7607 matches found
USN-8466-1: Perl DBI module vulnerabilities
It was discovered that the Perl DBI module incorrectly handled certain error messages. An attacker could use this issue to cause applications using the Perl DBI module to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-9698 It was discovered that the Perl DBI...
CVE-2026-52932
In CVE-2026-52932, the Linux kernel xfrm IPcomp path contains a fix to ensure that the allocated destination scatter-gather (dst SG) list is freed on error as well as on success, preventing potential resource leaks. The root cause is improper memory deallocation during error handling in the xfrm ...
CVE-2026-52932 xfrm: ipcomp: Free destination pages on acomp errors
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...
kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...
kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...
kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...
PT-2026-51957
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the dm cache passthrough mode where the invalidate remove function contains incomplete logic for handling write hit bios following cache invalidation. The system sets ...
PT-2026-52007
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Memory leaks occur in the ath11k wifi driver during beacon template setup. The functions ath11k mac setup bcn tmpl ema and ath11k mac setup bcn tmpl mbssid allocate memory for beacon...
PT-2026-51870
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Two error handling issues exist within the drm/xe graphics driver in the xe exec queue create ioctl function. The first issue occurs when xe hw engine group add exec queue fails; the err...
PT-2026-52015
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the amd pstate epp cpu init function. When a failure occurs while setting the energy performance preference epp, the function returns an error code without freein...
EUVD-2026-37008
Slim has Reflected XSS in the HtmlErrorRenderer...
kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...
SUSE-SU-2026:22199-1 Security update for apache2
This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...
Linux Distros Unpatched Vulnerability : CVE-2026-48615
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy...
GHSA-6V7P-G79W-8964 MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error
Impact If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. If the Unpacker is used repeatedly to unpack untrusted input from external sources, it may be vulnerable to a DoS attack. Patches v1.2.1 Workarounds Users should create a new Unpacker instead of...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: iavf: Fixed error handling for reset operations. Do not call iavfclose during error handling for iavfresettask. Doing so may lead to a double call to napidisable, which can cause a deadlock. Removing the VF may cause...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/cm: Fixed a memory leak in ibcminsertlisten. The function cmallocidpriv allocates resources for the cmidpriv. When cminitlisten fails, it does not free those allocated resources, resulting in a memory leak. Added missing...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: pm8001: Fix tag leaks on error In functions like pm8001chipsetdevstatereq, pm8001chipfwflashupdatereq, pm80xxchipPhyctlreq, and pm8001chipregdevreq, missing calls to pm8001tagfree have been added to free the allocated ta...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: A resource leak was fixed in the error handling path. The call dspirequestdma should be undone by a call to dspireleasedma in the error handling path of the probe function, as already done in the remove functio...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fixed error handling in sndprotoprobe. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after that operation. This function only calls ofnodeput in th...