MiracleLinux 8 : webkit2gtk3-2.52.4-1.el8_10.ML.1 (AXSA:2026-799:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-799:03 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted...

CVE-2026-42535

A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: PPC: Fixed the issue with the vcpuload leak in kvmarchvcpuioctl. The vcpuput function is not called if the user copy fails. This can lead to problems such as corruption of the preempt notifier and system crashes...

CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iommusvaunbinddevice function’s access to released memory, potentially leading to crashes...

EUVD-2026-10801

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

CVE-2026-26309

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

Linux Kernel Security Vulnerabilities

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper closure of the IRQ working thread when removing devices, potentially leading to crashes...

Oracle Siebel CRM security vulnerabilities

Oracle Siebel CRM is a customer relationship management solution developed by Oracle Corporation in the United States. This solution includes modules for sales management, marketing management, customer service systems, and call centers. There were security vulnerabilities in the Siebel CRM...

Linux Distros Unpatched Vulnerability : CVE-2025-11731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the...

AZL-65124 CVE-2025-1735 affecting package php for versions less than 8.1.33-1

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

kernel: ext4: fix double-free of blocks due to wrong extents moved_len

A vulnerability was found in the Linux kernel. This issue occurs in the ext4 function, in ext4moveextents, where an error in updating the movedlen variable can lead to double-free of blocks and corrupt block accounting. This could lead to crashes or undefined behavior...

Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A denial of service vulnerability exists in MySQL Server, which can be exploited by an attacker to cause an application to hang or crash frequently a...

GHSA-PGCQ-H79J-2F69 Incomplete validation of shapes in multiple TF ops

Impact Several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes but in some scenarios writes and reads from heap populated arrays are als...

PYSEC-2021-843

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

PYSEC-2021-811

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

DEBIAN-CVE-2021-32490

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filterbv via crafted djvu file may lead to application crash and other consequences...

Apache NuttX 输入验证错误漏洞

Apache NuttX is a real-time embedded operating system from the Apache Foundation USA. Apache NuttX suffers from an input validation error vulnerability that stems from the fact that incorrect memory allocation could lead to arbitrary memory allocation, which could result in unexpected behavior su...

httpd: mod_http2 concurrent pool usage

A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...

Buffer overflow vulnerability in multiple Mozilla products (CNVD-2020-03240)

Mozilla Firefox and others are products of the Mozilla Foundation in the U.S.A. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of e-mail client software separate from the Mozilla Application...