Ubuntu Pro Realtime 24.04 LTS : Linux kernel (Raspberry Pi Real-time) vulnerabilities (USN-8204-1)

"The remote Ubuntu Pro Realtime 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8204-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

SUSE-SU-2026:1581-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: - Update to go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go1.26.2 bsc1255111. CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. CVE-2026-27144: cmd/compile:...

openjdk: Enhance TLS connection handling (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

openjdk: Enhance TLS connection handling (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

openjdk: Enhance TLS connection handling (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

openjdk: Enhance TLS connection handling (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

openjdk: Enhance TLS connection handling (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

CVE-2026-31533

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption The -EBUSY handling in tlsdoencryption, introduced by commit 859054147318 "net: tls: handle backlogging of crypto requests", has a use-after-free due to double...

USN-8180-4 linux-azure-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

USN-8180-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

USN-8179-3: Linux kernel vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

Linux Distros Unpatched Vulnerability : CVE-2026-31533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption The -EBUSY handling in...

PT-2026-34679

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the net/tls component. When the crypto aead encrypt function returns -EBUSY, a request is enqueued to the cryptd backlog. If the tls encrypt async wait...

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch during the TLS handshake. When Spring Boot is configured to connect to Elasticsearch using an SSL bundle, the auto-configuration fails to verify that the hostname in the server's SSL...

Oracle WebCenter Sites (April 2026 CPU)

The 12.2.1.4.0 and 14.1.2.0.0 versions of WebCenter Sites installed on the remote host are affected by a vulnerability as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Thick Client Apache Log4j. Supported...

free5GC AMF: Missing default case in Content-Type switch in HTTPUEContextTransfer

Summary The HTTPUEContextTransfer handler in internal/sbi/apicommunication.go does not include a default case in the Content-Type switch statement. When a request arrives with an unsupported Content-Type, the deserialization step is silently skipped, err remains nil, and the processor is invoked...

@ainsleydev/payload-helper (>=0.0.1 <=0.0.2), @bsct/payload (=1.0.0) +89 more potentially affected by CVE-2026-41690 via i18next-http-middleware (>=3.0.2 <=3.9.2)

i18next-http-middleware NPM version =3.0.2, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.0.1, =8.0.0, =3.0.0, =1.0.0, =1.0.6, =1.0.0, =0.0.1, =0.0.229 and more Source cves: CVE-2026-41690 Source advisory: SNYK:JS-I18NEXTHTTPMIDDLEWARE-16415526...

Important: Red Hat Security Advisory: Insights proxy Container Image

Initial GA Release of Red Hat Insights proxy The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights. The Insights proxy routes al...