Exploit for CVE-2026-42945

ingress-nginx CVE-2026-42945 backport kit This repository doc...

libsoup security update

2.62.3-14 - Backport patch for CVE-2026-5119 - Run testsuite during RPM check phase...

CLSA-2026-1777446601 Fix CVE(s): CVE-2020-13935

SECURITY UPDATE: denial of service via crafted WebSocket frame with a 64-bit payload length whose most significant bit is set. The extended payload length read in WsFrameBase.processRemainingHeader was assembled into a Java long without validation. With bit 63 set the value became negative, which...

GHSA-83FC-FQCC-2HMG React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

Fedora 43 : mingw-harfbuzz (2026-dc77eb63ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dc77eb63ae advisory. Backport patch for CVE-2026-22693. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Oracle Linux 9 : libsoup (ELSA-2026-0422)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0422 advisory. - Fix patch for CVE-2025-14523 to handle comparison case-insensitively - Backport patch for CVE-2025-14523 Tenable has extracted the preceding description block...

libsoup security update

2.62.3-11 - Backport patch for CVE-2025-14523...

Minor update(6) for Vivaldi Android Browser 7.2

Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the fifth 7.2 stable, minor update: Backported upstream...

Important: kernel

Issue Overview: A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. CVE-2023-0590 A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel...

openssl security update

1:1.1.1k-12 - Backport implicit rejection mechanism for RSA PKCS1 v1.5 to RHEL-8 series a proper fix for CVE-2020-25659 Resolves: RHEL-17696 1:1.1.1k-11 - Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolve...

Design/Logic Flaw

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

PYSEC-2021-835

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

PYSEC-2021-604

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

PYSEC-2021-292

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

PYSEC-2021-311

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

PYSEC-2021-557

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

PYSEC-2021-276

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. Th...

PYSEC-2021-550

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...