Puppet Server/PuppetDB - Sensitive Information Disclosure

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. id: CVE-2020-7943 info: name: Puppet Server/PuppetDB - Sensitive Information Disclosure author: c-sh0 severity: high...

SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting

SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. id: CVE-2018-19386 info: nam...

Micro Focus UCMDB - Remote Code Execution

Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge containerized 2020.05, 2019.08, 2019.0...

CVE-2026-48511

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fixed powerpmudisable to call clearpmiirqpending only if PMI is pending Running a selftest with CONFIGPPCIRQSOFTMASKDEBUG enabled in the kernel triggered the following warning: 172.851380 ------------ Cut here...

Astra Linux – Vulnerability in Chromium

Before version 94.0.4606.54, using the "after free" mechanism in Performance Manager in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable status which contains the unhandled overflow bits is not being properly masked in some cases, resulting in the following warning: WARNING: CPU: 156 PID: 475601 at...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed the issue where the CPU got stuck due to printouts during reset. During reset, commands to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86/pmu: Disabled support for adaptive PEBS. Support for virtualizing adaptive PEBS has been discontinued. This is because KVM’s implementation is architecturally broken without an obvious or easy way to address this issu...

Astra Linux – Vulnerability in Chromium

Inappropriate implementations of performance APIs in Google Chrome prior to version 89.0.4389.72 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Do not request stats with a stats buffer of size “0”. Sachin reported 1 that on a POWER-10 lpar, he is encountering a kernel panic when the paprscm probe is called. The panic occurs as follows and is only observe...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-switch, Create ingress ACL when needed Currently, the ingress ACL is used for three features. It is created only when the vport metadata match and the prio tag is enabled. However, the active-backup lag mode also uses...

Astra Linux – Vulnerability in Linux

A flaw related to memory leaks in the Linux kernel’s performance monitoring subsystem was discovered due to the use of PERFEVENTIOCSETFILTER. A local user could exploit this flaw to deplete resources, resulting in a denial of service...

CVE-2026-46858

Vulnerability in the APM - Application Performance Management product of Oracle Enterprise Manager component: JADM, JVM Diagnostics. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2026-35278

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Performance Monitor. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2026-35279

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Performance Monitor. Supported versions that are affected are 8.61 and 8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

PT-2026-49966

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager APM - Application Performance Management version 13.5 Oracle Enterprise Manager APM - Application Performance Management version 24.1 Description An issue exists in the JADM and JVM Diagnostics components of the APM -...

PT-2026-49852

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools version 8.61 PeopleSoft Enterprise PT PeopleTools version 8.62 Description An issue exists in the Performance Monitor component of Oracle PeopleSoft. This flaw allows an unauthenticated attacker with networ...

Fedora 43 : bind9-next (2026-ec095a4675)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ec095a4675 advisory. Update to 9.21.22 rhbz2480122 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...