619 matches found
SUSE SLES12 Security Update : opensc (SUSE-SU-2026:2678-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2678-1 advisory. This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses...
SUSE SLES15 Security Update : opensc (SUSE-SU-2026:2657-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2657-1 advisory. This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Fixed a race condition in QP timer handlers. The following warning was encountered: WARNING: drivers/infiniband/sw/rxe/rxetask.c:249 at rxeschedtask+0x1c8/0x238 rdmarxe, CPU0: swapper/0/0 … libsha1 last unloaded:...
PT-2026-51949
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the hisilicon/sec2 crypto component. Under heavy load during packet transmission, the hardware may complete packet processing and free the request memory...
CVE-2026-47386
CVE-2026-47386 affects NocoDB’s OAuth token-exchange flow. Before 2026.05.1, two concurrent token-exchange requests could use the same OAuth authorization code to mint two valid token pairs, breaking PKCE’s single-use guarantee. The issue is mitigated by a fix in 2026.05.1, which introduces atomi...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/mlx5: Returns the firmware result upon destroying QP/RQ. Previously, when destroying a QP/RQ, the result of the firmware destruction function was ignored, and the upper layers were not informed of the failure. This could...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Fixed the “kernel NULL pointer dereference” error. When the rxequeueinit function in the rxeqpinitreq function fails, both qp-req.task.func and qp-req.task.arg are not initialized. Due to the failure in creating the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed an error in the unwind operation of rxecreateqp. In the function rxecreateqp, the rxeqpfrominit function is called to initialize the qp. Internally, things like the spin locks are not set up until rxeqpinitreq is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: openvswitch: Fixed a race condition related to port output. Assume the following setup on a single machine: 1. An openvswitch instance with one bridge and default flows. 2. Two network namespaces: “server” and “client”. 3...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones. However, if rxeqpfrominit fails, the QP fields may be filled with garbage, causing the followi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Set the send and receive CQ pointers before forwarding them to the driver. Preset both receive and send CQ pointers prior to calling the drivers, and overwrite them again until the mlx4 is changed. Do not overwrite...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed the issue of accessing an invalid dipctx during the destruction of QP. If the system fails to modify QP to RTR, the dipctx will not be attached. During the destruction of QP, the invalid dipctx pointer will be...
Inefficient Algorithmic Complexity
Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and...
CVE-2026-46265
A flaw was found in the Linux kernel's RDMA/hns component. When the sunrpc Sun Remote Procedure Call is in use and a reset is triggered, a workqueue dependency issue can occur during Queue Pair QP destruction. This can lead to a kernel warning related to memory reclaim, potentially causing system...
CVE-2026-46265 RDMA/hns: Fix WQ_MEM_RECLAIM warning
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQMEMRECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: WQMEMRECLAIM xprtiod:xprtrdmaconnectworker rpcrdma is flushing !WQMEMRECLAIM...
PT-2026-46028
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/hns component where a reset triggered while using sunrpc can lead to a WQ MEM RECLAIM warning. This occurs because the hns roce irq workq workqueue lacks the ...
CVE-2026-49323
Weak authentication between the Wireless Control Module WCM and the Engine Control Module ECM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively...
RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
...
SUSE CVE-2026-46112
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...
SUSE CVE-2026-46144
In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix error unwind in manaibcreateqprss Sashiko points out that manaibcfgvportsteering is leaked, the normal destroy path cleans it up...