PT-2026-52919

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group-domain dereference in pci dev reset iommu done Local sashiko review pointed it out that group-domain could be NULL when a default domain fails to allocate during the first probe, which can crash at...

PT-2026-52884

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 See Other internal redirects for body-less non-GET/HEAD requests...

Oracle Linux 9 : libxml2 (ELSA-2026-28254)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-28254 advisory. 2.9.13-14.1 - Fix CVE-2024-34459 RHEL-177882 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Debian dsa-6365 : libssh2-1-dev - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6365 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6365-1 [email protected] https://www.debian.org/securit...

Fedora 43 : tinyproxy (2026-77f1ca9c8f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-77f1ca9c8f advisory. Backport upstream fixes for CVE-2026-54387 and CVE-2026-54388. Tenable has extracted the preceding description block directly from the Fedora securi...

AlmaLinux 9 : nginx:1.26 (ALSA-2026:29151)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:29151 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the AlmaLinux...

SUSE SLES16 Security Update : graphite2 (SUSE-SU-2026:22191-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:22191-1 advisory. This update for graphite2 fixes the following issue - CVE-2026-50593: Out-of-bounds write via Graphite actions bsc1267733. Tenable has...

SUSE SLES12 Security Update : libxslt (SUSE-SU-2026:2585-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2585-1 advisory. This update for libxslt fixes the following issue - CVE-2023-40403: Processing web content may disclose sensitive information bsc1238591. Tenable has...

SUSE SLES16: tomcat10 / tomcat10-admin-webapps / tomcat10-doc / etc (SUSE-SU-2026:22197-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22197-1 advisory. This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and...

SUSE SLES16: libppsdocument4_0-5 / libppsview4_0-4 / nautilus-extension-papers / etc (SUSE-SU-2026:22182-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:22182-1 advisory. This update for papers fixes the following issues Security issue: - CVE-2026-46529: command injection bsc1265880. Changes for papers: -...

Debian dsa-6366 : sogo - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6366 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6366-1 [email protected] https://www.debian.org/securit...

Fedora 44 : python-django-allauth (2026-2c5cde060d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2c5cde060d advisory. Update to the latest django-allauth Fixes CVE-2026-27982 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

Fedora 43 : librabbitmq (2026-454722e3d8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-454722e3d8 advisory. Version 0.16.0 - 2026-06-08 Security - Fix out-of-bounds read via undersized frames in amqphandleinput GHSA-9mmv-r8g3-qp46, 878 - Fix client crash when serve...

UBUNTU-CVE-2026-53163

In the Linux kernel, the following vulnerability has been resolved: locking/rtmutex: Skip removewaiter when waiter is not enqueued syzbot triggered the following splat in removewaiter via FUTEXCMPREQUEUEPI: KASAN: null-ptr-deref in range 0x0000000000000a88-0x0000000000000a8f...

UBUNTU-CVE-2026-53177

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .errordetected callback,...

PT-2026-53018

Summary LinkifyIt.prototype.match — the package's primary public API — has ON² algorithmic complexity for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchored regex search...

PT-2026-53025

Summary js-toml's interpreter checks whether a key already exists in a parser-built container with if objectkey instead of if key in object. When the prior value is a falsy primitive — false, 0, 0n, 0.0, -0, or "" — the duplicate-key branch is skipped and the value is silently overwritten by a...

PT-2026-52940

In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet...

PT-2026-52938

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airoha qdma init tx If queue entry list allocation fails in airoha qdma init tx queue routine, airoha qdma cleanup tx queue will trigger a NULL pointer dereference accessing the...

PT-2026-52944

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ps883x: Fix Oops at unbind When trying to unbind a device in order to bind to it vfio-platform as: echo bc0000.geniqup /sys/bus/platform/devices/bc0000.geniqup/driver/unbind I get the following Oops: 436.478639 Unable...