631 matches found
XWiki - HQL Injection
XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...
Unity Linux 20.1070e Security Update: hibernate3 (UTSA-2026-016759)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016759 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: hibernate4 (UTSA-2026-016599)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016599 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...
Unity Linux 20.1070e Security Update: hibernate (UTSA-2026-016690)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016690 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Device probing is deferred when resuming from hibernation. The syzbot is reporting a hung task at the miscopen function. There is a race condition involving the probecount variable, leading to a deadlock situation...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fixed the level3 translation fault in swsuspsave On arm64 machines, swsuspsave fails if it attempts to access MEMBLOCKNOMAP memory ranges. This issue can be reproduced in QEMU using UEFI when booting with...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvdimm: Fixed scenarios where firmware activation led to deadlocks. Lockdep reports the following deadlock scenarios for CXL root devices: - power-management, deviceprepare, operations, and deviceshutdown operations for...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup when i8042 actually enables it. The IRQ1 wakeup should be disabled only in cases where i8042 has actually enabled it. Otherwise, βwakedepthβ for this IRQ will attempt to drop below...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp β Always pass an error pointer to sevplatformshutdownlocked When 9770b428b1a2 βcrypto: ccp β Move devinfo/err messages for SEV/SNP init and shutdownβ moved the error messages so that they donβt need to be issued by...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: PM: hibernate: Avoid deadlock in hibernatecompressorparamset syzbot reported a deadlock in locksystemsleep. The write operation to "/sys/module/hibernate/parameters/compressor" conflicts with the registration of the ieee80211...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: Set nocfi on swsusparchresume A DABT is reported1 on an Android-based system when resuming from hibernation. This occurs because swsusparchsuspendexit is marked with SYMCODE, and it does not have a CFI hash. However,...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Memory allocation should be avoided in iommususpend. The iommususpend system callβs suspend callback is invoked with IRQs disabled. allocating memory using the GFPKERNEL flag may re-enable IRQs during the suspend...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² libhibernate3-java
A flaw was discovered in Hibernate-core in versions prior to and including 5.4.23.Final. An SQL injection occurs in the implementation of the JPA Criteria API; this allows unsanitized literals to be used in SQL comments within queries. This flaw could enable attackers to access unauthorized...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Treat the DPT BO as a framebuffer. Currently, i915gemobjectisframebuffer does not treat the BO containing the DPT as a framebuffer itself. This means that the shrinker can evict the DPT BO while leaving the actual F...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.10
In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fixed a crash that occurred when freeing an invalid crypto compressor. When cryptoallocacomp fails, it returns an ERRPTR value instead of NULL. The cleanup code in savecompressedimage and loadcompressedimage...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...
π Hibernate ORM 5.6.15 SQL Injection
Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability. CVE-2026-0603 Hibernate ORM Injection / Second-Order SQL Injection β CVE-2026-0603 Hibernate SQL Injection PoC β https://github.com/user-attachments/assets/2e7c3a89-e26f-48cd-af0b-8b82d32ce71f Overview...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add the missing .thawnoirq hook The following warning is observed when using non-console UART instances during system hibernation: 37.371969 ------------ Cut here --- 37.376599 uart3rootclk already disabled 37.380810...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007496)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007496 advisory. In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task ...
Security Bulletin: Remediation of Hibernate Vulnerability in IBM Library Support for Hibernate
Summary Hibernate Vulnerability has been addressed in IBM Library Support for Hibernate Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially...