PT-2026-52941

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93 hmac setkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cra driver name e.g. "sha256-eip93" but...

PT-2026-52952

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference in dc dmub srv error paths In dc dmub srv log diagnostic data and dc dmub srv enable dpia trace. Both functions check: if !dc dmub srv || !dc dmub srv-dmub and then call DC LOG ERROR inside...

PT-2026-52882

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc stats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+prot...

PT-2026-52937

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airoha qdma init rx queue If queue entry or DMA descriptor list allocation fails in airoha qdma init rx queue routine, airoha qdma cleanup will trigger a NULL pointer dereference...

PT-2026-52893

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's ext authz HTTP filter when processing per-route authorization overrides...

SUSE SLED15: gdk-pixbuf-loader-libheif / libheif-aom / libheif-dav1d / etc (SUSE-SU-2026:2622-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2622-1 advisory. This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read i...

UBUNTU-CVE-2026-53153

In the Linux kernel, the following vulnerability has been resolved: mm/listlru: drain before clearing xarray entry on reparent memcgreparentlistlrus clears the dying memcg's xarray entry with xasstore&xas, NULL before reparenting its per-node lists into the parent. This opens a window where a...

UBUNTU-CVE-2026-53253

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...

UBUNTU-CVE-2026-53159

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to findvma misuse fastrpcgetargs uses findvma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA,...

UBUNTU-CVE-2026-53228

In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 header after GSO offloads ipip6tunnelxmit caches the inner IPv6 header pointer at function entry and continues using it after iptunnelhandleoffloads. For GSO skbs, iptunnelhandleoffloads calls...

SUSE SLES15 Security Update : kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:2496-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2496-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.184 fixes various security issues The following security issues were fixed: ...

UBUNTU-CVE-2025-60473

A NULL pointer dereference in the gffilterinparentchain function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

UBUNTU-CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

UBUNTU-CVE-2026-53184

In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...

PT-2026-52672

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

PT-2026-52670

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker ma...

SUSE SLES15 Security Update : bind (SUSE-SU-2026:2617-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2617-1 advisory. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory...

Fedora 44 : perl-DBI (2026-134fcb8549)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-134fcb8549 advisory. Update to 1.648; Fix CVE-2026-9698 and CVE-2026-10879 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 44 : chromium (2026-504709cab7)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-504709cab7 advisory. chromium-149.0.7827.196 security release CVE-2026-13028: Use after free in WebGL CVE-2026-13032: Use after free in WebGL CVE-2026-13033: Out of boun...

Oracle Linux 9 : mysql:8.4 (ELSA-2026-25052)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25052 advisory. mecab 0.996-3.4 - Bump version for package rebuild We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'CRB' repo - Resolves: 2182069...