SUSE SLED15 / SLES15 Security Update : libsndfile (SUSE-SU-2026:1968-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1968-1 advisory. This update for libsndfile fixes the following issues - CVE-2025-52194: buffer overflow in the ircamreadheader...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007441)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007441 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: initialize MAC header offset in qmimuxrxfixup Raw IP packets have no MAC heade...

RHEL 9 : postgresql:15 (RHSA-2026:4254)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4254 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL oidvector discloses a fe...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003949)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003949 advisory. In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003605)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003605 advisory. In the Linux kernel before 5.0.3, a memory leak exits in hsrdevfinalize in net/hsr/hsrdevice.c if hsraddport fails to add a port, which may cause denial of service,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002799)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002799 advisory. A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instructio...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002179)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002179 advisory. arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial o...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001685)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001685 advisory. In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array...

GHSA-JHJH-HCM6-MRCC vulnerabilities

Vulnerabilities for packages: linux-aws, linux-gcp, linux-azure...

TencentOS Server 4: perl (TSSA-2024:0301)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0301 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption CVE-2025-40019 Affected Packages: kernel Issue Correction: Run dnf update kernel --releasever 2023.9.20251110 or dnf update --advisory...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990533)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990533 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak in lpfcrcvpadisc The call to lpfcsli4resumerpi in...

TencentOS Server 3: cups (TSSA-2025:0807)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0807 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

RockyLinux 9 : ncurses (RLSA-2025:12876)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:12876 advisory. ncurses: segfaulting OOB read CVE-2022-29458 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Ness...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1170)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1170 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in addmissingindices CVE-2025-38204 In the Linux kernel, the following vulnerability...

TencentOS Server 3: redis:6 (TSSA-2025:0697)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0697 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

GLSA-202508-05 : Spreadsheet-ParseExcel: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202508-05 Spreadsheet-ParseExcel: Arbitrary Code Execution A vulnerability has been discovered in Spreadsheet::ParseExcel. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding...

Oracle Linux 9 : ncurses (ELSA-2025-12876)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-12876 advisory. 6.2-10.20210508.el96.2 - remove execute permissions from ANNOUNCE file RHEL-102738 6.2-10.20210508.el96.1 - guard against corrupt terminfo data in string...

GLSA-202506-12 : sysstat: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202506-12 sysstat: Arbitrary Code Execution A vulnerability has been discovered in sysstat. Please review the CVE identifier referenced below for details. This CVE improves on an incomplete fix for CVE-2022-39377. Tenable has...

Amazon Linux 2 : screen (ALAS-2025-2878)

The version of screen installed on the remote host is prior to 4.1.0-0.27.20120314git3c2946. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2878 advisory. TTY Hijacking while Attaching to a Multiuser Session in the screen package Has potential to break some reattach...