GHSA-QJWP-HRQ6-R26R kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

PT-2026-45483

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

Linux Distros Unpatched Vulnerability : CVE-2026-45960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: return error when node already exists in hfsbnodecreate When hfsbnodecreate finds that a node is already hashed which should not happen in normal...

TencentOS Server 3: jq (TSSA-2026:0370)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0370 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

MiracleLinux 9 : jq-1.6-19.el9_7.0.2 (AXSA:2026-614:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-614:01 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON...

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy in the xml.parsers.expat and xml.etree.ElementTree components. An attacker can cause excessive CPU consumption and degrade service availability by submitting specially crafted XML documents designed to trigger hash...

EUVD-2026-28666

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a limit inherent to the le...

UBUNTU-CVE-2026-43360

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a limit inherent to the le...

CVE-2026-43360

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a limit inherent to the le...

CVE-2026-43360 btrfs: fix transaction abort on file creation due to name hash collision

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a limit inherent to the le...

CVE-2026-43360

CVE-2026-43360 affects the Linux kernel Btrfs file system. A hash-collision during multi-file creation can force multiple entries into a single dir item and, once a leaf size limit is reached, abort the transaction and leave the filesystem read-only, enabling a local DoS without admin privileges....

CVE-2026-43360

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a limit inherent to the le...

PT-2026-39021

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the btrfs filesystem where creating multiple files with names that result in the same hash can lead to a transaction abort. This occurs because files with colliding...

Linux Distros Unpatched Vulnerability : CVE-2026-43360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: sched: schcake: fix bulk flow accounting logic for host fairness In schcake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A hash collision flaw was discovered in the IPv6 connection lookup table within the Linux kernel’s IPv6 functionality. This flaw occurs when a user carries out a new type of SYN flood attack. A user located within the local network or with a high-bandwidth connection can cause the CPU usage of th...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-40164)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-40164 advisory. - jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, j...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jq (UTSA-2026-014272)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014272 advisory. jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 f...

Linux Distros Unpatched Vulnerability : CVE-2026-31503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-40164)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-40164 advisory. - jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, j...