vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

Summary Sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR:...

GHSA-6785-PVV7-MVG7 vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

Summary Sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR:...

CVE-2026-43247

A flaw was found in the wave5 media driver within the Linux kernel. This vulnerability can lead to a kernel panic, which causes the system to become unresponsive, effectively resulting in a Denial of Service DoS. The issue occurs when the system attempts to enter suspend mode due to an autosuspen...

GHSA-C4RQ-3M3G-8WGX Nokogiri CSS selector tokenizer has regular expression backtracking

Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...

Nokogiri CSS selector tokenizer has regular expression backtracking

Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...

EUVD-2026-27810

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened. 48.834439...

Use of Predictable Algorithm in Random Number Generator

Overview keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud Affected versions of this package are vulnerable to Use of Predictable Algorithm in Random Number Generator in the generatechallenge method. An attacker can evade detection and bypass security...

CVE-2026-43247 media: chips-media: wave5: Fix SError of kernel panic when closed

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened. 48.834439...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iommu/amd driver’s concurrent TLB failure and unlocked sequence allocation, potentially leadi...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the wave5 driver’s automatic suspension mode that enters a suspended state due to an excessive...

PT-2026-37587

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened. 48.834439...

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

GHSA-64CV-VXPR-J6VC edx-enterprise has SSRF via SAML metadata URL in sync_provider_data endpoint

Summary The syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin role can set this field to an arbitrary URL via the SAMLProviderConfigViewSet PATCH endpoint, then trigger...

CVE-2026-43060 netfilter: nft_ct: drop pending enqueued packets on removal

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a reference to: - templates that specify the conntrack zone, because a percpu area is used and module removal is possible. - conntra...

PT-2026-37063

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nft ct component where packets remaining in the nfqueue may maintain references to conntrack timeout policies, helpers, or templates specifying the...

PT-2026-37284

Name of the Vulnerable Software and Affected Versions Open edx Enterprise Service versions 7.0.2 through 7.0.4 Description An authenticated user with the Enterprise Admin role can trigger a server-side HTTP request. By using the 'SAMLProviderConfigViewSet' PATCH endpoint, a user can set the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fixed the timeout for enabling the video signal The ASTDP transmitter sometimes takes up to 1 second to enable the video signal, while the timeout is only 200 msec. This results in a kernel error message. The...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Driver Core: Fixed the interaction between waitfordeviceprobe and deferredprobetimeout. The mounting of NFS rootfs timed out when deferredprobetimeout was non-zero 1. This occurred because the ipautoconfig initcall timed out...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fixed a crash in fnicwqcmplhandler when FDMI times out. When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. Upon completion of the sending process, this leads to a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: ucsiacpi: The command completion timeout has been increased. The commit 130a96d698d7 “usb: typec: ucsi: acpi: Increase command completion timeout value” increased the timeout from 5 seconds to 60 seconds due to issues relate...