Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.12

Red Hat OpenShift Service Mesh 2.6.12 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

CVE-2026-22755 Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

CVE-2026-22755 Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: The function tcpbpfsendverdict fails to allocate psock-cork when called, and skmsgfree must be called instead. The issue was reported by syzbot as follows: 0 The reproduction of the issue involves the following steps: 1...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: mm: swap: check for stable address space before operating on the VMA It is possible to encounter a zero entry while traversing the vmas in unusemm, called from the swapoff path. Accessing this zero entry can result in an OOPS...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fixed a use-after-free race condition in the fault handler. When a page fault occurs in a secret memory file created with memfdsecret2, the kernel will allocate a new folio for it, mark the underlying page as not...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dm: A NULL pointer dereference occurred in dmsuspend. There is a race condition between the suspension of the dm device and the loading of data into the table, which can lead to a NULL pointer dereference. This issue occurs when...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed idx validation in i40evalidatequeuemap. Ensured that the idx value is within the range of active/initialized TC’s when iterating over vf-chidx in i40evalidatequeuemap...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: Do not repeatedly call pteoffsetmaplock until success. DAMON’s virtual address space operation implementation vaddr calls pteoffsetmaplock within the page table walk callback function. This is necessary for readin...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: correctly setting the Comp SoundWire port. For some reason, we end up setting the SoundWire port for HPHLCOMP and HPHRCOMP to zero. This could potentially lead to memory corruption due to accessing and...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs The failure of copytouser would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to a map leak. This issue is fixed by...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referring to a synproxy stateful object from the OUTPUT hook causes the kernel to crash due to infinite recursive calls: BUG: The TASK stack guard page was accessed ...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Binder: Fix for double-free in dbitmap A process may fail to allocate a new bitmap when attempting to expand its proc-dmap. In such cases, dbitmapgrow fails and frees the old bitmap via dbitmapfree. However, the driver calls...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queueprioritymap A critical memory allocation bug was fixed in the edmasetupfromhw function, where queueprioritymap was allocated with insufficient memory. The code declared...

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

PT-2026-2360

Name of the Vulnerable Software and Affected Versions CuteEditor for PHP now referred to as Rich Text Editor version 6.6 Description The software contains a directory traversal issue in the browse template feature. This allows attackers to write files to arbitrary web root directories by exploiti...

RHEL 8 : kernel (RHSA-2026:0444)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0444 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: rc: fix races with...

MiracleLinux 8 : grafana-9.2.10-26.el8_10 (AXSA:2025-11628:15)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11628:15 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...

K000159060: Linux kernel vulnerability CVE-2024-56615

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the...

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...