9204 matches found
kernel security update
4.18.0-553.120.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013289)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013289 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Fix warning in tracebufferedeventdisable Warning happened in tracebufferedeventdisable a...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass through the authentication process. An attacker can maintain unauthorized access to protected resources and perform actions such as reading, modifying, or creating new accounts by using previously issued bearer...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass through the authentication process. An attacker can maintain unauthorized access to protected resources and perform actions such as reading, modifying, or creating new accounts by using previously issued bearer...
CVE-2026-32613
Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...
CVE-2026-32604
Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...
CVE-2026-32613
Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...
CVE-2026-32613 Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling
Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...
CVE-2026-32613
Spinnaker is affected by a security issue in its use of Spring Expression Language (SPeL) where, in versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, the SPeL context was not restricted to trusted classes, allowing FULL JVM access. This enables a user to invoke arbitrary Java classes,...
CVE-2026-32613 Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling
Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...
CVE-2026-32604 Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths
Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...
Directory Traversal
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...
PT-2026-33842
Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.1 Spinnaker versions prior to 2025.4.2 Spinnaker versions prior to 2025.3.2 Description An issue in the clouddriver pods allows a bad actor to execute arbitrary commands...
PT-2026-33843
Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.1 Spinnaker versions prior to 2025.4.2 Spinnaker versions prior to 2025.3.2 Description Echo uses SPeL Spring Expression Language, a powerful expression language for the...
Oracle Linux 8 : nodejs:20 (ELSA-2026-8339)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8339 advisory. - Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-154018 Fixes: CVE-2026-27135 CVE-2026-27904...
CVE-2026-40490
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...
SUSE CVE-2026-40170
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...
CVE-2026-32650
Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...
CVE-2026-32650
The CVE-2026-32650 entry applies to Anviz CrossChex Standard. The description states that an attacker can manipulate the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access. This highlights a credential exposure risk ...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007299)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007299 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the priv-statelock, a...