SUSE-SU-2026:21532-1 Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before...

Improperly Controlled Modification Of Dynamically-Determined Object Attributes

Apache Camel is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to lack of header filtering when mapping CoAP query parameters to message headers, which allows an attacker to inject malicious headers and execute arbitrary...

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

CVE-2026-33453

A flaw was found in Apache Camel's camel-coap component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted CoAP Constrained Application Protocol UDP User Datagram Protocol packet. The camel-coap component improperly processes URI query parameters,...

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...

SUSE-SU-2026:1698-1 Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange bsc1258005. - CVE-2026-23004: dst: fix races in...

SUSE CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

SUSE CVE-2026-6907

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

SUSE CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

SUSE CVE-2026-43036

In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...

SUSE CVE-2026-43037

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

SUSE CVE-2026-43057

In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6CSUM GSO fallback NETIFFIPV6CSUM only advertises support for checksum offload of packets without IPv6 extension headers. Packets with extension headers must fall back onto software...

PT-2026-37626

Name of the Vulnerable Software and Affected Versions Gazelle versions prior to 0.50 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request,...

PT-2026-37637

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

PT-2026-38316

Name of the Vulnerable Software and Affected Versions Angular SSR versions 19.0.0-next.0 through 19.2.24 Angular SSR versions 20.x through 20.3.24 Angular SSR versions 21.x through 21.2.8 Angular SSR versions 22.0.0-next.0 through 22.0.0-next.6 Description An issue exists in the processing logic ...

RHCOS : OpenShift Container Platform 4.8.25 (RHSA-2021:5208)

The remote Red Hat Enterprise Linux CoreOS host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5208 advisory. - haproxy: does not ensure that the scheme and path portions of a URI have the expected characters CVE-2021-39240 - haproxy: an HTTP...

RHCOS 4 : OpenShift Container Platform 4.10.3 (RHSA-2022:0055)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0055 advisory. - CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3577 - jenkins-2-plugins/git: stored XSS vulnerabilit...

PT-2026-38225

Name of the Vulnerable Software and Affected Versions PicoTronica e-Clinic Healthcare System ECHS version 5.7 Description An issue in the Response Header Handler component within the file '/cdemos/echs/api/v2/' allows for remote information disclosure. Recommendations Upgrade to version 5.7.1...

PicoTronica e-Clinic Healthcare System ECHS 信息泄露漏洞

PicoTronica e-Clinic Healthcare System ECHS is a medical clinic management system developed by the British company PicoTronica. Version 5.7 of the PicoTronica e-Clinic Healthcare System ECHS contains a vulnerability related to information leakage. This vulnerability stems from an unknown function...

HCL BigFix Service Management 信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to information leakage. This vulnerability stems from the absence or insecure use of the X-Content-Type-Options...