Advisory ROSA-SA-2026-3308

CVE-ID: CVE-2020-24332 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: The vulnerability in the tcsd daemon of the TrouSerS package relates to the possibility of attacks through symbolic links when creating the system.data file. It allows a local malicious actor tss user to create or damage arbitrar...

Advisory ROSA-SA-2026-3303

Component: libpano13 2.9.20 OS: ROSA-CHROME Unaffected versions: = libpano13-2.9.20-4 Affected versions: libpano13-2.9.20-4 CVE-ID: CVE-2021-33293 BDU-ID: None CVE-Crit: CRITICAL CVE-DESCRIPTION: A vulnerability exists in Panorama Tools libpano13 v2.9.20, specifically in the panoParserFindOLine...

Fedora 43 : suricata (2026-4ec2ec78d6)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4ec2ec78d6 advisory. Upstream bugfix/security release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 43 : netatalk (2026-9fd50b2ff1)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9fd50b2ff1 advisory. 4.4.3 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

CVE-2026-7263

A flaw was found in PHP. The DOMNode::C14N method may incorrectly process XML data due to the improper removal of an xmlns attribute from the underlying libxml2 data structure, corrupting the linked list representing the XML document and causing an infinite loop. This issue can lead to excessive...

Security Bulletin: There is a vulnerability in netty-codec-http-4.1.132.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41417)

Summary There is a vulnerability in netty-codec-http-4.1.132.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-42264 DESCRIPTION: Axios is a promise based HTTP client for...

RockyLinux 10 : python-markdown (RLSA-2026:19155)

The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19155 advisory. python-markdown: denial of service via malformed HTML-like sequences CVE-2025-69534 Tenable has extracted the preceding description block directly from the...

RockyLinux 9 : nginx:1.26 (RLSA-2026:19372)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19372 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

MiracleLinux 8 : glibc-2.28-251.el8_10.37 (AXSA:2026-726:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-726:04 advisory. glibc: glibc: Denial of Service via iconv function with specific character sets CVE-2026-4046 Tenable has extracted the preceding description block...

RockyLinux 9 : luksmeta (RLSA-2026:18824)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18824 advisory. luksmeta: Data corruption when handling LUKS1 partitions with luksmeta CVE-2025-11568 Tenable has extracted the preceding description block directly from the...

Fedora 43 : poppler (2026-2a9d57ce6b)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2a9d57ce6b advisory. This update fixes CVE-2025-52885 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

EUVD-2026-32276

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

Important: kernel-livepatch-6.18.15-14.217

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.18.15-14.217 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.83-111.159

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.12.83-111.159 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.83-111.159

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.12.83-111.159 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.74-98.124

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.12.74-98.124 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.1.170-208.319

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.1.170-208.319 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

CVE-2026-9490

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...

CVE-2026-9490 Acer Care Center creates a Named Pipe with a weak Security Descriptor

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...