Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: s390/cpumsf: Handling of CPU hotplug removal during sampling The handling of CPU hotplug removal triggers the following function calls: CPUHPAPPERFS390SFONLINE -- s390pmusfofflinecpu ... CPUHPAPPERFONLINE -- perfeventexitcpu The...

Astra Linux – Vulnerability in python-tornado

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “riscv”: prevents corruption of pt regs for secondary idle threads. The top of the kernel thread stack should be reserved for pt regs. However, this is not the case for the idle threads of the secondary boot harts. Their stacks...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: A race condition between handleposixcputimers and posixcputimerdel has been fixed. If a task that exits without autoreaping has already called exitnotify and calls handleposixcputimers from the IRQ, it can be...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ARM: 9381/1: kasan: cleared stale stack poison We have identified the following OOB crash: 33.452494 ================================================================== 33.453513 BUG: KASAN: stack-out-of-bounds in...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ice: arfs: fixed a use-after-free when freeing @rxcpurmap The CI testing bots triggered the following error message: 718.203054 BUG: KASAN: use-after-free in freeirqcpurmap+0x53/0x80 718.206349 Read of size 4 at addr...

Astra Linux – Vulnerability in python-urllib3

urllib3 is a user-friendly HTTP client library for Python. Starting from version 1.24 and before 2.6.0, the number of links in the decompression chain was unbounded, allowing a malicious server to insert virtually an unlimited number of compression steps. This led to high CPU usage and massive...

RHCOS 4 : OpenShift Container Platform 4.20.16 (RHSA-2026:3851)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3851 advisory. - golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 Note that Nessus has not tested fo...

SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2026:1641-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1641-1 advisory. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032:...

Security Bulletin: IBM i is affected by BIND being too lenient accepting records with forged data and consuming excessive CPU when a resolver is performing DNSSEC validation [CVE-2025-40778, CVE-2026-1519].

Summary Domain Name System for IBM i is vulnerable to BIND being too lenient when accepting records from answers allowing an attack to inject forged data into cache CVE-2025-40778, and consuming excessive CPU when a resolver is performing DNSSEC validation and encounters a maliciously crafted zon...

CVE-2026-31734

A flaw was found in the Linux kernel's schedext component. An incorrect check for migration-disabled tasks on systems without CONFIGPREEMPTRCU enabled could lead to a task being dispatched to a remote CPU. This can trigger an scxerror in taskcanrunonremoterq, resulting in a Denial of Service...

CVE-2026-31697

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if the firmware command failed. If the failure was due to an invalid...

EUVD-2026-26547

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...

GHSA-RCH3-82JR-F9W9 vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, tensorflow-cpu-jupyter, datahub-ingestion, tensorflow-gpu-jupyter, datahub-ingestion-fips...

CVE-2026-40171 vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, tensorflow-cpu-jupyter, datahub-ingestion, tensorflow-gpu-jupyter, datahub-ingestion-fips...

CPU exhaustion during message encoding due to O(n²) name compression

During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...

CVE-2026-42482

Hashcat CVE-2026-42482 affects v7.1.2, describing a stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c. The bound check does not account for 2x expansion when converting password bytes to hexadecimal, enabling a vulnerability that could allow denial of ...

hashcat 缓冲区错误漏洞

Hashcat is a high-performance password recovery and cracking tool developed by Hashcat developers. Version 7.1.2 of Hashcat contains a buffer overflow vulnerability. This vulnerability stems from the mangletohexlower and mangletohexupper functions in src/rpcpu.c, where stack-based buffer overflow...

PT-2026-36369

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sched ext component where the is bpf migration disabled function produces a false negative on systems where CONFIG PREEMPT RCU is disabled. This occurs because the...

openjdk: Improved Arena allocations (Oracle CPU 2026-04)

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...