Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: tee: Fixed the registershmhelper function. In registershmhelper, incorrect error handling was corrected for a call to ioviterextractpages. A case was missing for when ioviterextractpages only retrieves some pages and returns a...

Astra Linux - уязвимость в libssh

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

CVE-2026-0510

The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...

CVE-2026-0510 Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping

The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...

CVE-2026-0510 Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping

The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...

SAP NetWeaver 加密问题漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform primarily provides a development and runtime environment for SAP applications. SAP NetWeaver is vulnerable to a cryptographic issue that arises from the use of outdated encryption...

MiracleLinux 9 : tomcat-9.0.87-2.el9_5.1 (AXSA:2025-9840:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9840:01 advisory. tomcat: RCE due to TOCTOU issue in JSP compilation CVE-2024-50379 tomcat: Potential RCE and/or information disclosure and/or information corruption...

PT-2026-2559

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured...

Hikvision Partial Access Control Series Products 安全漏洞

Hikvision Partial Access Control Series Products is a series of access control devices from Hikvision, a Chinese company. A security vulnerability exists in Hikvision Partial Access Control Series Products, which stems from a stack overflow in the device's search and discovery functionality, whic...

MiracleLinux 8 : tomcat-9.0.87-1.el8_10.3 (AXSA:2025-9846:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9846:02 advisory. tomcat: RCE due to TOCTOU issue in JSP compilation CVE-2024-50379 tomcat: Potential RCE and/or information disclosure and/or information corruption...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2025-66293: out-of-bounds read of the pngsRGBbase array when processing palette PNG images with partial transparency and gamma correction bsc1254480. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

CVE-2023-31028

NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service...

CVE-2021-2158

Vulnerability in the Hyperion Financial Management product of Oracle Hyperion component: Task Automation. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Management...

CVE-2021-31156

Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data...

CVE-2025-23248

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service...

CVE-2022-31699

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure...

CVE-2019-2759

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...