Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the module loader failing to check the boundaries of the stshndx symbol, potentially leading to a...

Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

This module enables you to obfuscate email addresses in content. The module doesn't sufficiently sanitize user input via the Twig filter. This vulnerability is mitigated by the fact that it only affects sites using the ROT13 encoding and where an attacker can enter content that is filtered using...

PT-2026-34426

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The module loader fails to verify the bounds of the ELF section index within the simplify symbols function. A symbol containing an out-of-bounds st shndx value, such as those defined as...

kernel security update

6.12.0-124.52.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

📄 Dovecot doveadm Timing Attack / Credential Extraction

This Metasploit auxiliary module performs a timing-based side-channel attack against the Dovecot doveadm HTTP interface to extract credentials character by character. ==================================================================================================================================...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013427)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013427 advisory. A use-after-free flaw was found in the Linux kernel in logreplay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013757 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fix module PLTs with mcount Li Huafei reports that mcount-based ftrace with module...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013445)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013445 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2TREECONNECT...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013808)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013808 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stac...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013828)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013828 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/meson: explicitly remove aggregate driver at module unload time Because componentmasterdel...

Linux Distros Unpatched Vulnerability : CVE-2026-31521

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - module: Fix kernel panic when a symbol stshndx is out of bounds The module loader doesn't check for bounds of the ELF section index in simplifysymbols: for i =...

RHEL 9 : kernel-rt (RHSA-2026:9512)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9512 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013593 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: tpmtis: Add the missed acpiputtable to fix memory leak In checkacpitpm2, we get the TPM2 tab...

Oracle Linux 8 : kernel (ELSA-2026-9131)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-9131 advisory. - dlm: prevent NPD when writing a positive value to eventdone Alexander Aring RHEL-136236 CVE-2025-23131 - scsi: qla2xxx: Fix improper freeing of purex...

RHEL 9 : kernel (RHSA-2026:9644)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9644 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel:A use-after-free ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013595)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013595 advisory. In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefspreparedebugfshelpstring When insert and remove the orangefs...

openSUSE 16 Security Update : clamav (openSUSE-SU-2026:20479-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20479-1 advisory. Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the commentable field in the API, which allows access to all commentable resources without permission checks. An attacker can retrieve sensitive information by sending unauthenticated requests to the /api...

CVE-2026-25525

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

CVE-2026-41193

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP...