Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-4de4d247a0)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-4de4d247a0 advisory. nginx-mod-brotli: - Rebuild for 1.28.3 nginx-mod-fancyindex: - Rebuild for 1.28.3 nginx-mod-naxsi: - Rebuild for 1.28.3 nginx-mod-headers-more: -...

Linux Distros Unpatched Vulnerability : CVE-2026-31687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gpio: omap: do not register driver in probe Commit 11a78b794496 ARM: OMAP: MPUIO wake updates registers the omapmpuiodriver from omapmpuioinit, which is called...

Linux Distros Unpatched Vulnerability : CVE-2026-31573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to initconst misuse Fix a kernel panic when probing...

CVE-2026-7040

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...

CLSA-2026-1777396606 nginx: Fix of CVE-2026-27654

CVE-2026-27654: fix heap buffer overflow in ngxhttpdavmodule COPY/MOVE with alias...

MINI-PWR9-8W5F-H2MG

Bulletin has no description...

CLSA-2026-1777366733 python3: Fix of CVE-2026-1299

CVE-2026-1299: reject newline injection in email module's BytesGenerator when serializing headers - Skip test.testxmletree.XMLPullParserTest.testsimplexml during RPM build; unrelated expat-2.1.0-15.0.7.tuxcare.els1 regression breaks XMLPullParser chunked-feed semantics in TuxCare ELS el7 build...

MINI-CVM8-V5R3-C6X6

Bulletin has no description...

RLSA-2026:10745 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ProFTPD SQL注入漏洞

ProFTPD is an open-source FTP server software with high configurability developed by ProFTPD. Versions of ProFTPD prior to 1.3.10rc1 contained a SQL injection vulnerability. This vulnerability originated from the modsql module. In scenarios where USER requests with extensions like %U are recorded...

Linux Distros Unpatched Vulnerability : CVE-2026-31018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters,...

PT-2026-35575

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract to json of the file src/entry.py. Performing a manipulation of the argument output filename results in sql injection. Remote exploitation of the attack is possible. The exploit has...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : nginx vulnerabilities (USN-8210-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8210-1 advisory. It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use th...

Linux Distros Unpatched Vulnerability : CVE-2026-31019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to syst...

CVE-2026-40976

CVE-2026-40976 affects Spring Boot 4.0.0–4.0.5. In vulnerable configurations, a servlet-based web application that relies on Spring Boot’s default web security (no custom Spring Security config), depends on spring-boot-actuator-autoconfigure, and does not rely on spring-boot-health can experience...

CVE-2026-31689

A flaw was found in the EDAC/mc module of the Linux kernel. An error in the ordering of operations within the edacmcalloc function can lead to a situation where a device's release function is called before the device is fully initialized. This improper initialization can result in a kernel warnin...

JLSEC-2026-277 Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key...

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

CVE-2026-31687

In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe Commit 11a78b794496 "ARM: OMAP: MPUIO wake updates" registers the omapmpuiodriver from omapmpuioinit, which is called from omapgpioprobe. However, it neither makes sense to register...

EUVD-2026-25884

In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe Commit 11a78b794496 "ARM: OMAP: MPUIO wake updates" registers the omapmpuiodriver from omapmpuioinit, which is called from omapgpioprobe. However, it neither makes sense to register...

CVE-2026-31687

The CVE-2026-31687 issue concerns the Linux kernel GPIO/omap driver: omap_mpuio_driver was registered from omap_gpio_probe() and could deadlock because a device lock may be held during probe, compounded by the driver core changes enforcing device_lock for driver_match_device(). The driver was als...