18334 matches found
PT-2026-26692
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability, which was caused by excessive reading and writing operations related to WebGL. This vulnerability could lead to arbitrary reading and writing...
Linux Distros Unpatched Vulnerability : CVE-2026-23264
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert drm/amd: Check if ASPM is enabled from PCIe subsystem This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied...
Important: firefox
Issue Overview: Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and Firefox ESR 140.8. CVE-2026-2757 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and...
Important: thunderbird
Issue Overview: Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and Firefox ESR 140.8. CVE-2026-2757 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and...
PT-2026-26374
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of...
Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3198 (ALAS-2026-3198)
The version of thunderbird installed on the remote host is prior to 140.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3198 advisory. Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox 148, Firefox...
openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20365-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20365-1 advisory. - Firefox Extended Support Release 140.8.0 ESR bsc1258568 - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component -...
CVE-2026-26740
A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension GCE block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of...
USN-8097-2: roundcube regression
USN-8097-1 fixed a vulnerability in roundcube. The update caused a regression affecting the HTML sanitizer, preventing Roundcube from rendering any email message body. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Roundcube...
USN-8097-2 roundcube regression
USN-8097-1 fixed a vulnerability in roundcube. The update caused a regression affecting the HTML sanitizer, preventing Roundcube from rendering any email message body. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Roundcube...
Statamic has Stored XSS via SVG Sanitization Bypass
Impact Stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the asset is viewed. Patches This has been fixed in 5.73.14 and 6.7.0...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG asset reupload. An attacker can execute arbitrary JavaScript in the context of users viewing the affected asset by uploading a specially crafted SVG file that bypasses sanitization. Details Cross-sit...
EUVD-2026-12903
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied again after commit 0ab5d711ec74 "drm/amd: Refactor amdgpuaspm to be...
CVE-2026-23264
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied again after commit 0ab5d711ec74 "drm/amd: Refactor amdgpuaspm to be...
UBUNTU-CVE-2026-23264
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied again after commit 0ab5d711ec74 "drm/amd: Refactor amdgpuaspm to be...
CVE-2026-23264
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied again after commit 0ab5d711ec74 "drm/amd: Refactor amdgpuaspm to be...
CVE-2026-23264
The CVE-2026-23264 issue was resolved in the Linux kernel by reverting the change that checked ASPM status from the PCIe subsystem for AMD GPUs. This reversal addressed crashes that occurred when two AMD GPUs were present but only one supported ASPM. The fix is tied to a specific revert of a prev...
CVE-2026-23264 Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied again after commit 0ab5d711ec74 "drm/amd: Refactor amdgpuaspm to be...
OPENSUSE-SU-2026:20391-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: - Mozilla Thunderbird 140.8.1 ESR Add mail.openpgp.loaduntestedgpgmeversion to load untested GPGME version - Mozilla Thunderbird 140.8.0 ESR MFSA 2026-17 boo1258568 CVE-2026-2757 bmo2001637 Incorrect...