SUSE CVE-2026-6019

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of incorrect private data in the rxrpcpostresponse function when comparing cached response...

Security Bulletin: Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4

Summary Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4. The libraries affected include tomcat-embed-core-9.0.108.jar Dependency packages are being used by IBM Big Replicate LiveData Migrator. This bulletin describes the upgrades necessary to address the...

SUSE CVE-2026-31455

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

CVE-2026-6019

CVE-2026-6019 affects Python’s http.cookies.Morsel.js_output(), which can emit an inline sequence inside the generated script. Public sources indicate the fix is included in Python updates bundled in SUSE’s python39/python3 advisories (SUSE-SU-2026:1818-1) and OSV entries, with mitigation noting...

GHSA-5V4G-VW9X-H534 uutils coreutils has an Improper Input Validation Issue in its env Utility

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

uutils coreutils has an Improper Input Validation Issue in its env Utility

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

EUVD-2026-25030

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

CVE-2026-35377 uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

CVE-2026-35377 uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

CVE-2026-35377

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

CVE-2026-35377

The CVE-2026-35377 entry affects the uutils coreutils env utility. A logic error in handling the -S (split-string) mode causes incorrect parsing of command-line arguments; specifically, in contrast to GNU env, the implementation attempts to validate backslash sequences inside single quotes and fa...

EUVD-2026-24776

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smbgrantoplock smbgrantoplock has two issues in the oplock publication sequence: 1 opinfo is linked into ci-moplist via opinfoadd before addleasegloballist is called. If...

CVE-2026-31455

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry

In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register on kernel entry Before commit f33f2d4c7c80 "s390/bp: remove TIFISOLATEBP", all entry handlers loaded r12 with the current task pointer lg %r12,LCCURRENT for use by the BPENTER/BPEXIT macros. That...

Linux Distros Unpatched Vulnerability : CVE-2026-31455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013504)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013504 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bfqexiticqbfqq Commit 64dc8c732f5c block, bfq: fix possible uaf f...

PT-2026-34358

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the XFS file system where log items may be dereferenced after push callbacks. Specifically, after the xfsaild push item function calls iop push, the log item might hav...

PT-2026-34360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the XFS file system where the unmount sequence in the xfs unmount flush inodes function pushes the Active Item List AIL while background reclaim and inode garbage...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-012996)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012996 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an...