[SECURITY] Fedora 44 Update: jq-1.8.1-3.fc44

lightweight and flexible command-line JSON processor jq is like sed for JSON data =E2=80=93 you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text. It is written in portable C, and it has zero runtime...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-33947)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33947 advisory. - jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath,...

CVE-2026-31569

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. When a specific internal data structure, known as EIOINTC's coremap, is empty, the system incorrectly processes a processor ID. This error can lead to an out-of-bounds memory access, meaning the system tries to rea...

CVE-2026-31552

A flaw was found in the Linux kernel's wlcore component. When the system attempts to allocate memory for a network packet and there is insufficient space, an incorrect error code is returned. This error handling issue causes the system to repeatedly attempt to process the same packet in an endles...

CVE-2026-31550

A flaw was found in the Linux kernel's bcm2835-power component. An insufficient timeout during the ASB Advanced System Bus bridge control process, particularly under heavy system load, can prevent the V3D graphics processor from properly disabling. This can leave the V3D in an unstable state,...

CVE-2026-31542

A flaw was found in the Linux kernel's x86/platform/uv component. When a socket is deconfigured, it is incorrectly mapped to SOCKEMPTY instead of NUMANONODE. This improper handling can lead to a system panic during the allocation of UV hub information structures, resulting in a Denial of Service...

CVE-2026-31593

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VMSA if the vCPU has already been launched, i.e. if the VMSA has already been encrypted. On a host wit...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the inclusion of FRED CR4 bits within the CR4 fixed bit mask. This causes an abnormal inability t...

CVE-2026-6920

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

openjdk: Enhance certificate chain validation (Oracle CPU 2026-04)

No description is available for this CVE...

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

No description is available for this CVE...

openjdk: Improved Arena allocations (Oracle CPU 2026-04)

No description is available for this CVE...

openjdk: Enhance certificate chain validation (Oracle CPU 2026-04)

No description is available for this CVE...

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

No description is available for this CVE...

USN-8183-2 linux-aws, linux-aws-6.17, linux-hwe-6.17, linux-oracle, linux-oracle-6.17 vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jq (UTSA-2026-014276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014276 advisory. jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whos...

PsiTransfer 路径遍历漏洞

PsiTransfer is a simple, self-hosted file sharing solution developed by Christoph Wiechert. Versions of PsiTransfer prior to 2.4.3 contained a path traversal vulnerability. This vulnerability stemmed from the PATCH upload process, which validated the encoded request paths, but the downstream TUS...

openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)

No description is available for this CVE...

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

No description is available for this CVE...

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation in the HTTPUEContextTransfer process when an unsupported Content-Type is received. An attacker can cause the processor to operate on an uninitialized object by sending a request with an unexpected Content-Typ...