XWiki - HQL Injection

XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...

Unity Linux 20.1070e Security Update: hibernate3 (UTSA-2026-016759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016759 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: hibernate4 (UTSA-2026-016599)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016599 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Unity Linux 20.1070e Security Update: hibernate (UTSA-2026-016690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016690 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Device probing is deferred when resuming from hibernation. The syzbot is reporting a hung task at the miscopen function. There is a race condition involving the probecount variable, leading to a deadlock situation...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: PM: hibernate: Avoid deadlock in hibernatecompressorparamset syzbot reported a deadlock in locksystemsleep. The write operation to "/sys/module/hibernate/parameters/compressor" conflicts with the registration of the ieee80211...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup when i8042 actually enables it. The IRQ1 wakeup should be disabled only in cases where i8042 has actually enabled it. Otherwise, “wakedepth” for this IRQ will attempt to drop below...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Always pass an error pointer to sevplatformshutdownlocked When 9770b428b1a2 “crypto: ccp – Move devinfo/err messages for SEV/SNP init and shutdown” moved the error messages so that they don’t need to be issued by...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fixed a crash that occurred when freeing an invalid crypto compressor. When cryptoallocacomp fails, it returns an ERRPTR value instead of NULL. The cleanup code in savecompressedimage and loadcompressedimage...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

📄 Hibernate ORM 5.6.15 SQL Injection

Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability. CVE-2026-0603 Hibernate ORM Injection / Second-Order SQL Injection ★ CVE-2026-0603 Hibernate SQL Injection PoC ★ https://github.com/user-attachments/assets/2e7c3a89-e26f-48cd-af0b-8b82d32ce71f Overview...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fixed the level3 translation fault in swsuspsave On arm64 machines, swsuspsave fails if it attempts to access MEMBLOCKNOMAP memory ranges. This issue can be reproduced in QEMU using UEFI when booting with...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add the missing .thawnoirq hook The following warning is observed when using non-console UART instances during system hibernation: 37.371969 ------------ Cut here --- 37.376599 uart3rootclk already disabled 37.380810...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix firmware activation deadlock scenarios Lockdep reports the following deadlock scenarios for CXL root device power-management, deviceprepare, operations, and deviceshutdown operations for 'ndregion' devices: Chain exis...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: Set nocfi on swsusparchresume A DABT is reported1 on an android based system when resume from hiberate. This happens because swsusparchsuspendexit is marked with SYMCODE and does not have a CFI hash, but swsusparchresume...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Memory allocation should be avoided in iommususpend. The iommususpend system call’s suspend callback is invoked with IRQs disabled. allocating memory using the GFPKERNEL flag may re-enable IRQs during the suspend...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Treat the DPT BO as a framebuffer Currently i915gemobjectisframebuffer doesn't treat the BO containing the framebuffer's DPT as a framebuffer itself. This means eg. that the shrinker can evict the DPT BO while leavi...

Astra Linux - уязвимость в libhibernate3-java

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007496 advisory. In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task ...

Security Bulletin: Remediation of Hibernate Vulnerability in IBM Library Support for Hibernate

Summary Hibernate Vulnerability has been addressed in IBM Library Support for Hibernate Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially...