126 matches found
CVE-2026-49434
A flaw was found in Apache ActiveMQ. An attacker with privileges to publish or modify entries in Lightweight Directory Access Protocol LDAP can exploit an improper input validation vulnerability. This allows the attacker to instantiate denied transports within the broker's Java Virtual Machine JV...
EUVD-2026-40285
Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...
SUSE-SU-2026:22475-1 Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-45.1 fixes various security issues The following security issues were fixed: - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-31504: net: fix fanout UAF in packetrelease via NETDEVUP race bsc126308...
SUSE-SU-2026:22476-1 Security update for the Linux Kernel (Live Patch 23 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-46.1 fixes various security issues The following security issues were fixed: - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-31504: net: fix fanout UAF in packetrelease via NETDEVUP race bsc126308...
SUSE-SU-2026:22385-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16)
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay...
SUSE-SU-2026:22403-1 Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...
SUSE-SU-2026:22409-1 Security update for the Linux Kernel RT (Live Patch 18 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...
SUSE-SU-2026:22416-1 Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...
SUSE-SU-2026:22418-1 Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...
SUSE-SU-2026:22464-1 Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...
UBUNTU-CVE-2026-10645
Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2fetchdirentry subsys/fs/ext2/ext2diskops.c, the code only checks denamelen = EXT2MAXFILENAME and then copies the name with memcpy...
CVE-2026-10645
Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2fetchdirentry subsys/fs/ext2/ext2diskops.c, the code only checks denamelen = EXT2MAXFILENAME and then copies the name with memcpy...
CVE-2026-10645
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-10645; no additional specifics on affected products or fixes are provided here.
CVE-2026-10645 fs: ext2: Missing structural validation of directory entries can cause out-of-bounds read and zero-progress directory traversal
Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2fetchdirentry subsys/fs/ext2/ext2diskops.c, the code only checks denamelen = EXT2MAXFILENAME and then copies the name with memcpy...
Malicious code in node-multi-downloader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fc720cd970f4d19212ca90945b7fc1e4e1c64da98235ff595b3792ae69e3e68 On npm install, this package's postinstall hook node index.js hex-encodes the installer's current working directory, the first 15 entries of that...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update CVE-2026-23171 In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refaul...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1816)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1816 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update CVE-2026-23171 In the Linux kernel, the following...
ALPINE-CVE-2026-48103
7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM Windows Imaging archive handler's security descriptor lookup. In CHandler::GetSecurity CPP/7zip/Archive/Wim/WimHandler.cpp, the per-image SecurOffsets table...
CVE-2025-70099
A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...
CVE-2025-70099
A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...