XWiki - HQL Injection

XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsuspsave On arm64 machines, swsuspsave faults if it attempts to access MEMBLOCKNOMAP memory ranges. This can be reproduced in QEMU using UEFI when booting with rodata=off...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: PM: hibernate: deferring device probing when resuming from hibernation syzbot is reporting a hung task at miscopen, due to a race condition involving the probecount variable. Currently, waitfordeviceprobe from snapshotopen and...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup when i8042 actually enables it. The IRQ1 wakeup should be disabled only in cases where i8042 has actually enabled it. Otherwise, “wakedepth” for this IRQ will attempt to drop below...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Avoid deadlock in hibernatecompressorparamset syzbot reported a deadlock in locksystemsleep see below. The write operation to "/sys/module/hibernate/parameters/compressor" conflicts with the registration of ieee802...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: Set nocfi on swsusparchresume A DABT was reported1 on an Android-based system when resuming from hibernation. This occurs because swsusparchsuspendexit is marked with SYMCODE, and it does not have a CFI hash. However,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fixed a crash that occurred when freeing an invalid crypto compressor. When cryptoallocacomp fails, it returns an ERRPTR value instead of NULL. The cleanup code in savecompressedimage and loadcompressedimage...

Astra Linux – Vulnerability in libhibernate3-java

A flaw was discovered in Hibernate-core in versions prior to and including 5.4.23.Final. An SQL injection occurs in the implementation of the JPA Criteria API; this allows unsanitized literals to be used in SQL comments within queries. This flaw could enable attackers to access unauthorized...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nvdimm: Fixed scenarios where firmware activation led to deadlocks. Lockdep reports the following deadlock scenarios for CXL root devices: - power-management, deviceprepare, operations, and deviceshutdown operations for...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Always pass an error pointer to sevplatformshutdownlocked When 9770b428b1a2 “crypto: ccp – Move devinfo/err messages for SEV/SNP init and shutdown” moved the error messages so that they don’t need to be issued by...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Treat the DPT BO as a framebuffer. Currently, i915gemobjectisframebuffer does not treat the BO containing the DPT as a framebuffer itself. This means that the shrinker can evict the DPT BO while leaving the actual F...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommususpend. The iommususpend system call’s suspend callback is invoked with IRQs disabled.allocating memory with the GFPKERNEL flag may re-enable IRQs during the suspend callback, which ca...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: hibernate4 (UTSA-2026-016599)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016599 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Unity Linux 20.1070e Security Update: hibernate3 (UTSA-2026-016759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016759 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Unity Linux 20.1070e Security Update: hibernate (UTSA-2026-016690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016690 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add the missing .thawnoirq hook The following warning is observed when using non-console UART instances during system hibernation: 37.371969 ------------ Cut here --- 37.376599 uart3rootclk already disabled 37.380810...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

📄 Hibernate ORM 5.6.15 SQL Injection

Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability. CVE-2026-0603 Hibernate ORM Injection / Second-Order SQL Injection ★ CVE-2026-0603 Hibernate SQL Injection PoC ★ https://github.com/user-attachments/assets/2e7c3a89-e26f-48cd-af0b-8b82d32ce71f Overview...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007496 advisory. In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task ...

Security Bulletin: Remediation of Hibernate Vulnerability in IBM Library Support for Hibernate

Summary Hibernate Vulnerability has been addressed in IBM Library Support for Hibernate Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially...