PT-2026-43828

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Memory leaks occur in the gfs2 fill super error handling path when transitioning a filesystem to read-write mode fails. The first leak involves kthread objects, such as thread struct and...

PT-2026-43756

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcp rcvbuf grow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcp rcvbuf...

PT-2026-43844

In the Linux kernel, the following vulnerability has been resolved: fbnic: close fw log race between users and teardown Fixes a theoretical race on fw log between the teardown path and fw log write functions. fw log is written inside fbnic fw log write and can be reached from the mailbox handler...

PT-2026-43693

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ntfs3 file system where new folios are not properly initialized before use. This occurs when new folios are allocated without being marked as uptodate and the ni...

CVE-2026-45852

RDMA/rxe: Fix double free in rxesrqfrominit...

PT-2026-43969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component within the nft bitwise function. The carry propagation logic calculates the carry from the adjacent 32-bit word using BITS PER TYPEu32 - shift...

PT-2026-43915

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A reference count leak occurs in the ALSA caiaq component of the Linux kernel during probe failure. The create card function increases the reference count of the USB device using usb get de...

CVE-2026-24197

CVE-2026-24197 affects NVIDIA’s Linux GPU Display Driver, specifically the Multi-Instance GPU (MIG) partition management. The issue is an insecure default initialization of memory subsystem routing resources, which can cause data corruption or a hang during MIG partition reconfiguration. A succes...

EUVD-2026-31926

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

CVE-2026-24197

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

CVE-2026-42782

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

CLSA-2026-1779467653 libssh: Fix of 4 CVEs

CVE-2025-4877: prevent base64 integer overflow and potential OOB write - CVE-2025-4878: initialize stack pointers to mitigate use of uninitialized values in legacy privatekeyfromfile path - CVE-2025-8277: fix DH-GEX packet filter and free unused ephemeral / ECDH keys to prevent memory exhaustion...

Insecure Default Initialization of Resource

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...

Astra Linux – Vulnerability in Bacula

In Bareos Director versions 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow vulnerability allows a malicious client to corrupt the director’s memory by sending overly large digest strings during the initialization of a verify job. Disabling verify jobs can mitigate this problem. This issue h...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: The issue related to “slab-use-after-free” in inetlookupestablished has been fixed. The lookups in the ehash table are performed without locking, and they rely on SLABTYPESAFEBYRCU to ensure the stability of socket memory...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs: init flagsvalid before calling vfsfileattrget syzbot reported a uninit-value bug in 1. Similar to the “get” context, where the kernel’s filekattr structure is initialized before calling vfsfileattrget, we should use the same...

Astra Linux - уязвимость в linux-5.10

A flaw was discovered in the way the “flags” member of the new pipe buffer structure lacked proper initialization in the copypagetoiterpipe and pushpipe functions of the Linux kernel. As a result, these members could contain stale values. An unprivileged local user could exploit this flaw to writ...

Astra Linux - уязвимость в ffmpeg

A flaw was discovered in FFmpeg’s HLS playlist parsing. This vulnerability allows for a denial of service through a maliciously crafted HLS playlist, which triggers a null pointer dereference during initialization...

Astra Linux - уязвимость в firefox

A use-after-free could occur if a JavaScript realm was being initialized when a garbage collection started. This vulnerability affects Firefox versions earlier than 125...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid a memory leak in f2fsrename. syzbot reported the following bug: BUG: Memory leak Unreferenced object: 0xffff888127f70830 size 16: Command: “syz.0.23”, PID 6144, jiffies 4294943712 Hex dump first 16...