Advisory ROSA-SA-2026-3295

Component: kernel-ml 5.15.208 OS: rosa-server79 Unaffected versions: = kernel-ml-5.15.208-1.0.1.res7 Affected versions: kernel-ml-5.15.208-1.0.1.res7 CVE-ID: CVE-2026-46300 BDU-ID: None CVE-Crit: Not available CVE-DESCRIPTION: A vulnerability in the XFRM ESP-in-TCP subsystem of Linux kernels. A...

kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...

Exploit for Write-what-where Condition in Linux Linux_Kernel

CVE-2026-43284 — 4-byte XFRM/ESP Proof-of-c...

Security update for xen

This update for xen fixes the following issues CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant tabl...

SUSE-SU-2026:2066-1 Security update for xen

This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558:...

kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...

Squid: Squid: Denial of Service via crafted ICP traffic

A flaw was found in Squid. A remote attacker can exploit this vulnerability by sending specially crafted ICP Internet Cache Protocol traffic. This can lead to a Denial of Service DoS due to premature resource release and use-after-free vulnerabilities. This attack is possible in Squid deployments...

squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling

A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...

dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion

A heap buffer overflow was discovered in dnsmasq's DNS cache. When processing DNS responses, dnsmasq expands certain characters into longer escape sequences, but the cache buffer is not sized to hold the expanded result. A specially crafted DNS response can overflow this buffer, potentially...

freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId

A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...

FreeRDP: FreeRDP: Memory corruption vulnerability allows denial of service or arbitrary code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A memory corruption vulnerability exists in the persistent cache handling. If a memory reallocation fails, an internal size variable is incorrectly updated, while the data pointer still refers to the original,...

Squid: Squid: Denial of Service via crafted ICP traffic

A flaw was found in Squid. A remote attacker can exploit this vulnerability by sending specially crafted ICP Internet Cache Protocol traffic. This can lead to a Denial of Service DoS due to premature resource release and use-after-free vulnerabilities. This attack is possible in Squid deployments...

squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling

A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...

Squid: Squid: Denial of Service via crafted ICP traffic

A flaw was found in Squid. A remote attacker can exploit this vulnerability by sending specially crafted ICP Internet Cache Protocol traffic. This can lead to a Denial of Service DoS due to premature resource release and use-after-free vulnerabilities. This attack is possible in Squid deployments...

squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling

A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...

freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId

A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linu...

Mirasvit Full Page Cache Warmer for Magento 2 代码问题漏洞

Mirasvit Full Page Cache Warmer for Magento 2 is a caching preheating extension developed by the American company Mirasvit for Magento 2. Versions prior to 1.11.12 of Mirasvit Full Page Cache Warmer for Magento 2 contained a code vulnerability. This vulnerability stemmed from the lack of...

Joomla! CMS 安全漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. There is a security vulnerability in Joomla! CMS, which stems from the InputFilter::getInstance method omitting secure-sensitive parameters from the instance cache key...