CVE-2026-33077

CVE-2026-33077 affects Roxy-WI, a web interface for managing HAProxy, Nginx, Apache and Keepalived. The vulnerability is an arbitrary file read in the oldconfig parameter of the haproxy_section_save interface, present before version 8.2.6.4. Upgrading to 8.2.6.4 fixes the issue. The CVSS metrics ...

CVE-2026-33077

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

CVE-2026-33076 Roxy-WI vulnerable to path traversal and arbitrary file writing

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...

CVE-2026-33076

Roxy-WI is vulnerable in the haproxy_section_save interface prior to version 8.2.6.4. The issue is a path traversal that can write into scheduled tasks, enabling remote code execution. Version 8.2.6.4 fixes the issue. (Exploitation details are not provided in the documents.)

Roxy-WI 路径遍历漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.4 contained a path traversal vulnerability, which stemmed from a vulnerability in the oldconfig parameter of the haproxysectionsave interface, allowing arbitrary...

Roxy-WI 路径遍历漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.4 contained a path traversal vulnerability. This vulnerability stemmed from issues with the haproxysectionsave interface, involving path traversal and the executio...

CLSA-2026-1776963378 binutils: Fix of 8 CVEs

CVE-2022-47007: fix memory leak in stabdemanglev3arg - CVE-2022-47008: fix memory leak in maketempdir and maketempname - CVE-2022-47011: fix memory leak in parsestabstructfields - CVE-2022-47010: fix memory leak in prfunctiontype - CVE-2022-48063: fix excessive memory allocation in...

RUSTSEC-2026-0110 bare-metal is deprecated

The bare-metal crate has been deprecated and archived. For Mutex and CriticalSection, see the critical-section crate instead...

bare-metal is deprecated

The bare-metal crate has been deprecated and archived. For Mutex and CriticalSection, see the critical-section crate instead...

SUSE CVE-2026-31521

In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a symbol stshndx is out of bounds The module loader doesn't check for bounds of the ELF section index in simplifysymbols: for i = 1; i shsize / sizeofElfSym; i++ const char name = info-strtab +...

CVE-2018-25265

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode,...

CVE-2026-35370

The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...

CVE-2018-25265

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode,...

CVE-2018-25265 LanSpy 2.0.1.159 Local Buffer Overflow

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode,...

CVE-2026-31521

In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a symbol stshndx is out of bounds The module loader doesn't check for bounds of the ELF section index in simplifysymbols: for i = 1; i shsize / sizeofElfSym; i++ const char name = info-strtab +...

CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds

In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a symbol stshndx is out of bounds The module loader doesn't check for bounds of the ELF section index in simplifysymbols: for i = 1; i shsize / sizeofElfSym; i++ const char name = info-strtab +...

CVE-2026-31521

The CVE-2026-31521 issue is in the Linux kernel module loader’s simplify_symbols() where an out-of-bounds st_shndx (eg SHN_XINDEX) could cause a kernel panic. The patch adds validation of st_shndx against the valid range before using it, preventing the potential crash. Several OSV entries (Debian...

SUSE SLES16 Security Update : strongswan (SUSE-SU-2026:21203-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21203-1 advisory. Update to strongswan 6.0.4: - CVE-2025-9615: NetworkManager File Access bsc1257359. - CVE-2026-25075: Integer Underflow When...

PT-2026-34426

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The module loader fails to verify the bounds of the ELF section index within the simplify symbols function. A symbol containing an out-of-bounds st shndx value, such as those defined as...

CLSA-2026-1776693427 Fix CVE(s): CVE-2019-1010180

SECURITY UPDATE: buffer overflow when ELF section size is invalid - debian/patches/CVE-2019-1010180.patch: reject ELF sections whose recorded size exceeds the file size - CVE-2019-1010180...