MiracleLinux 8 : xorg-x11-server-1.20.11-28.el8_10.2 (AXSA:2026-803:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-803:05 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a backport of patch ea52cb24cd3f. This patch improperly handled the hugetlb VMA lock allocation,...

Linux Distros Unpatched Vulnerability : CVE-2026-46289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/scatterlist: fix length calculations in extractkvectosg Patch series Fix bugs in extractitertosg, v3. Fix bugs in the kvec and user variants of...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-22112)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-22112 advisory. delve 1.25.2-1.0.1 golang 1.25.9-1.0.1 - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var - Backported from OL9u7 - Resolves: OLDIS-53586 Tenable...

CLSA-2026-1780391238 Fix CVE(s): CVE-2026-8376

SECURITY UPDATE: heap buffer overflow in the regexp compiler 32-bit - debian/patches/CVE-2026-8376.patch: guard against an SSizet overflow when sizing the joined fixed-substring buffer in Perlstudychunk in regcomp.c; backported from upstream commit 5e7f119eb2bb1181be908701f22bf7068e722f1c. -...

go-toolset:ol8 security update

delve golang 1.25.9-1.0.1 - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var - Backported from OL9u7 - Resolves: OLDIS-53586...

CLSA-2026-1779535502 unbound: Fix of CVE-2026-33278

CVE-2026-33278: possible remote code execution during DNSSEC validation via a dangling rrsets pointer in dnsmsgdeepcopyregion exposed by the backported KeyTrap mitigation...

SUSE CVE-2022-39307

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

gdk-pixbuf2 security update

2.36.12-3.0.3 - Backport fixes for CVE-2026-5201 Orabug: 39288631 2.36.12-3.0.1 - jpeg: Be more careful with chunked icc data Orabug: 38359772CVE-2025-7345...

Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

Linux Distros Unpatched Vulnerability : CVE-2026-33243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a...

CVE-2025-68670: discovering an RCE vulnerability in xrdp

In addition to KasperskyOS-powered solutions, Kaspersky offers various utility software to streamline business operations. For instance, users of Kaspersky Thin Client, an operating system for thin clients, can also purchase Kaspersky USB Redirector, a module that expands the capabilities of the...

libsoup security update

2.72.0-12.6 - Backport patch for CVE-2026-5119...

CLSA-2026-1777541282 glib2: Fix of 2 CVEs

CVE-2023-29499: fix GVariant offset table entry size which is not checked in isnormal. - CVE-2023-32636: remediate GVariant deserialisation timeout regression introduced by the CVE-2023-29499 fix. - Backported upstream MR 3126 22 commits from centos8.5els...

CLSA-2026-1777446517 squid: Fix of 3 CVEs

CVE-2019-12521: fix ESI parser off-by-one heap overflow by enforcing a stack-depth limit and throwing on overflow - CVE-2019-12524 already addressed by the CVE-2019-12520 backport same fix upstream; see Squid advisory SQUID-2019:4...

Oracle Linux 8 : gdk-pixbuf2 (ELSA-2026-10741)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-10741 advisory. - Backport fixes for CVE-2026-5201 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Oracle Linux 8 : virt:kvm_utils3 (ELSA-2026-50239)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50239 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501...

Fedora 43 : python-cbor2 (2026-cd0bb7ac34)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cd0bb7ac34 advisory. Backport upstream patch for CVE-2025-64076 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 43 : mingw-LibRaw (2026-635a001215)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-635a001215 advisory. Backport patch for CVE-2026-20884. ---- Backport fixes for CVE-2026-20889 CVE-2026-21413 CVE-2026-24450 CVE-2026-24660 ---- Update to libraw-0.21.5...

Oracle Linux 10 : freerdp (ELSA-2026-6799)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6799 advisory. 2:3.10.3-5.5 - Fix use of nscprocessmessage - Increase timeout for TestSynchCritical Resolves: RHEL-155979 2:3.10.3-5.4 - Backport several CVE fixes...