MiracleLinux 8 : rust-toolset:rhel8 (AXSA:2022-2990:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2990:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : redis:5 (AXSA:2021-2497:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2497:01 advisory. redis: Lua scripts can overflow the heap-based Lua stack CVE-2021-32626 redis: Integer overflow issue with Streams CVE-2021-32627 redis: Integer...

MiracleLinux 8 : gssntlmssp-1.2.0-1.el8.ML.1 (AXSA:2023-6149:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6149:01 advisory. gssntlmssp: multiple out-of-bounds read when decoding NTLM fields CVE-2023-25563 gssntlmssp: memory corruption when decoding UTF16 strings...

MiracleLinux 8 : redis:6 (AXSA:2021-2495:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2495:01 advisory. redis: Lua scripts can overflow the heap-based Lua stack CVE-2021-32626 redis: Integer overflow issue with Streams CVE-2021-32627 redis: Integer...

MiracleLinux 7 : augeas-1.4.0-2.el7.1 (AXSA:2017-2340:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2340:01 advisory. A vulnerability was discovered in augeas affecting the handling of escaped strings. An attacker could send crafted strings that would cause the application...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001109)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001109 advisory. In the Linux kernel before 4.12, Hisilicon Network Subsystem HNS does not consider the ETHSSPRIVFLAGS case when retrieving ssetcount data, which allows local users t...

SUSE CVE-2025-68795

In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOLGSSETINFO for the size, ETHTOOLGSTRINGS for the names, and ETHTOOLGSTATS for the values. If the number of...

SUSE CVE-2025-68816

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002919)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002919 advisory. In the Linux kernel before 4.12, Hisilicon Network Subsystem HNS does not consider the ETHSSPRIVFLAGS case when retrieving ssetcount data, which allows local users t...

OPENSUSE-SU-2026:20030-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed modmd ACME, unintended retry intervals bsc1254511 - CVE-2025-58098: Fixed Server Side Includes adds query string to exec cmd bsc1254512 - CVE-2025-65082: Fixed CGI environment variable override bsc1254514 - CVE-2025-66200...

CVE-2025-69270

Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...

curl: IMAP Protocol Desynchronization and Response Smuggling via Naive Literal Parsing

libcurl incorrectly parses IMAP literals size even when they are embedded within quoted strings e.g., email subjects or headers. This behavior violates RFC 3501, which mandates that content inside double quotes must be treated as opaque text. This parsing error causes the client state machine to...

AZL-74430 CVE-2025-68816 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from...

UBUNTU-CVE-2025-68816

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from...

CVE-2025-68816

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from...

UBUNTU-CVE-2025-68795

In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOLGSSETINFO for the size, ETHTOOLGSTRINGS for the names, and ETHTOOLGSTATS for the values. If the number of...

CVE-2025-68816 net/mlx5: fw_tracer, Validate format string parameters

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from...

CVE-2025-68816 net/mlx5: fw_tracer, Validate format string parameters

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from...

CVE-2025-68795

The CVE-2025-68795 issue affects Linux kernel ethtool statistics queries. If the number of stats changes between the three ioctl calls (ETHTOOL_GSSET_INFO, ETHTOOL_GSTRINGS, ETHTOOL_GSTATS), userspace buffers may overflow. Some drivers (e.g., mlx5, bnx2x, bna, ksz884x) use dynamic counters, creat...

CVE-2025-68795

In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOLGSSETINFO for the size, ETHTOOLGSTRINGS for the names, and ETHTOOLGSTATS for the values. If the number of...