CVE-2026-48792 pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...

bind security update

9.16.23-34.0.1.el97.2 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-34.2 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 32:9.16.23-34.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Replace downstream fixes...

PT-2026-31761

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

Security update for xen

This update for xen fixes the following issues: Security fixes: CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation XSA-479 bsc1256747 CVE-2025-58149: Fixed incorrect removal od permissions on PCI device...

MiracleLinux 9 : ghostscript-9.54.0-10.el9 (AXSA:2023-6481:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6481:03 advisory. ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices CVE-2023-36664 Tenable has extracted the preceding...

CVE-2005-1399

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2026:0012-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0012-1 advisory. Security issues fixed: - CVE-2025-27466: NULL pointer dereference in the Viridian interface when...

bind security update

32:9.16.23-34.0.1.1 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-34.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Replace downstream fixes with upstream changes - Address various spoofing attacks CVE-2025-40778 32:9.16.23-34 - Fix failures in idn...

bind security update

9.16.23-31.0.1 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-31.2 - Replace downstream fixes with upstream changes 32:9.16.23-31.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Address various spoofing attacks CVE-2025-40778...

Fedora 43 : xen (2025-22fd93478b)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-22fd93478b advisory. Incorrect removal of permissions on PCI device unplug XSA-476, CVE-2025-58149 ---- x86: Incorrect input sanitisation in Viridian hypercalls XSA-475,...

EUVD-2000-0268

Malware in sbrugna...

EUVD-2008-0254

Malware in sbrugna...

EUVD-2007-1186

Malware in sbrugna...

EUVD-2005-1402

Malware in sbrugna...

EUVD-2023-46267

Malicious code in bioql PyPI...

EUVD-2022-34881

Malicious code in bioql PyPI...

EUVD-2021-7698

Malicious code in bioql PyPI...

EUVD-2022-44205

Malicious code in bioql PyPI...

CVE-2022-20925

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

CentOS 7 : firefox (RHSA-2022:6711)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6711 advisory. - When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This...