Update the affected aide packages.

EulerOS 2.0 SP11 : containerd (EulerOS-SA-2026-1572)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302729 with High Severity

Synopsis

The remote EulerOS host is missing a security update.

Solution

Update the affected python3 packages.

EulerOS Virtualization 2.12.1 : libtasn1 (EulerOS-SA-2026-1440)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302709 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Update the affected libvirt packages.

EulerOS Virtualization 2.12.0 : icu (EulerOS-SA-2026-1488)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302701 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

According to the versions of the icu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.(CVE-2025-5222)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization icu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected icu packages.

EulerOS Virtualization 2.12.0 : brotli (EulerOS-SA-2026-1476)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302700 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

According to the versions of the brotli package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.(CVE-2025-6176)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization brotli security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected brotli packages.

EulerOS Virtualization 2.12.1 : rsync (EulerOS-SA-2026-1460)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302699 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Solution

Update the affected python-ldap packages.

EulerOS Virtualization 2.12.0 : ncurses (EulerOS-SA-2026-1502)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302693 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.(CVE-2024-52615)

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.(CVE-2024-52616)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization avahi security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected avahi packages.

EulerOS Virtualization 2.12.1 : protobuf (EulerOS-SA-2026-1454)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302682 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

Any project that uses Protobuf Pure-Python backendto parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUPtags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =6.31.1 or beyond commit17838beda2943d08b8a9d4df5b68f5f04f26d901(CVE-2025-4565)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization protobuf security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected protobuf packages.

EulerOS Virtualization 2.12.0 : httpd (EulerOS-SA-2026-1487)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302681 with Critical Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Solution

Update the affected libarchive packages.

EulerOS Virtualization 2.12.0 : bind (EulerOS-SA-2026-1474)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302677 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.

This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.(CVE-2025-40780)

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.(CVE-2025-40778)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization bind security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected bind packages.

EulerOS Virtualization 2.12.0 : expat (EulerOS-SA-2026-1480)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302676 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

Solution

Update the affected expat packages.

EulerOS Virtualization 2.12.0 : libarchive (EulerOS-SA-2026-1492)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302675 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

Description

Solution

Update the affected avahi packages.

EulerOS Virtualization 2.12.0 : iputils (EulerOS-SA-2026-1489)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302668 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

Description

Description

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.(CVE-2025-9640)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization samba security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected samba packages.

EulerOS Virtualization 2.12.1 : systemd (EulerOS-SA-2026-1466)

Tue, 17 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302657 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.

A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd- coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.(CVE-2025-4598)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization systemd security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected systemd packages.

EulerOS 2.0 SP11 : aide (EulerOS-SA-2026-1597)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302656 with Medium Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

Solution

Update the affected aide packages.

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-1606)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302655 with Medium Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

Description

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks.
Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.(CVE-2025-11411)

Tenable has extracted the preceding description block directly from the EulerOS unbound security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected unbound packages.

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-1602)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302651 with Medium Severity

Synopsis

The remote EulerOS host is missing a security update.

Description

Solution

Update the affected curl packages.

EulerOS Virtualization 2.12.0 : python-requests (EulerOS-SA-2026-1515)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302641 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.(CVE-2024-47081)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization python-requests security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected python-requests packages.

EulerOS Virtualization 2.12.1 : python-urllib3 (EulerOS-SA-2026-1459)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302640 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

Description

Solution

Update the affected python-pip packages.

EulerOS Virtualization 2.10.0 : avahi (EulerOS-SA-2026-1549)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302627 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

Description

According to the versions of the libpcap package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.(CVE-2025-11961)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization libpcap security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected libpcap packages.

EulerOS Virtualization 2.12.0 : krb5 (EulerOS-SA-2026-1491)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302623 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.(CVE-2025-3576)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization krb5 security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected krb5 packages.

EulerOS Virtualization 2.12.0 : edk2 (EulerOS-SA-2026-1528)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302622 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

Solution

Update the affected edk2 packages.

EulerOS Virtualization 2.10.0 : grub2 (EulerOS-SA-2026-1555)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302621 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.(CVE-2025-61662)

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.(CVE-2025-61664)

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.(CVE-2025-61663)

A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.(CVE-2025-61661)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization grub2 security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected grub2 packages.

EulerOS Virtualization 2.12.0 : net-snmp (EulerOS-SA-2026-1503)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302620 with Critical Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

Solution

Update the affected net-snmp packages.

EulerOS Virtualization 2.12.1 : nss (EulerOS-SA-2026-1447)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302619 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5.(CVE-2022-22747)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization nss security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected nss packages.

EulerOS Virtualization 2.12.0 : protobuf (EulerOS-SA-2026-1511)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302618 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Solution

Update the affected python-urllib3 packages.

EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-1624)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302609 with Medium Severity

Synopsis

The remote EulerOS host is missing a security update.

Description

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.(CVE-2025-14104)

Tenable has extracted the preceding description block directly from the EulerOS util-linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected util-linux packages.

EulerOS Virtualization 2.12.0 : libsodium (EulerOS-SA-2026-1495)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302608 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

Solution

Update the affected libsodium packages.

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-1537)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302607 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

media: v4l2-mem2mem: add lock to protect parameter num_rdy(CVE-2023-53519)

md: Replace snprintf with scnprintf(CVE-2022-50299)

mm/vmscan: don't try to reclaim hwpoison folio(CVE-2025-37834)

ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()(CVE-2023-53271)

md/raid10: fix wrong setting of max_corr_read_errors(CVE-2023-53313)

scsi: target: target_core_configfs: Add length check to avoid buffer overflow(CVE-2025-39998)

loop: Avoid updating block size under exclusive owner(CVE-2025-38709)

mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory(CVE-2025-39883)

scsi: qla4xxx: Prevent a potential error pointer dereference(CVE-2025-39676)

NFS: Fix a race when updating an existing write(CVE-2025-39697)

scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses(CVE-2023-7324)

efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare(CVE-2025-39817)

dm raid: fix address sanitizer warning in raid_resume(CVE-2022-50085)

usb-storage: alauda: Fix uninit-value in alauda_check_media()(CVE-2023-53847)

mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list(CVE-2025-39725)

md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request(CVE-2023-53380)

md/raid10: check slab-out-of-bounds in md_bitmap_get_counter(CVE-2023-53357)

net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode(CVE-2023-53733)

fs: quota: create dedicated workqueue for quota_release_work(CVE-2025-40196)

partitions: mac: fix handling of bogus partition table(CVE-2025-21772)

HID: hidraw: fix memory leak in hidraw_release()(CVE-2022-49981)

pid: Add a judgment for ns null in pid_nr_ns(CVE-2025-40178)

libceph: fix potential use-after-free in have_mon_and_osd_map()(CVE-2025-68285)

watchdog: Fix kmemleak in watchdog_cdev_register(CVE-2023-53234)

drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()(CVE-2022-50402)

PNP: fix name memory leak in pnp_alloc_dev()(CVE-2022-50278)

ipvs: Defer ip_vs_ftp unregister during netns cleanup(CVE-2025-40018)

nbd: Fix hung when signal interrupts nbd_start_device_ioctl()(CVE-2022-50314)

igb: Do not free q_vector unless new one was allocated(CVE-2022-50252)

ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed(CVE-2023-53481)

cacheinfo: Fix shared_cpu_map to handle shared caches at different levels(CVE-2023-53254)

scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()(CVE-2025-40115)

scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()(CVE-2023-53676)

NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid(CVE-2025-68349)

net: hns: fix possible memory leak in hnae_ae_register()(CVE-2022-50352)

md: call __md_stop_writes in md_stop(CVE-2022-49987)

net/packet: fix a race in packet_set_ring() and packet_notifier()(CVE-2025-38617)

regulator: of: Fix refcount leak bug in of_get_regulation_constraints()(CVE-2022-50191)

ubi: Fix use-after-free when volume resizing failed(CVE-2023-53800)

HID: multitouch: Correct devm device reference for hidinput input_dev name(CVE-2023-53454)

ipv6: reject malicious packets in ipv6_gso_segment()(CVE-2025-38572)

md/raid10: fix leak of 'r10bio-remaining' for recovery(CVE-2023-53299)

scsi: qla2xxx: Wait for io return on terminate rport(CVE-2023-53322)

udf: Detect system inodes linked into directory hierarchy(CVE-2023-53695)

igb: Fix igb_down hung on surprise removal(CVE-2023-53148)

cifs: Fix warning and UAF when destroy the MR list(CVE-2023-53427)

scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()(CVE-2023-53803)

ubi: ensure that VID header offset + VID header size = alloc, size(CVE-2023-53265)

fs/proc: fix uaf in proc_readdir_de()(CVE-2025-40271)

firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails(CVE-2022-50087)

md-raid10: fix KASAN warning(CVE-2022-50211)

scsi: ses: Fix possible desc_ptr out-of-bounds accesses(CVE-2023-53675)

mmc: core: Fix kernel panic when remove non-standard SDIO card(CVE-2022-50640)

nfs: handle failure of nfs_get_lock_context in unlock path(CVE-2025-38023)

udf: Do not update file length for failed writes to inline files(CVE-2023-53295)

RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug(CVE-2025-38024)

sctp: check send stream number after wait_for_sndbuf(CVE-2023-53296)

net/sched: sch_qfq: Fix race condition on qfq_aggregate(CVE-2025-38477)

RDMA/rxe: Fix 'kernel NULL pointer dereference' error(CVE-2022-50671)

i40e: add validation for ring_len param(CVE-2025-39973)

md/raid1: Fix stack memory use after return in raid1_reshape(CVE-2025-38445)

Squashfs: check return result of sb_min_blocksize(CVE-2025-38415)

net/tunnel: wait until all sk_user_data reader finish before releasing the sock(CVE-2022-50405)

ip6_vti: fix slab-use-after-free in decode_session6(CVE-2023-53821)

af_unix: Fix data-races around user-unix_inflight.(CVE-2023-53204)

RDMA/rxe: Fix error unwind in rxe_create_qp()(CVE-2022-50127)

__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock(CVE-2025-38058)

NFSD: Protect against send buffer overflow in NFSv2 READ(CVE-2022-50410)

scsi: hpsa: Fix possible memory leak in hpsa_init_one()(CVE-2022-50646)

sctp: handle the error returned from sctp_auth_asoc_init_active_key(CVE-2022-50243)

vsock: Do not allow binding to VMADDR_PORT_ANY(CVE-2025-38618)

smb: client: Fix use-after-free in cifs_fill_dirent(CVE-2025-38051)

scsi: libiscsi: Initialize iscsi_conn-dd_data only if memory is allocated(CVE-2025-38700)

sctp: fix a potential overflow in sctp_ifwdtsn_skip(CVE-2023-53372)

pstore/ram: Check start of empty przs during init(CVE-2023-53331)

clk: samsung: Fix memory leak in _samsung_clk_register_pll()(CVE-2022-50449)

md/raid10: prevent soft lockup while flush writes(CVE-2023-53151)

nfsd: call op_release, even when op_func returns an error(CVE-2023-53241)

cifs: Release folio lock on fscache read hit.(CVE-2023-53593)

net: bridge: fix soft lockup in br_multicast_query_expired()(CVE-2025-39773)

cifs: fix small mempool leak in SMB2_negotiate()(CVE-2022-49938)

dm raid: fix address sanitizer warning in raid_status(CVE-2022-50084)

nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()(CVE-2025-38724)

scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()(CVE-2023-54014)

block: fix resource leak in blk_register_queue() error path(CVE-2025-37980)

drm/client: Fix memory leak in drm_client_target_cloned(CVE-2023-54091)

dm flakey: fix a crash with invalid table line(CVE-2023-53786)

crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()(CVE-2023-53817)

hwrng: virtio - Fix race on data_avail and actual data(CVE-2023-53998)

sched/fair: Don't balance task to its current running CPU(CVE-2023-53215)

ppp: associate skb with a device at tx(CVE-2022-50655)

fbdev: bitblit: bound-check glyph index in bit_putcs*(CVE-2025-40322)

acct: fix potential integer overflow in encode_comp_t()(CVE-2022-50749)

udf: Avoid double brelse() in udf_rename()(CVE-2022-50755)

tee: add overflow check in register_shm_helper()(CVE-2022-50080)

drm: Prevent drm_copy_field() to attempt copying a NULL pointer(CVE-2022-50884)

crypto: api - Use work queue in crypto_destroy_instance(CVE-2023-53799)

mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()(CVE-2023-53623)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

EulerOS Virtualization 2.12.0 : libxml2 (EulerOS-SA-2026-1499)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302606 with Low Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

Solution

Update the affected libxml2 packages.

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2026-1607)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302605 with Medium Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

Description

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.(CVE-2025-11412)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization binutils security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected binutils packages.

EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2026-1478)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302601 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

Solution

Update the affected curl packages.

EulerOS 2.0 SP11 : samba (EulerOS-SA-2026-1622)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302600 with Medium Severity

Synopsis

The remote EulerOS host is missing a security update.

Description

Description

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.(CVE-2025-40780)

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.(CVE-2025-40778)

Tenable has extracted the preceding description block directly from the EulerOS bind security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected bind packages.

EulerOS Virtualization 2.10.1 : grub2 (EulerOS-SA-2026-1535)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302596 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.(CVE-2025-61662)

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.(CVE-2025-61664)

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.(CVE-2025-61663)

A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.(CVE-2025-61661)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization grub2 security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected grub2 packages.

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2026-1603)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302595 with High Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Update the affected openssh packages.

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2026-1609)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302588 with High Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

Description

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.(CVE-2025-10158)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization rsync security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected rsync packages.

EulerOS Virtualization 2.10.1 : binutils (EulerOS-SA-2026-1530)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302581 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing a security update.

Description

Description

Description

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.Note that upgrading pip to a 'fixed' version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.Note that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706 and therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706 then pip doesn't use the 'vulnerable' fallback code.Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python =3.9.17, =3.10.12, =3.11.4, or =3.12),applying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.(CVE-2025-8869)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization python-pip security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected python-pip packages.

EulerOS Virtualization 2.10.1 : python-ldap (EulerOS-SA-2026-1543)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302561 with Medium Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

Solution

Update the affected python-ldap packages.

EulerOS Virtualization 2.10.0 : python-urllib3 (EulerOS-SA-2026-1565)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302560 with High Severity

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

Description

Description

Description

According to the versions of the libsodium package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.(CVE-2025-69277)

Tenable has extracted the preceding description block directly from the EulerOS libsodium security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected libsodium packages.

EulerOS 2.0 SP12 : cups (EulerOS-SA-2026-1354)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302478 with Medium Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Update the affected gdb packages.

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2026-1407)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302462 with Medium Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

Description

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.

This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.(CVE-2025-66200)

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.

This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.

Users are recommended to upgrade to version 2.4.66 which fixes the issue.(CVE-2025-65082)

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd='...' directives.

This issue affects Apache HTTP Server before 2.4.66.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.(CVE-2025-58098)

Tenable has extracted the preceding description block directly from the EulerOS httpd security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected httpd packages.

EulerOS 2.0 SP12 : gnupg2 (EulerOS-SA-2026-1392)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302458 with High Severity

Synopsis

The remote EulerOS host is missing a security update.

Description

Solution

Update the affected gnupg2 packages.

EulerOS 2.0 SP10 : golang (EulerOS-SA-2026-1310)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302457 with High Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.(CVE-2025-61729)

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.(CVE-2025-58185)

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non- linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.(CVE-2025-58187)

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.(CVE-2025-61723)

Tenable has extracted the preceding description block directly from the EulerOS golang security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected golang packages.

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2026-1380)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302456 with Medium Severity

Synopsis

The remote EulerOS host is missing a security update.

Solution

Update the affected gnupg2 packages.

EulerOS 2.0 SP12 : grub2 (EulerOS-SA-2026-1395)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302447 with High Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.(CVE-2025-61662)

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.(CVE-2025-61664)

A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.(CVE-2025-54771)

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.(CVE-2025-61663)

A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.(CVE-2025-61661)

Tenable has extracted the preceding description block directly from the EulerOS grub2 security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected grub2 packages.

EulerOS 2.0 SP12 : dhcp (EulerOS-SA-2026-1356)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302446 with High Severity

Synopsis

The remote EulerOS host is missing a security update.

Description

Description

Description

According to the versions of the libpng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of- bounds memory access. This issue has been patched in version 1.6.51.(CVE-2025-64505)

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.(CVE-2025-64506)

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.
Upgrade to libpng 1.6.52 or later.(CVE-2025-66293)

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018.
This vulnerability is fixed in 1.6.54.(CVE-2026-22695)

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.(CVE-2026-22801)

Tenable has extracted the preceding description block directly from the EulerOS libpng security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected libpng packages.

EulerOS 2.0 SP12 : curl (EulerOS-SA-2026-1386)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302407 with Medium Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers.

Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.(CVE-2025-14017)

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.(CVE-2025-14524)

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.(CVE-2025-15224)

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts
*not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.(CVE-2025-15079)

Tenable has extracted the preceding description block directly from the EulerOS curl security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected curl packages.

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1319)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302406 with Medium Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

Solution

Update the affected python3 packages.

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1313)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302405 with High Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()(CVE-2025-40115)

scsi: target: Fix WRITE_SAME No Data Buffer crash(CVE-2022-21546)

NFSD: Fix crash in nfsd4_read_release()(CVE-2025-40324)

scsi: qla4xxx: Prevent a potential error pointer dereference(CVE-2025-39676)

loop: Avoid updating block size under exclusive owner(CVE-2025-38709)

media: v4l2-mem2mem: add lock to protect parameter num_rdy(CVE-2023-53519)

mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()(CVE-2022-50347)

net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb(CVE-2023-53548)

platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()(CVE-2022-50521)

tipc: fix an information leak in tipc_topsrv_kern_subscr(CVE-2022-50531)

scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()(CVE-2023-54014)

ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()(CVE-2023-53271)

dma-buf: insert memory barrier before updating num_fences(CVE-2025-38095)

md/raid10: fix wrong setting of max_corr_read_errors(CVE-2023-53313)

scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses(CVE-2023-7324)

scsi: storvsc: Fix handling of virtual Fibre Channel timeouts(CVE-2023-53245)

md/raid10: prevent soft lockup while flush writes(CVE-2023-53151)

clk: samsung: Fix memory leak in _samsung_clk_register_pll()(CVE-2022-50449)

sctp: fix a potential overflow in sctp_ifwdtsn_skip(CVE-2023-53372)

crypto: api - Use work queue in crypto_destroy_instance(CVE-2023-53799)

drm: Prevent drm_copy_field() to attempt copying a NULL pointer(CVE-2022-50884)

dm raid: fix address sanitizer warning in raid_status(CVE-2022-50084)

cifs: fix small mempool leak in SMB2_negotiate()(CVE-2022-49938)

net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device(CVE-2023-54015)

ipv6: reject malicious packets in ipv6_gso_segment()(CVE-2025-38572)

fs/proc: fix uaf in proc_readdir_de()(CVE-2025-40271)

scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()(CVE-2023-53803)

macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse(CVE-2025-68367)

ubi: Fix use-after-free when volume resizing failed(CVE-2023-53800)

crypto: qat - fix DMA transfer direction(CVE-2022-50774)

scsi: hpsa: Fix possible memory leak in hpsa_init_one()(CVE-2022-50646)

mmc: core: Fix kernel panic when remove non-standard SDIO card(CVE-2022-50640)

usb: host: ohci-ppc-of: Fix refcount leak bug(CVE-2022-50033)

PNP: fix name memory leak in pnp_alloc_dev()(CVE-2022-50278)

media: dvb-frontends: fix leak of memory fw(CVE-2022-50664)

fs: quota: create dedicated workqueue for quota_release_work(CVE-2025-40196)

acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl(CVE-2024-56662)

scsi: ses: Handle enclosure with just a primary component gracefully(CVE-2023-53431)

pid: Add a judgment for ns null in pid_nr_ns(CVE-2025-40178)

NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid(CVE-2025-68349)

hwrng: virtio - Fix race on data_avail and actual data(CVE-2023-53998)

usb-storage: alauda: Fix uninit-value in alauda_check_media()(CVE-2023-53847)

netlink: do not hard code device address lenth in fdb dumps(CVE-2023-53863)

drm/client: Fix memory leak in drm_client_target_cloned(CVE-2023-54091)

ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe(CVE-2025-68241)

md/raid10: fix null-ptr-deref in raid10_sync_request(CVE-2023-53832)

iommu/amd: Fix pci device refcount leak in ppr_notifier()(CVE-2022-50505)

net: read sk-sk_family once in sk_mc_loop()(CVE-2023-53831)

fbdev: bitblit: bound-check glyph index in bit_putcs*(CVE-2025-40322)

bpf: make sure skb-len != 0 when redirecting to a tunneling device(CVE-2022-50253)

ppp: associate skb with a device at tx(CVE-2022-50655)

ip6_vti: fix slab-use-after-free in decode_session6(CVE-2023-53821)

hwrng: amd - Fix PCI device refcount leak(CVE-2022-50868)

netlink: annotate accesses to nlk-cb_running(CVE-2023-53853)

acct: fix potential integer overflow in encode_comp_t()(CVE-2022-50749)

RDMA/rxe: Fix 'kernel NULL pointer dereference' error(CVE-2022-50671)

udf: Avoid double brelse() in udf_rename()(CVE-2022-50755)

dm flakey: fix a crash with invalid table line(CVE-2023-53786)

libceph: fix potential use-after-free in have_mon_and_osd_map()(CVE-2025-68285)

crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()(CVE-2023-53817)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2026-1324)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302404 with Medium Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

Description

Description

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the `ldap.filter.escape_filter_chars` method to raise an exception when the supplied `assertion_value` parameter is not of type `str`.(CVE-2025-61911)

python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.(CVE-2025-61912)

Tenable has extracted the preceding description block directly from the EulerOS python-ldap security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected python-ldap packages.

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2026-1362)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302395 with Medium Severity

Synopsis

The remote EulerOS host is missing a security update.

Description

Solution

Update the affected gnutls packages.

EulerOS 2.0 SP10 : cups (EulerOS-SA-2026-1304)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302394 with Medium Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

Description

Description

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The

malicious

rsync client requires at least read access to the remote rsync module in order to trigger the issue.(CVE-2025-10158)

Tenable has extracted the preceding description block directly from the EulerOS rsync security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected rsync packages.

EulerOS 2.0 SP12 : samba (EulerOS-SA-2026-1381)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302381 with Medium Severity

Synopsis

The remote EulerOS host is missing a security update.

Description

Solution

Update the affected samba packages.

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1339)

Mon, 16 Mar 2026 00:00:00 GMT

Nessus Plugin ID 302380 with High Severity

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

Description

The version of Google Chrome installed on the remote macOS host is prior to 146.0.7680.80. It is, therefore, affected by a vulnerability as referenced in the 2026_03_stable-channel-update-for-desktop_13 advisory.

- Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2026-3909)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 146.0.7680.80 or later.