The previous commit bdb596ceb4b7 "smb: client: fixed a potential UAF in smb2closecachedfid" was an incomplete backport. It also missed one krefput call in...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path The commit 7c75bde329d7 “usb: musb: musbdsps: requestirq after initializing musb” has corrected the calls to dspssetupoptionalvbusirq and dspscreatemusbpdev, but it did not update the err...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: lib/buildid: Use kernelread for the sleepable context. A bug has been prevented: “BUG: Unable to handle a NULL pointer dereferencing in filemapreadfolio.” For the sleepable context, change freader to use kernelread instead of...

Astra Linux - уязвимость в heimdal

The fix for CVE-2022-3437 involved changing the memcmp function to run in constant time, as well as providing a workaround for a compiler bug by adding comparisons of the result with the value “!= 0” to the memcmp function. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0...