25567 matches found
RHSA-2026:36049 Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2026:36018 Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Bulletin has no description...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.23 bug fix and security update
Red Hat OpenShift Container Platform release 4.21.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: OpenShift Virtualization v4.15 Images
Red Hat OpenShift Virtualization release v4.15 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...
Important: Red Hat Security Advisory: OpenShift Virtualization v4.13 Images
Red Hat OpenShift Virtualization release v4.13 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...
Important: Red Hat Security Advisory: OpenShift Virtualization v4.15 Images
Red Hat OpenShift Virtualization release v4.15 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...
RLSA-2026:35892 Important: nodejs:22 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
RLSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
PT-2026-56151
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...
ALSA-2026:36049 Important: kernel-rt security, bug fix, and enhancement update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: gfs2: Fix use-after-free in iomap inline...
PT-2026-56158
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...
PT-2026-56159
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...
xwayland -- Multiple vulnerabilities
X.Org project reports: Multiple issues have been found in the X server and Xwayland implementations published by X.Org for which we are releasing security fixes for in xorg-server-21.1.24 and xwayland-24.1.13...
xorg-server -- Multiple vulnerabilities
X.Org project reports: Multiple issues have been found in the X server and Xwayland implementations published by X.Org for which we are releasing security fixes for in xorg-server-21.1.24 and xwayland-24.1.13...
Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
Summary The tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers which install them into the WireGuard peer configuration. Impact A...
Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking
Summary Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string "false" or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based accou...
Important: Red Hat Security Advisory: nodejs:24 security, bug fix, and enhancement update
An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ROOT-OS-DEBIAN-12-CVE-2026-32741 CVE-2026-32741 in rootio-libheif - Patched by Root
Root has patched CVE-2026-32741 in the rootio-libheif package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-41069 CVE-2026-41069 in rootio-libheif - Patched by Root
Root has patched CVE-2026-41069 in the rootio-libheif package for Root:Debian:12. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44488 CVE-2026-44488 in @rootio/axios - Patched by Root
Root has patched CVE-2026-44488 in the @rootio/axios package for Root:npm. Multiple fixed versions available...