264 matches found
[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-11.fc44
Nginx virtual host traffic status module...
[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-11.fc43
Nginx virtual host traffic status module...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: vhost: The bound check for the vdpa group has been moved to vhostvdpa. Duplication has been eliminated by consolidating these changes. This reduces the possibility that a parent driver may miss these checks. Additionally, we...
EUVD-2026-35410
In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...
CVE-2026-40910
frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...
[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-10.fc43
Nginx virtual host traffic status module...
[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-10.fc44
Nginx virtual host traffic status module...
Exploit for OS Command Injection in Arcane
CVE-2026-23520: Model Context Protocol MCP Connect RCE - Edu...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: vhci: Prevent use-after-free by removing debugfs files early The creation of debugfs files is moved to a dedicated function, and it is ensured that these files are explicitly removed during vhcirelease, before the...
[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-9.fc43
Nginx virtual host traffic status module...
[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-9.fc44
Nginx virtual host traffic status module...
CVE-2026-43248
In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.2 release and security update
Red Hat JBoss Web Server 6.2.2 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...
[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-7.fc44
Nginx virtual host traffic status module...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013494)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013494 advisory. In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhostiotlbaddrangectx, range size can...
CVE-2026-40910
Summary : frp versions 0.43.0–0.68.0 contain an authentication bypass in the HTTP vhost routing path when using routeByHTTPUser for access control. The routing logic derives the route from the Proxy-Authorization username, while access control checks credentials from the standard Authorization he...
Unity Linux 20.1070a Security Update: libsoup (UTSA-2026-007256)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007256 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007276)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007276 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call...
frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control
Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...
GHSA-PQ96-PWVG-VRR9 frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control
Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...