Security Bulletin: IBM Operational Decision Manager - Multiple CVEs addressed related to Solr Core

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2024-45217...

kernel: Kernel: Privilege escalation via uninitialized data in vmci transport packet

A flaw was found in the Linux kernel's vsock/vmci component. A local attacker with low privileges could exploit a vulnerability where the vmcitransportpacket structure is not properly cleared during initialization. This can lead to the use of uninitialized data, potentially allowing for informati...

AMD Amd Epyc™ Embedded Processors和AMD EPYC 9005 Series 安全漏洞

AMD Amd Epyc™ Embedded Processors and AMD EPYC 9005 Series are products of American semiconductor company AMD. The Amd Epyc™ Embedded Processors are embedded processors. The AMD EPYC 9005 Series is a series of processors. Both the AMD Amd Epyc™ Embedded Processors and the AMD EPYC 9005 Series hav...

PT-2026-7451

Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity...

PT-2026-7289

Name of the Vulnerable Software and Affected Versions VMware ESXi versions prior to 2.2.2.0 ESXi 8.0 VMware ESXi versions prior to 2.2.3.0 ESXi 9.0 Description An improper initialization issue exists in some ESXi kernel mode driver for the Intel Ethernet 800-Series. This may allow an information...

Intel Ethernet 800-Series 安全漏洞

Intel Ethernet 800-Series is a series of network adapters developed by the American company Intel. Versions 2.2.2.0 esxi 8.0 and 2.2.3.0 esxi 9.0 of Intel Ethernet 800-Series contained security vulnerabilities due to improper initialization, which could lead to information leakage...

AMD多款产品 安全漏洞

AMD EPYC and others are products of American semiconductor company AMD. AMD EPYC is a high-performance server processor. Amd Epyc™ Embedded Processors are embedded processors. AMD EPYC Processors are a series of multi-core processors. Several AMD products have security vulnerabilities; these...

AlmaLinux 8 : kernel-rt (ALSA-2026:2378)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2378 advisory. kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it CVE-2025-38403 kernel: net: use dstdevrcu in sksetupcaps CVE-2025-40170...

kernel: Linux kernel: irqchip/gic-v2m use-after-free vulnerability

A flaw was found in the Linux kernel's irqchip/gic-v2m component. This vulnerability allows a use-after-free condition via gicv2mgetfwnode being wrongly marked as init, causing it to be freed while still registered with the PCI Peripheral Component Interconnect subsystem during a PCI host bridge...

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

CVE-2026-23740

A flaw was found in Asterisk. When the astcoredumper writes its gdb init and output files to a world-writable directory, a local attacker with write permissions to that directory can exploit this vulnerability. By manipulating the gdb init file and output paths, the attacker can cause the system ...

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

CVE-2025-69216 OpenSTAManager has an SQL Injection in Scadenzario Print Template

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

CVE-2026-23740 Asterisk vulnerable to potential privilege escalation

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

CVE-2026-23740

Asterisk contains a local privilege escalation flaw: if ast_coredumper writes gdb init/output to a world-writable directory (e.g., /tmp), a local attacker with write access to that directory can cause arbitrary commands to execute as root or overwrite files by manipulating the gdb init and output...

OESA-2026-1311 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...