CVE-2026-53002 netfilter: conntrack: remove sprintf usage

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: remove sprintf usage Replace it with scnprintf, the buffer sizes are expected to be large enough to hold the result, no need for snprintf+overflow check. Increase buffer size in manglecontentlen while at it...

CVE-2026-53002

The CVE-2026-53002 entry documents a vulnerability in the Linux kernel’s netfilter/conntrack code. Root cause: use of sprintf with inadequate buffer handling in mangle_content_len(), leading to a potential stack-out-of-bounds write (KASAN). The fix replaces sprintf with scnprintf and increases th...

PT-2026-49113

Name of the Vulnerable Software and Affected Versions VS Revo RevoUninstaller versions 2.5.x through 2.6.x Description A heap-based buffer overflow exists in the IOCtl Handler function within the RevoDetector.sys library of the IOCTL Handler component. This issue requires local access to be...

RLSA-2026:22528 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

mod_http2 security update

An update is available for modhttp2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of...

RLSA-2026:22551 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

AlmaLinux 10 : mod_http2 (ALSA-2026:22528)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:22528 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

Oracle Linux 8 : httpd:2.4 (ELSA-2026-22140)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-22140 advisory. - Resolves: RHEL-166277 - httpd:2.4/httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 modmd Tenable has extracted the preceding...

CVE-2026-45952

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-fr...

PT-2026-42954

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn version 1.31 Description A stack-based buffer overflow occurs in the formLicence function within the '/goform/formLicence' endpoint. This issue is triggered by the manipulation of the submit-url argument and can be initiated...

GHSA-VXVC-CG7J-RWQJ gittuf's policy can be rolled back to prior valid versions

Summary An attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. Impact gittuf determines the policy to load by inspecting the RSL. Except for the very first policy which is automatically...

osbuild-composer security update

149-6.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fixed the timeout for enabling the video signal The ASTDP transmitter sometimes takes up to 1 second to enable the video signal, while the timeout is only 200 msec. This results in a kernel error message. The...

osbuild-composer security update

149-5.0.1 - Add missing dependency over dracut-config-rescue for image-installer ORABUG: 38587453 - Switch to UEKR8 repositories for OL9.6 Orabug: 37962207 - Add support to create OpenScap images JIRA: OLDIS-35301 - Simplify repository names JIRA: OLDIS-35893 - Refactor patches to fix some naming...

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed NoSQL database developed by the Apache Foundation in the United States. There are security vulnerabilities in Apache Cassandra versions 4.0, 4.1, and 5.0. These vulnerabilities allow authenticated users to increase query latency by repeatedly changing passwords,...

A year of open source vulnerability trends: CVEs, advisories, and malware

GitHub published 4,101 reviewed advisories in 2025. This is the fewest number of reviewed advisories since 2021. Does this mean open source is shipping more secure code? Let's dig into the data to find out. GitHub reviewed advisories Fewer advisories reviewed doesn't mean fewer vulnerabilities we...

CLSA-2026-1774007111 Fix CVE(s): CVE-2026-27798

SECURITY UPDATE: heap buffer over-read with wavelet-denoise operator - debian/patches/CVE-2026-27798.patch: use 4columns instead of 3columns for resource and memory allocation in WaveletDenoiseImage to prevent over-read when processing small-dimension images - CVE-2026-27798...

PT-2026-23979

Name of the Vulnerable Software and Affected Versions Tenda FH1202 version 1.2.0.14408 Description A stack-based buffer overflow exists in the fromP2pListFilter function of the /goform/P2pListFilter file. The issue is triggered by manipulating the page argument and can be exploited remotely. The...

PT-2026-23858

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 version 251208 Description A flaw exists in the Wavlink NU516U1 device, specifically within the /cgi-bin/login.cgi file. Manipulation of the ipaddr argument in this file can lead to an out-of-bounds write condition, potentially...

osbuild-composer security update

149-5.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...