MiracleLinux 9 : podman-4.9.4-4.el9_4 (AXSA:2024-8285:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8285:05 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

MiracleLinux 9 : buildah-1.33.7-2.el9_4 (AXSA:2024-8286:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8286:05 advisory. golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 jose-go: improper handling of highly compressed data CVE-2024-28180...

kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails

A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...

RHEL 10 : kernel (RHSA-2026:0747)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0747 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/xe: Use local fence in...

AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery

This module exploits an unauthenticated remote code execution RCE vulnerability in AVideo's notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an attacker ...

MiracleLinux 7 : wpa_supplicant-2.6-12.el7 (AXSA:2019-3663:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3663:01 advisory. wpasupplicant: Unauthenticated EAPOL-Key decryption in wpasupplicant CVE-2018-14526 Tenable has extracted the preceding description block directly from the...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2026-1034)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2026-1076)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1091)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : net: drop UFO packets in udprcvsegmentCVE-2025-38622 A transient execution vulnerability in some AMD processors may allow an attacker to infer dat...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : kernel-rt (RHSA-2026:0534)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0534 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

CVE-2026-22699

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

EUVD-2026-1874

RustCrypto Has Insufficient Length Validation in decrypt in SM2-PKE...

GHSA-J9XQ-69PF-PCM8 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE

Summary A denial-of-service vulnerability exists in the SM2 public-key encryption PKE implementation: the decrypt path performs unchecked slice::splitat operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encod...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: tls: Wait for pending async decryption if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb, in order to hold references to the memory it uses. If we fail to allocate that clone,...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv – The ssizei check is moved to the beginning of essivaeadcrypt, so it is also checked for decryption and in-place encryption operations...

MiracleLinux 9 : kernel-5.14.0-611.16.1.el9_7 (AXSA:2025-11625:100)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11625:100 advisory. kernel: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns CVE-2025-38499 kernel: iommufd: Fix race during abort for file...

Oracle Linux 10 : kernel (ELSA-2026-0453)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0453 advisory. - usb: dwc3: Fix race condition between concurrent dwc3removerequests call paths CKI Backport Bot RHEL-137150 CVE-2025-68287 - drm/vmwgfx: Validate...

kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails

A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...