Threats Tagged 'csaf'

Red Hat issued a security advisory (RHSA-2026:20351) for Red Hat Hardened Images RPMs, including multiple nginx packages, addressing a vulnerability tracked as CVE-2026-40460. The advisory describes this as a bug fix and enhancement update with medium severity related to CWE-290 (Authentication Bypass). No known exploits are reported in the wild. The update is available for various architectures including aarch64 and x86_64. The advisory does not explicitly state a fix but provides updated RPM versions and references for applying the update.

CVE-2026-42945 concerns the general availability of the satellite/iop-gateway-rhel9 container image used by Red Hat Lightspeed in Satellite. Red Hat Lightspeed analyzes system health and configuration locally by applying predefined rules to a limited set of system data. The advisory does not describe a specific vulnerability or exploit but announces the availability of this container image. No fixes or patches are mentioned in the vendor advisory. The severity is marked as critical, but no CVSS score is provided.

CVE-2025-38675 is a vulnerability related to the xfrm subsystem in Microsoft and Azure Linux kernel version 3. 0, involving the initialization timing of state pointers in the xfrm_state_find function. The vulnerability is categorized under CWE-362, which relates to race conditions. No CVSS score or detailed impact information is provided, and no known exploits are reported in the wild. There is no vendor advisory or patch information available at this time.

CVE-2026-43414 addresses a vulnerability in the qla2xxx driver related to a double free issue with fcport. The provided information is limited and does not include technical details beyond the vulnerability title or a CVSS score. There is no indication of known exploits in the wild or specific impact scenarios. No patch or remediation details are provided, and the vendor advisory content is minimal.

CVE-2025-68251 is a vulnerability in the erofs filesystem component affecting Microsoft Azure Linux kernel version 3. 0. It involves the risk of infinite loops caused by corrupted subpage compact indexes. No CVSS score or detailed impact information is provided. There is no indication of known exploits in the wild or available patches at this time.

CVE-2026-43029 is a vulnerability related to a soft lockup issue in the mptcp_recvmsg() function affecting Microsoft products including Azure Linux kernel version 3. 0. The vulnerability is categorized under CWE-667, which involves improper locking leading to potential system hangs or deadlocks. No CVSS score or detailed impact information is provided. There are no known exploits in the wild, and no patch or remediation details are currently available.

Red Hat has issued a security advisory (RHSA-2026:7412) for Red Hat Hardened Images RPMs, including multiple bind packages. The update addresses bugs and enhancements related to CVE-2026-3593 and CVE-2026-5947. No specific fixes or exploit details are provided in the advisory. The severity is classified as high. No known exploits are reported in the wild. The advisory includes updated RPM versions for bind components on aarch64 and x86_64 architectures. Patch status is not explicitly confirmed in the advisory text.

A denial of service vulnerability exists in the vsftpd FTP daemon used in Red Hat Enterprise Linux 8. 8. The issue is caused by an integer overflow during parsing of the ls command parameter, tracked as CVE-2025-14242. Red Hat has issued a security advisory rating this vulnerability as moderate severity and has released updated vsftpd packages to address the issue. No known exploits are reported in the wild. The vulnerability affects multiple Red Hat Enterprise Linux 8. 8 variants including AppStream and Update Services for SAP Solutions. Users are advised to apply the provided security update to remediate the vulnerability.

Multiple unspecified vulnerabilities have been identified in Mattermost versions prior to 11. 7. 0. Mattermost is a web-based instant messaging service. The vulnerabilities are collectively referenced under CVE-2026-4055, along with CVE-2026-4646 and CVE-2026-4858. No detailed technical specifics or exploitation methods have been provided. There are no known exploits in the wild at this time. Patch or remediation status is not confirmed from the available data. The advisory is published by the Bundesamt für Sicherheit in der Informationstechnik (BSI).

This vulnerability affects the Linux kernel, which is the core component of the Linux operating system. Multiple weaknesses identified under CVE-2026-43284 and CVE-2026-43500 could allow an attacker to gain administrator (root) privileges. The affected Linux distributions include Amazon Linux 2, Debian, and Fedora. No CVSS score is provided, and there is no indication of known exploits in the wild. No patch or remediation information is currently available from the vendor advisory.