OESA-2026-2418 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved:mm/mempolicy: fix migratetonode assuming there is at least one VMA in a MMWe currently assume that there is at least one VMA in a MM, which isn ttrue.So we might...

OESA-2026-2402 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users ar...

OESA-2026-2401 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

OESA-2026-2400 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users ar...

OESA-2026-2369 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...

OESA-2026-2368 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...

CLSA-2026-1779455173 Fix CVE(s): CVE-2026-43618

SECURITY UPDATE: integer overflow in compressed-token decoder allows memory disclosure to a malicious sender - debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and add overflow checks in recvcompressedtokennum/run; add CHUNKSIZE bound check in simplerecvtoken; initialize data=NUL...

CVE-2026-43617

A flaw was found in rsync. When an rsync daemon is configured with "daemon chroot = /X" and uses hostname-based access control lists ACLs, and the chrooted directory /X lacks necessary DNS resolution files, a remote attacker can bypass hostname-based deny rules. This occurs because the daemon...

CLSA-2026-1779375889 kernel: Fix of 95 CVEs

perf/x86/intel/uncore: Fix die ID init and look up bugs CVE-2026-43344 - x86/apic: Disable x2apic on resume if the kernel expects so CVE-2026-43363 - drm/amdgpu: Fix use-after-free race in VM acquire CVE-2026-43370 - dm: remove fake timeout to avoid leak request CVE-2026-43314 - md/bitmap: fix...

SUSE CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016770 advisory. An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h startread function, there is an integer overflow on the result of integer addition wraparound to 0 fe...

Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016768)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016768 advisory. An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c allows a NULL pointer dereference. Tenable has extracted the preceding description block directly...

Unity Linux 20.1060e / 20.1070e Security Update: libupnp (UTSA-2026-016655)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016655 advisory. Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer...

CVE-2026-8968

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component...

rgui-3.4.4-seh-bof-exploit

Exploração de Buffer Overflow SEH Overwrite no RGui 3.4.4...

RXSA-2025:4341 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: kobjectuevent: Fix OOB access within zapmodaliasenv CVE-2024-42292 kernel: ipvs: properly dereference pe in ipvsaddservice CVE-2024-42322 kernel: bonding: fix null pointer deref in...

kernel security update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2025-11187...

php: Fix of CVE-2026-7262

CVE-2026-7262: fix NULL pointer dereference in SOAP apache map decoder typemap configured...

CVE-2026-43496

A flaw was found in the Linux kernel's networking scheduler component. This vulnerability occurs when a specific queueing discipline qdisc configuration is used, where a parent qdisc attempts to retrieve a network packet from a child qdisc. An incorrect function call during this process can lead ...