6833 matches found
CVE-2026-64036
In the Linux kernel, the following vulnerability has been resolved: cgroup/rstat: validate cpu before cssrstatcpu access cssrstatupdated is exposed as a BPF kfunc and accepts a caller-provided cpu argument. The function uses cpu for per-cpu rstat lookups without checking whether it refers to a...
CVE-2026-64036 cgroup/rstat: validate cpu before css_rstat_cpu() access
In the Linux kernel, the following vulnerability has been resolved: cgroup/rstat: validate cpu before cssrstatcpu access cssrstatupdated is exposed as a BPF kfunc and accepts a caller-provided cpu argument. The function uses cpu for per-cpu rstat lookups without checking whether it refers to a...
EUVD-2026-45609
In the Linux kernel, the following vulnerability has been resolved: cgroup/rstat: validate cpu before cssrstatcpu access cssrstatupdated is exposed as a BPF kfunc and accepts a caller-provided cpu argument. The function uses cpu for per-cpu rstat lookups without checking whether it refers to a...
CVE-2026-53373
The CVE impacts the Linux kernel mm/vma handling during mmap_prepare invoked from mmap() in stacked drivers. The issue could unmap a not-fully-established VMA, causing a warning in vma_mark_detached. The patch fixes by propagating whether an mmap action is completed via the compatibility layer or...
PT-2026-61353
In the Linux kernel, the following vulnerability has been resolved: cgroup/rstat: validate cpu before css rstat cpu access css rstat updated is exposed as a BPF kfunc and accepts a caller-provided cpu argument. The function uses cpu for per-cpu rstat lookups without checking whether it refers to ...
Security Advisory Ivanti Xtraction (CVE-2026-14902, CVE-2026-14903)
Update 18th July: Updated patch available to address functionality impact Ivanti has released updates for Ivanti Xtraction which addresses one medium and one high vulnerability. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability...
Malicious code in backupgenuine-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 163e55285112106141566338db7483490b20567a431458b4b921a71534135ce0 Package published as [email protected] with description "Republished package" actually contains a Vite-built single-page application titled...
Malicious code in fflc-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0da486d000821631873ccd6fbb8eac17ee6dc94e8802946ef9d4cd288048e95 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in backup5-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fbc0dc5fea4212458853e895b9b9df474401727a4768f47e3016a8c871fd5c7 The package tarball contains multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote,...
kernel security, bug fix, and enhancement update
4.18.0-553.141.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
Critical: Red Hat Security Advisory: RHOAI 3.3.5 - Red Hat OpenShift AI
Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 3.3.5 provides these changes:...
Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.10.4
Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.10.4 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.10.4 release that simplify the process of...
Important: Red Hat Security Advisory: RHACS 4.9.9 security and bug fix update
Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...
Fedora 45 : python-llvmlite (2026-ebbaee3606)
The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ebbaee3606 advisory. Automatic update for python-llvmlite-0.48.0-1.fc45. Changelog Fri Jul 3 2026 Benjamin A. Beasley - 0.48.0-1 - Update to 0.48.0 - Closes RHBZ2453491;...
Fedora 45 : rust-fern / rust-ifcfg-devname / rust-routinator / rust-rpki / etc (2026-188f731254)
The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-188f731254 advisory. Update routinator to the latest, pulling in updated dependencies rpki and syslog, and switch fern to using syslog 7 instead of 6 for this update, an...
Critical: Red Hat Security Advisory: RHOAI 3.4.2 - Red Hat OpenShift AI
Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 3.4.2 provides these changes:...
PT-2026-53972
Name of the Vulnerable Software and Affected Versions coturn versions prior to 4.13.0 Description An authenticated TURN client can bypass the default loopback guard by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 within a TURN XOR-PEER-ADDRESS attribute. This occurs because the ioa ad...
Important: Red Hat Security Advisory: OpenShift Virtualization v4.17 Images
Red Hat OpenShift Virtualization release v4.17 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...
CVE-2026-45688 Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOneid: ... query...
CVE-2026-53018
In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...