Exploit for CVE-2026-42945

ingress-nginx CVE-2026-42945 backport kit This repository doc...

CLSA-2026-1778834936 postfix: Fix of CVE-2023-51764

CVE-2023-51764: fix SMTP smuggling backport of 2.11.11-smuggling-patch...

libsoup security update

2.62.3-14 - Backport patch for CVE-2026-5119 - Run testsuite during RPM check phase...

CLSA-2026-1777446601 Fix CVE(s): CVE-2020-13935

SECURITY UPDATE: denial of service via crafted WebSocket frame with a 64-bit payload length whose most significant bit is set. The extended payload length read in WsFrameBase.processRemainingHeader was assembled into a Java long without validation. With bit 63 set the value became negative, which...

GHSA-83FC-FQCC-2HMG React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

Fedora 43 : mingw-harfbuzz (2026-dc77eb63ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dc77eb63ae advisory. Backport patch for CVE-2026-22693. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

libsoup security update

2.62.3-11 - Backport patch for CVE-2025-14523...

Oracle Linux 9 : libsoup (ELSA-2026-0422)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0422 advisory. - Fix patch for CVE-2025-14523 to handle comparison case-insensitively - Backport patch for CVE-2025-14523 Tenable has extracted the preceding description block...

Minor update(6) for Vivaldi Android Browser 7.2

Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the fifth 7.2 stable, minor update: Backported upstream...

SUSE CVE-2024-57924

In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem encodefh method that may fail for various reasons. The legacy users of exportfsencodefh, namely, nfsd and...

DEBIAN-CVE-2024-36013

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2capconnect Extend a critical section to prevent chan from early freeing. Also make the l2capconnect return type void. Nothing is using the returned value but it is ugly to return a...

Important: kernel

Issue Overview: A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. CVE-2023-0590 A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel...

openssl security update

1:1.1.1k-12 - Backport implicit rejection mechanism for RSA PKCS1 v1.5 to RHEL-8 series a proper fix for CVE-2020-25659 Resolves: RHEL-17696 1:1.1.1k-11 - Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolve...

Design/Logic Flaw

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

CVE-2022-35963

TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...

PYSEC-2021-835

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

PYSEC-2021-292

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

PYSEC-2021-604

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

PYSEC-2021-311

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

PYSEC-2021-310

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The implementation unconditionally dereferences a pointer. We have...