PT-2026-52917

In the Linux kernel, the following vulnerability has been resolved: arm mpam: Check whether the config array is allocated before destroying it destroy component cfg is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If...

PT-2026-52954

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ras core get utc second timestamp function, which is used to retrieve the current UTC timestamp for RAS error events via a platform-specific...

PT-2026-52920

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d "iommu/vt-d: Avoid use of NULL after WARN ON ONCE" fixed a NULL pointer dereference in an unlikely situation partly. If dev pasid is not found ...

PT-2026-52955

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the ras core ras interrupt detected function. This issue happens when the ras core variable is NULL and the system attempts to access ras core-dev...

PT-2026-52938

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the airoha qdma cleanup tx queue function when the queue entry list allocation fails within the airoha qdma init tx queue routine. This is caused by...

PT-2026-52957

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the mt7925 tx check aggr function. This occurs when the sta variable is dereferenced before a NULL check is performed, which can lead to a system...

PT-2026-52919

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group-domain dereference in pci dev reset iommu done Local sashiko review pointed it out that group-domain could be NULL when a default domain fails to allocate during the first probe, which can crash at...

SUSE SLED15: gdk-pixbuf-loader-libheif / libheif-aom / libheif-dav1d / etc (SUSE-SU-2026:2622-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2622-1 advisory. This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read i...

SUSE SLED15: libsqlite3-0 / libsqlite3-0-32bit / sqlite3 / sqlite3-devel / etc (SUSE-SU-2026:2528-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2528-1 advisory. This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption...

Oracle Linux 9 : libxslt (ELSA-2026-28243)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-28243 advisory. - Fix CVE-2025-10911 RHEL-171991 - Fix upgrade path for CVE-2023-40403 RHEL-82213 - Fix CVE-2023-40403 RHEL-82213 - Fix CVE-2024-55549 RHEL-83514 Tenable has...

SUSE SLES15 Security Update : containerized-data-importer (SUSE-SU-2026:2493-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2493-1 advisory. - Security: re-vendor Go dependencies to address CVEs tracked against containerized-data-importer backport of upstream PR 4110,...

RHEL 8 : libxslt (RHSA-2026:29976)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:29976 advisory. libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlyi...

SUSE SLES12: libsqlite3-0 / libsqlite3-0-32bit / sqlite3 / sqlite3-devel / etc (SUSE-SU-2026:2527-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2527-1 advisory. This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text...

PT-2026-52941

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the eip93 hmac setkey function where it incorrectly uses the CRYPTO ALG ASYNC mask when allocating a temporary ahash transform. Because EIP93 hash algorithms are...

PT-2026-52946

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the pinconf generic parse dt pinmux function where it assumes the pinmux property is not empty when present. If the pinmux property is empty, the allocator returns a...

PT-2026-52922

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in rlookup amd iommu iommu device register walks every device on the PCI bus via bus for each dev and calls amd iommu probe device for each. The inlined check device path computes the device's sbdf,...

Oracle Linux 9 : freerdp (ELSA-2026-19349)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19349 advisory. - Lock appWindow to fix use-after-free in RAIL mode CVE-2026-25952 Resolves: RHEL-159860 - Fix double free in xfrailwindowcommon cleanup CVE-2026-2698...

AlmaLinux 9 : libpng15 (ALSA-2026:28244)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:28244 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly from th...

PT-2026-52672

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

PT-2026-52670

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker ma...