Oracle Linux 10 : kernel (ELSA-2026-0453)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0453 advisory. - usb: dwc3: Fix race condition between concurrent dwc3removerequests call paths CKI Backport Bot RHEL-137150 CVE-2025-68287 - drm/vmwgfx: Validate...

kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

DEBIAN-CVE-2024-36017

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service DoS attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack...