Fedora 43 : dokuwiki (2026-511c8bd939)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-511c8bd939 advisory. Add a patch for CVE-2026-26477 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Oracle Linux 9 : xorg-x11-server (ELSA-2026-11388)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-11388 advisory. 1.20.11-33 - CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001 CVE-2026-34002, CVE-2026-34003 Resolves:...

CLSA-2026-1777368104 Fix CVE(s): CVE-2023-39810

SECURITY UPDATE: directory traversal in cpio extraction - debian/patches/CVE-2023-39810.patch: add FEATUREPATHTRAVERSALPROTECTION config option, call stripunsafeprefix in dataextractall.c to prevent path traversal via ../ in archive filenames. Covers cpio, ar, rpm. - Enable...

CLSA-2026-1777306218 Fix CVE(s): CVE-2026-33412

SECURITY UPDATE: Command injection via newline in glob - debian/patches/CVE-2026-33412.patch: add '\n' to SHELLSPECIAL in src/osunix.c so newlines in glob patterns are shell-escaped before mchexpandwildcards hands the string to the user's shell - CVE-2026-33412...

Oracle Solaris Critical Patch Update : apr2026_SRU11_4_92_214_1

The version of Solaris installed on the remote host is prior to 11.4.92.214.1. It is, therefore, affected by a vulnerability as referenced in the solaris11apr2026SRU114922141 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2026 Critical Patch Update. For more information please refer to Oracle's April 2026 CPU Advisory and the CVE links referenced below. Vulnerability Details...

openjdk: Enhance Zip file reading (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK:...

openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

openjdk: Enhance certificate chain validation (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

Oracle Critical Patch Update Advisory - April 2026

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

Oracle Critical Patch Update, April 2026 Security Update Review

Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 481 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

PT-2026-34454

Name of the Vulnerable Software and Affected Versions Ollama affected versions not specified Description An out-of-bounds heap read/write issue exists in the GGUF model quantization engine. An attacker can exploit this by uploading a specially crafted GPT-Generated Unified Format GGUF file to the...

CLSA-2026-1776776980 Fix CVE(s): CVE-2023-52425

SECURITY UPDATE: quadratic re-parsing DoS with large tokens - debian/patches/CVE-2023-52425.patch: add callProcessor wrapper with reparse deferral heuristic in expat/lib/xmlparse.c, add XMLSetReparseDeferralEnabled API in expat/lib/expat.h. - CVE-2023-52425...

Security update for rekor

This update for rekor rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007496 advisory. In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task ...

CLSA-2026-1776262694 Fix CVE(s): CVE-2026-0968

SECURITY UPDATE: null pointer dereference and out-of-bounds read in sftpparselongname when processing malformed SSHFXPNAME messages - debian/patches/CVE-2026-0968.patch: add null check, input validation, and end-of-string guards in sftpparselongname - CVE-2026-0968...

Security update for freerdp

This update for freerdp fixes the following issues: Security fixes: CVE-2026-26271: Buffer overread in FreeRDP icon processing bsc1258979. CVE-2026-26955: Out-of-Bounds write in ClearCodec surface command handler bsc1258982. CVE-2026-26965: Out-of-bounds write in planar bitmap RLE decompression...