823 matches found
NVIDIA Nano SSH Key Duplication
A potential security vulnerability has been identified in some HP ZGX Nano G1n AI Station products where identical SSH host keys were deployed during the manufacturing process prior to March 19th, 2026. Successful exploitation might lead to unauthorized code execution, privilege escalation, denia...
CVE-2026-43236
A flaw was found in the Linux kernel's drm/atmel-hlcdc component. An issue in the atmelhlcdcplaneatomicduplicatestate callback, which incorrectly duplicates the drmplanestate, can lead to a use-after-free vulnerability. This can be triggered when a device node is closed and re-opened while anothe...
CVE-2026-43236
In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix use-after-free of drmcrtccommit after release The atmelhlcdcplaneatomicduplicatestate callback was copying the atmelhlcdcplane state structure without properly duplicating the drmplanestate. In particular,...
CVE-2025-71273
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devmkmemdup in rtwsetsupportedband Simplify the code by using device managed memory allocations. This also fixes a memory leak in rtwregisterhw. The supported bands were not freed in the error path. Copied from...
Linux Distros Unpatched Vulnerability : CVE-2026-43236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/atmel-hlcdc: fix use-after-free of drmcrtccommit after release The atmelhlcdcplaneatomicduplicatestate callback was copying the atmelhlcdcplane state...
PT-2026-37576
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel within the drm/atmel-hlcdc component. The atmel hlcdc plane atomic duplicate state callback copies the atmel hlcdc plane state structure...
Improper Enforcement of Behavioral Workflow
Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow in the privacy request approval process when both subjectidentityverificationrequired and...
GHSA-8M7C-8M39-RV4X awslabs/tough Delegated Roles have a Signature Threshold Bypass
Summary Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegate...
EUVD-2026-25627
awslabs/tough Delegated Roles have a Signature Threshold Bypass...
JLSEC-2026-312
HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MMxstrdup in H5MM.c called from H5Genttolink in H5Glink.c...
SUSE CVE-2026-31594
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to perform later. This leads to an oops when .allowlink fails or when .droplink is performed. Th...
CVE-2026-6966
Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...
CVE-2026-6966
The CVE-2026-6966 issue affects awslabs/tough prior to tough-v0.22.0, where improper verification of cryptographic signature uniqueness in delegated role validation can allow remote authenticated users to bypass the TUF signature threshold by duplicating a valid signature, causing the client to a...
CVE-2026-35365
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...
PT-2026-35079
Name of the Vulnerable Software and Affected Versions awslabs/tough versions prior to 0.22.0 Description Improper verification of cryptographic signature uniqueness in delegated role validation allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a...
GHSA-66FX-FQV6-5WWX Duplicate Advisory: uutils coreutils has a Link Following issue
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h444-6j9x-p8vh. This link is maintained to preserve external references. Original Description The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across...
Duplicate Advisory: uutils coreutils has a Link Following issue
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h444-6j9x-p8vh. This link is maintained to preserve external references. Original Description The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across...
CVE-2026-35365
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...
CVE-2026-35365 uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...
CVE-2026-35365 uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...