RockyLinux 10 : corosync (RLSA-2026:19043)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19043 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via intege...

corosync: Corosync: Denial of Service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...

AlmaLinux 10 : corosync (ALSA-2026:13644)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13644 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer...

MiracleLinux 8 : corosync-3.1.8-1.el8_10.1 (AXSA:2026-593:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-593:02 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via...

corosync: Corosync: Denial of Service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...

RHEL 8 : corosync (RHSA-2026:14215)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14215 advisory. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fixes: corosyn...

RockyLinux 8 : corosync (RLSA-2026:13657)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13657 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer...

CVE-2026-35092

Corosync: A vulnerability in the join message sanity validation causes an integer overflow when using totemudp/totemudpu mode. Remote, unauthenticated attackers can send crafted UDP packets to crash the service, resulting in an availability impact (DoS). No remediation details are provided in the...

CVE-2026-35091

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: corosync (UTSA-2026-005515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005515 advisory. Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack- based buffer overflow in orftokenendianconvert in...

TencentOS Server 4: corosync (TSSA-2025:0287)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0287 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2013-0281

Malware in sbrugna...

EUVD-2018-11734

Malware in sbrugna...

RockyLinux 10 : corosync (RLSA-2025:7478)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7478 advisory. corosync: Stack buffer overflow from 'orftokenendianconvert' CVE-2025-30472 Tenable has extracted the preceding description block directly from the RockyLinux...

EUVD-2025-7198

Malicious code in bioql PyPI...

Advisory ROSA-SA-2025-2927

Software: corosync 3.1.9 OS: ROSA-CHROME unaffected versions = corosync-3.1.9-2 affected versions corosync-3.1.9-2 CVE-ID: CVE-2025-30472 BDU-ID: 2025-03217 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the orftokenendianconvert function of the Corosync group communication system for fault-toleran...

Oracle Linux 10 : corosync (ELSA-2025-7478)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7478 advisory. 3.1.9-1.1 - Resolves: RHEL-84612 - totemsrp: Check size of orftoken msg fixes CVE-2025-30472 Tenable has extracted the preceding description block directly fro...

ROS-20250630-06

Vulnerability of orftokenendianconvert function of group communication system for fault-tolerant clusters Corosync is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denia...

Security Bulletin: Due to use of Corosync, IBM MQ is vulnerable to a stack-based buffer overflow

Summary Corosync is used by IBM MQ as part of the RDQM component CVE-2025-30472 Vulnerability Details CVEID:CVE-2025-30472 DESCRIPTION: Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in...

Astra Linux – Vulnerability in Corosync

The vulnerability of the coroparse.c component of the Corosync cluster engine is related to the use of memory after it is freed. Exploiting this vulnerability allows a perpetrator to cause a service failure...