OESA-2026-2127 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: 'Severity: low \n\nAffected versions:\n\n- Apache ActiveMQ Client org.apache.activemq:activemq-client before 5.19.3\n- Apache ActiveMQ Client org.apache.activemq:activemq-client 6.0.0 before...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by...

GHSA-H2H4-5M64-M273 Apache ActiveMQ: Improper validation and restriction of a classpath path name

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

DEBIAN-CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

CVE-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

GSD-2022-1005165 apparmor: fix reference count leak in aa_pivotroot()

apparmor: fix reference count leak in aapivotroot This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...

GSD-2022-1005159 mptcp: move subflow cleanup in mptcp_destroy_common()

mptcp: move subflow cleanup in mptcpdestroycommon This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...

GSD-2022-1005155 bpf: Don't reinit map value in prealloc_lru_pop

bpf: Don't reinit map value in prealloclrupop This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...

GSD-2022-1005129 ASoC: Intel: avs: Fix potential buffer overflow by snprintf()

ASoC: Intel: avs: Fix potential buffer overflow by snprintf This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...

GSD-2022-1005111 drm/i915/ttm: don't leak the ccs state

drm/i915/ttm: don't leak the ccs state This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit b431cffb4883b9e90d48f0c408674c50fef428a...

GSD-2022-1005103 scsi: iscsi: Fix HW conn removal use after free

scsi: iscsi: Fix HW conn removal use after free This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...

GSD-2022-1005087 Revert "RDMA/rxe: Create duplicate mapping tables for FMRs"

Revert "RDMA/rxe: Create duplicate mapping tables for FMRs" This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...

GSD-2022-1005065 venus: pm_helpers: Fix warning in OPP during probe

venus: pmhelpers: Fix warning in OPP during probe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...

PT-2022-33369 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to a potential security vulnerability in the Linux Kernel, specifically in the drm/i915/ttm component. The actual impact and attack plausibility have not yet been proven...

PT-2022-33420 · Apparmor · Apparmor

Name of the Vulnerable Software and Affected Versions: apparmor versions prior to v5.19.4 Description: A memory leak issue exists in the aa simple write to buffer function. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to v5.19.4, update t...

PT-2022-33330 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to the ALSA timer and the use of a deferred fasync helper. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-33340 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue concerns the ext4 filesystem in the Linux Kernel, specifically with avoiding resizing to a partial cluster size. The actual impact and attack plausibility have not yet been proven...

PT-2022-33357 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to the gadgetfs ep io, where it waits until IRQ finishes. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-33423 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: A reference count leak was discovered in the aa pivotroot function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

PT-2022-33359 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to a potential buffer overflow in debugfs due to malformed user input. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...