MiracleLinux 8 : xorg-x11-server-1.20.11-28.el8_10.2 (AXSA:2026-803:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-803:05 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

Linux Distros Unpatched Vulnerability : CVE-2026-46289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/scatterlist: fix length calculations in extractkvectosg Patch series Fix bugs in extractitertosg, v3. Fix bugs in the kvec and user variants of...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a backport of patch ea52cb24cd3f. This patch improperly handled the hugetlb VMA lock allocation,...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-22112)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-22112 advisory. delve 1.25.2-1.0.1 golang 1.25.9-1.0.1 - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var - Backported from OL9u7 - Resolves: OLDIS-53586 Tenable...

CLSA-2026-1780391238 Fix CVE(s): CVE-2026-8376

SECURITY UPDATE: heap buffer overflow in the regexp compiler 32-bit - debian/patches/CVE-2026-8376.patch: guard against an SSizet overflow when sizing the joined fixed-substring buffer in Perlstudychunk in regcomp.c; backported from upstream commit 5e7f119eb2bb1181be908701f22bf7068e722f1c. -...

go-toolset:ol8 security update

delve golang 1.25.9-1.0.1 - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var - Backported from OL9u7 - Resolves: OLDIS-53586...

CLSA-2026-1779535502 unbound: Fix of CVE-2026-33278

CVE-2026-33278: possible remote code execution during DNSSEC validation via a dangling rrsets pointer in dnsmsgdeepcopyregion exposed by the backported KeyTrap mitigation...

SUSE CVE-2022-39307

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

gdk-pixbuf2 security update

2.36.12-3.0.3 - Backport fixes for CVE-2026-5201 Orabug: 39288631 2.36.12-3.0.1 - jpeg: Be more careful with chunked icc data Orabug: 38359772CVE-2025-7345...

Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

Linux Distros Unpatched Vulnerability : CVE-2026-33243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a...

CVE-2025-68670: discovering an RCE vulnerability in xrdp

In addition to KasperskyOS-powered solutions, Kaspersky offers various utility software to streamline business operations. For instance, users of Kaspersky Thin Client, an operating system for thin clients, can also purchase Kaspersky USB Redirector, a module that expands the capabilities of the...

libsoup security update

2.72.0-12.6 - Backport patch for CVE-2026-5119...

CLSA-2026-1777541282 glib2: Fix of 2 CVEs

CVE-2023-29499: fix GVariant offset table entry size which is not checked in isnormal. - CVE-2023-32636: remediate GVariant deserialisation timeout regression introduced by the CVE-2023-29499 fix. - Backported upstream MR 3126 22 commits from centos8.5els...

CLSA-2026-1777446517 squid: Fix of 3 CVEs

CVE-2019-12521: fix ESI parser off-by-one heap overflow by enforcing a stack-depth limit and throwing on overflow - CVE-2019-12524 already addressed by the CVE-2019-12520 backport same fix upstream; see Squid advisory SQUID-2019:4...

Oracle Linux 8 : gdk-pixbuf2 (ELSA-2026-10741)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-10741 advisory. - Backport fixes for CVE-2026-5201 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Oracle Linux 8 : virt:kvm_utils3 (ELSA-2026-50239)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50239 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501...

Fedora 43 : python-cbor2 (2026-cd0bb7ac34)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cd0bb7ac34 advisory. Backport upstream patch for CVE-2025-64076 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 43 : mingw-LibRaw (2026-635a001215)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-635a001215 advisory. Backport patch for CVE-2026-20884. ---- Backport fixes for CVE-2026-20889 CVE-2026-21413 CVE-2026-24450 CVE-2026-24660 ---- Update to libraw-0.21.5...

Oracle Linux 10 : freerdp (ELSA-2026-6799)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6799 advisory. 2:3.10.3-5.5 - Fix use of nscprocessmessage - Increase timeout for TestSynchCritical Resolves: RHEL-155979 2:3.10.3-5.4 - Backport several CVE fixes...