kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

CVE-2026-9673

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...

PT-2026-44192

Name of the Vulnerable Software and Affected Versions json-2-csv versions 3.15.0 through 5.5.10 Description CSV Injection occurs when the preventCsvInjection option is bypassed, allowing an attacker to inject formulas into CSV files. These formulas execute automatically when the files are opened ...

CVE-2026-45985 ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O

In the Linux kernel, the following vulnerability has been resolved: ext4: don't set EXT4GETBLOCKSCONVERT when splitting before submitting I/O When allocating blocks during within-EOF DIO and writeback with dioreadnolock enabled, EXT4GETBLOCKSPREIO was set to split an existing large unwritten...

PT-2026-43764

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft counter: serialize reset with spinlock Add a global static spinlock to serialize counter fetch+reset operations, preventing concurrent dump-and-reset from underrunning values. The lock is taken before fetching the...

CVE-2026-8453

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2026-8352

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: sctp: Set skstate back to CLOSED if autobind fails in sctplistenstart. In sctplistenstart called by sctpinetlisten, it should set skstate back to CLOSED if sctpautobind fails for any reason. Otherwise, the next time sctpinetliste...

CVE-2026-28964

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

EUVD-2026-28735

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...

UBUNTU-CVE-2026-43470

In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3proccreate if dalias is a dir If we found an alias through nfs3docreate/nfsaddorobtain /dsplicealias which happens to be a dir dentry, we don't return any error, and simply forget about this alias, but t...

CVE-2026-43440

In the Linux kernel, the following vulnerability has been resolved: net/mana: Null servicewq on setup error to prevent double destroy In managdsetup error path, set gc-servicewq to NULL after destroyworkqueue to match the cleanup in managdcleanup. This prevents a use-after-free if the workqueue...

CVE-2026-43425

In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it activ...

PT-2026-37541

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err-section length and ctx info-size Add check...

Kimai vulnerable to formula Injection via tag names in XLSX export

Summary Any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joins tag names with implode and returns the result unchanged. OpenSpout promotes any...

CVE-2026-2828

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavfclose in iavfresettask error handling. Doing so can lead to double call of napidisable, which can lead to deadlock there. Removing VF would lead to iavfremove task being stuck, becau...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Handle NULL returned by xdpconvertbufftoframe. The function xdpconvertbufftoframe may return NULL if it fails to correctly convert the XDP buffer into an XDP frame due to memory constraints, internal errors, or...

EUVD-2026-26564

In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkaller or users can attach the driver to arbitrary I/O addresses...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013759 advisory. In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedibufmunge The comedibufmunge function performs a modulo...