341 matches found
CVE-2026-2254
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...
GHSA-8G87-J6Q8-G93X Mistune Math Plugin has an XSS Escape Bypass
Summary The mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is explicitly created with escape=True, which is supposed to guarantee that all...
EUVD-2026-23727
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...
SUSE CVE-2025-68803
In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL based on the mode bits and not the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001760)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001760 advisory. A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch...
CVE-2025-68803
In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL based on the mode bits and not the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414321)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414321 advisory. A use-after-free flaw was found in the Linux kernels Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This...
kernel: wifi: cfg80211: Lock wiphy in cfg80211_get_station
A vulnerability was found in the Linux kernel in wifi driver in cfg80211getstation function, where the wiphy was not locked before calling rdevgetstation, which lead to a NULL pointer dereference when a station disconnects and reconnects during a work queue operation, resulting in a kernel panic...
CVE-2024-23847
Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...
CVE-2024-31142
Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...
ALPINE-CVE-2024-31142
Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...
SUSE CVE-2024-31142
Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...
kernel: ovl: fix use after free in struct ovl_aio_req
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 "ovl: fix use...
kernel: ovl: fix use after free in struct ovl_aio_req
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 "ovl: fix use...
Eventlet Security Vulnerabilities
Eventlet is a concurrent networking library for Python. There is a security vulnerability in python-eventlet that stems from a regression introduced in the Red Hat build version that resulted in patches not being applied to all versions of all products...
kernel: use-after-free due to race condition in qdisc_graft()
A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet then kernel could be affected.
...
AZL-25740 CVE-2023-1249 affecting package kernel for versions less than 5.15.107.1-2
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 "coredump: Use the vma snapshot in fillfilesnote" not applied yet, then kernel could be affected...
UBUNTU-CVE-2023-1249
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 "coredump: Use the vma snapshot in fillfilesnote" not applied yet, then kernel could be affected...
CLSA-2022-1659644194 Update of tzdata
Fix contents of several patches that ended up not being applied...