1041 matches found
corosync security update
3.1.9-2.1 - Resolves: RHEL-163815 - Resolves: RHEL-163836 - totemsrp: Return error if sanity check fails fixes CVE-2026-35091 - totemsrp: Fix integer overflow in membjoinsanity fixes CVE-2026-35092...
GHSA-45M8-CPM2-3V65 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access Affected Component Socket.IO session state and role-check callsites: - backend/openwebui/socket/main.py lines 330-351, connect handler — role snapshotted into SESSIONPOOL - backend/openwebui/socket/main.py lin...
PT-2026-39270
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Administrative role changes and user deletions do not invalidate the SESSION POOL in-memory dictionary. When a user connects via Socket.IO, their role is snapshotted into this pool. Because the...
OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation
Description A flaw was identified in the OpenSearch Security plugin's document-level security DLS implementation. DLS restrictions were not correctly applied to search queries that use hasparent or haschild join relations. This could allow an authenticated user to access document contents that...
GHSA-X83W-23JP-G6PW OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation
Description A flaw was identified in the OpenSearch Security plugin's document-level security DLS implementation. DLS restrictions were not correctly applied to search queries that use hasparent or haschild join relations. This could allow an authenticated user to access document contents that...
PT-2026-41510
Name of the Vulnerable Software and Affected Versions OpenSearch versions prior to 2.19.4 OpenSearch versions prior to 3.2.0 Description A flaw exists in the OpenSearch Security plugin's document-level security DLS implementation. DLS restrictions are not correctly applied to search queries...
PT-2026-38621
Name of the Vulnerable Software and Affected Versions Note Mark versions 0.13.0 through 0.19.3 Description Authenticated users can upload assets to notes via the "/api/notes/noteID/assets" endpoint. The application stores the asset filename provided in the X-Name HTTP request header directly in t...
RHEL 9 : corosync (RHSA-2026:14211)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14211 advisory. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fixes: corosyn...
RHEL 9 : corosync (RHSA-2026:14210)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14210 advisory. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fixes: corosyn...
corosync: Corosync: Denial of Service via integer overflow in join message validation
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...
corosync: Corosync: Denial of Service via integer overflow in join message validation
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...
Moderate: Red Hat Security Advisory: corosync security update
An update for corosync is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...
corosync: Corosync: Denial of Service via integer overflow in join message validation
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...
corosync: Corosync: Denial of Service via integer overflow in join message validation
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...
corosync: Corosync: Denial of Service via integer overflow in join message validation
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...
corosync: Corosync: Denial of Service via integer overflow in join message validation
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...
Moderate: Red Hat Security Advisory: corosync security update
An update for corosync is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
corosync: Corosync: Denial of Service via integer overflow in join message validation
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...
Moderate: Red Hat Security Advisory: corosync security update
An update for corosync is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
corosync: Corosync: Denial of Service via integer overflow in join message validation
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...