Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Dovecot vulnerabilities (USN-8365-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8365-1 advisory. It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. A...

SUSE-SU-2026:2195-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. -...

Important: Red Hat Security Advisory: skopeo security update

An update for skopeo is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

SUSE SLES15 Security Update : tomcat (SUSE-SU-2026:1604-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1604-1 advisory. Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1473)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1473 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Medium: oci-add-hooks

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: soci-snapshotter

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: oci-add-hooks

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: containerd

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: docker

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Amazon Linux 2 : curl, --advisory ALAS2-2026-3173 (ALAS-2026-3173)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3173 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host...

Medium: golist

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

SUSE-SU-2026:20164-1 Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: - CVE-2024-53164: net: sched: fix ordering of qlen adjustment bsc1246019. - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collectmd xfrm...

SUSE-SU-2026:0144-1 Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline...

EUVD-2014-7066

Malware in sbrugna...

EUVD-2015-2021

Malware in sbrugna...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Qt vulnerabilities (USN-7780-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7780-1 advisory. It was discovered that Qt did not correctly handle certain inputs when using the SQL ODBC driver plugin. An attacker...

NewStart CGSL MAIN 7.02 : bind Multiple Vulnerabilities (NS-SA-2025-0108)

The remote NewStart CGSL host, running version MAIN 7.02, has bind packages installed that are affected by multiple vulnerabilities: - If a server hosts a zone containing a KEY Resource Record, or a resolver DNSSEC-validates a KEY Resource Record from a DNSSEC-signed domain in cache, a client can...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : Apache HTTP Server vulnerabilities (USN-7639-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7639-1 advisory. It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could...

Linux Distros Unpatched Vulnerability : CVE-2017-3731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to...