1645 matches found
CVE-2026-8403 Stored XSS in Exagate's SYSGUARD 6001
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0. NOTE: The vendor was contacted and it...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: jq: jq-1.8.2-0.1.hum1 aarch64, x8664 jq-devel-1.8.2-0.1.hum1 aarch64, x8664 jq-1.8.2-0.1.hum1.src src...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed a stack buffer overflow issue during the parsing of the OnAssocReq IE. The length of the Supported Rates IE from an incoming Association Request frame was directly used as the length for the memcpy...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs – fixed an out-of-bounds read during the parsing of the OnBeacon Extended Supported Rates ESR extension. The handling of the ESR extension during the OnBeacon phase involves accessing p + 1 + ielen and p + 2 +...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: The reference count of the device should always be dropped in ibdelsubdeviceandput. Since nldevdeldev introduced in commit 060c642b2ab8 “RDMA/nldev: Add support for adding/deleting a sub IB device through netlink” grab...
UBUNTU-CVE-2026-52928
In the Linux kernel, the following vulnerability has been resolved: afunix: Reject SIOCATMARK on non-stream sockets SIOCATMARK reports whether the receive queue is at the urgent mark for MSGOOB. In AFUNIX, MSGOOB is supported only for SOCKSTREAM sockets. SOCKDGRAM and SOCKSEQPACKET reject MSGOOB ...
CVE-2026-52928
The CVE-2026-52928 entry concerns the Linux kernel’s AF_UNIX handling of SIOCATMARK, where MSG_OOB is valid only on SOCK_STREAM. The root cause is that SIOCATMARK was evaluated against the receive queue on non-stream sockets; the fix ensures non-stream sockets return -EOPNOTSUPP before inspecting...
EUVD-2026-38698
In the Linux kernel, the following vulnerability has been resolved: afunix: Reject SIOCATMARK on non-stream sockets SIOCATMARK reports whether the receive queue is at the urgent mark for MSGOOB. In AFUNIX, MSGOOB is supported only for SOCKSTREAM sockets. SOCKDGRAM and SOCKSEQPACKET reject MSGOOB ...
EUVD-2026-38344
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 5.0, prior to versions 5.0.7 and 4.2, prior to version 4.2.14. The getsupportedlanguagevariant function was vulnerable to a denial-of-service attack when used with very long strings containing specific characters...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: added the missing negotiatefeatures operation to the Hyper-V ops table. The commit a7075f501bd3 “ixgbevf: fixed mailbox API compatibility by negotiating supported features” added the.negotiatefeatures callback to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ice: ptp: do not emit a WARN when controlling PF is unavailable. In VFIO passthrough setups, it is possible to only pass through a PF that does not own the source timer. In such cases, the PTP controlling PF adapter-ctrlpf is nev...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP. ptpclocksettime assumes that every ptpclock has implemented settime64. Implement -EOPNOTSUPP as a stub to prevent NULL dereferencing. The fix is similar to the commit 329d050bbe63 “gve:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: No longer allows guest users on multi-channel connections. This patch returns STATUSNOTSUPPORTED if the binding session is a guest session...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid issuing a WARNON when configuring MQPRIO with HTB offload enabled. When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns -EINVAL and triggers a WARNON, resulting i...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrackinsn The verifier skips invalid kfunc calls in checkkfunccall. Such calls would be caught by fixupkfunccall if they aren’t eliminated through dead code elimination. However, this can lead ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: gve: Implement gettimex64 with -EOPNOTSUPP. At this time, gve has implemented a ptpclock that exclusively uses doAuxWork. ptpClockgettime and ptpSysoffset assume that every ptpclock has implemented either gettimex64 or...
[SECURITY] Fedora 44 Update: 7zip-26.01-1.fc44
7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...
EUVD-2026-35445
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not...
CVE-2026-8025
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not...