Important: Red Hat Security Advisory: Red Hat Openshift Mirror Registry v2.0.11

Red Hat Openshift Mirror Registry v2.0.11 Openshift Mirror Registry v2.0.11...

CVE-2026-11745

A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories...

EUVD-2026-38206

A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories...

CVE-2026-11745

A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories...

CVE-2026-11745

The CVE-2026-11745 vulnerability affects centraldogma-server-mirror-git versions prior to 0.84.0. The Git mirror SSH client does not verify remote host keys for git+ssh:// connections, enabling an on-path attacker to perform man-in-the-middle attacks and potentially compromise mirrored repositori...

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. The flatpak-builder command applies the finish-args option last in the build process. At this point, the build directory will have full acce...

CVE-2026-11522

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2026-46280

A flaw was found in the Linux kernel's Heterogeneous Memory Management HMM test module. When a device mirror dmirror structure is freed, its associated device private pages are not properly migrated back to system memory. This can lead to a use-after-free condition where a dangling pointer to the...

EUVD-2026-35077

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2026-11522

CVE-2026-11522 describes a stack-based buffer overflow in the Tenda W20E firmware version 15.11.0.6, specifically in the formSetPortMirror function exposed via /goform/setPortMirror. By manipulating the portMirrorMirroredPorts argument, an attacker can trigger the overflow remotely. This vulnerab...

PT-2026-47307

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...

Tenda W20E 缓冲区错误漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a buffer overflow vulnerability. This vulnerability stems from the operation of the formSetPortMirror function in the goform/setPortMirror file, specifically regarding the parameter...

CVE-2026-10796

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

EUVD-2026-34303

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796

Vulnerability summary (CVE-2026-10796) : nvm (Node Version Manager)

kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

com.infobip.kafkistry:kafkistry-app (>=0.7.0 <=0.10.0), com.infobip.kafkistry:kafkistry-auditing (>=0.7.0 <=0.10.0) +19 more potentially affected by CVE-2026-48827 via org.apache.sshd:sshd-git (>=2.10.0 <=2.17.1)

org.apache.sshd:sshd-git MAVEN version =2.10.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.62.0, =2.25.0, =1.1.0, =1.1.1 and more Source cves: CVE-2026-48827 Source advisory: SNYK:JAVA-ORGAPACHESSHD-17151844...