CVE-2026-34592

CVE-2026-34592 (Coolify) affects the Coolify server and project lookup functionality. Before 4.0.0-beta.471, lookups were not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other teams by specifying IDs directly. This constitutes an unauthe...

SUSE CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ping: Fixed a potential NULL dereference for /proc/net/icmp. After committing the change dbca1596bbb0 “ping: Converted to RCU lookups, removed rwlock”, we use RCU for ping sockets. However, we should still use a spinlock for...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipc: fixed to protect IPCS lookups using RCU. syzbot reported that it discovered a use-after-free vulnerability, 0. 0: https://lore.kernel.org/all/[email protected]/ idrforeach is protected by rwsem, but...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mctp: Route lookups now perform under a RCU read-side lock. Our current route lookups mctproutelookup and mctproutelookupnull traverse the network’s route list without holding the RCU read lock. This means that the route lookups...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails, ksmbd sets conn-binding = true, but never clears this value during the error path. As a result, the connection remains in a binding state,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: Fixed the issue where clkcoreget could dereference a NULL value. It is possible for clkcoreget to dereference a NULL value in the following sequence: c clkcoreget ofclkgetHWFromClkspec ofclkgetHWFromProvider clkgetHW clkgetH...

Astra Linux – Vulnerability in Apache Log4j2

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not prevent uncontrolled recursion from self-referential lookups. This allowed an attacker with control over the Thread Context Map data to cause a denial of service when a crafted string was interpreted. This issue w...

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

USN-8349-2 rsync regression

USN-8349-1 fixed vulnerabilities in rsync. The update introduced multiple regressions in rsync functionality. This update fixes the problem. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with...

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from the fact that when the lookup function returns NULL, the assert function during debugging builds triggers a SIGABRT, or in release...

net: qrtr: ns: Limit the maximum number of lookups

...

SUSE CVE-2026-46026

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a...

CVE-2026-45983

A flaw was found in the Linux kernel's Network File System version 4 NFSv4 daemon nfsd. When processing NFSv4 requests, delayed responses from idmap lookups can cause requests to be dropped. This issue prevents the session slot from being properly cleared, leading to subsequent client requests...

CVE-2026-46099

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6inputcore and rplinput call ip6routeinput which sets a NOREF dst on the skb, then pass it to dstcachesetip6 invoking dsthold unconditionally. On PREEMPTRT, ksoftirqd is...

CVE-2026-46026

CVE-2026-46026 concerns a bound-check omission in the Linux kernel’s net: qrtr: ns path, allowing a local attacker to flood LOOKUP messages; fix clamps the global maximum lookups to 64. Affected component is the qrtr ns logic, with local-privilege abuse leading to potential denial or resource exh...

CVE-2026-46026 net: qrtr: ns: Limit the maximum number of lookups

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a...

CVE-2026-46026

net: qrtr: ns: Limit the maximum number of lookups...