DEBIAN-CVE-2026-8829

HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...

SUSE CVE-2026-45681

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

CVE-2026-46264

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

USN-8374-1 linux-aws-6.17, linux-gcp, linux-gcp-6.17 vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

USN-8373-1 linux, linux-aws, linux-aws-6.8, linux-aws-fips, linux-azure, linux-fips, linux-gcp, linux-gcp-6.8, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-nvidia-tegra, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8 vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

CVE-2026-45681

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

EUVD-2026-33956

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpfproberead instead of bpfprobereaduser. An instrumented local process can therefore point OBI at kerne...

CVE-2026-45681 OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

CVE-2026-45681

Summary: OpenTelemetry eBPF Instrumentation contains a memory‑read overflow in the CPU‑mismatch fallback path. Prior to version 0.9.0, a 256‑byte backup buffer is used for the per‑CPU message buffer, while the logical payload size can reach 8KB. If a CPU mismatch occurs, the code can read beyond ...

EUVD-2026-33955

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

CVE-2026-45682

OpenTelemetry eBPF Instrumentation CVE-2026-45682 describes a leak in CappedConcurrentHashMap used for Java TLS state tracking: when entries are deleted, keys are not removed from the insertion-order queue, allowing the queue to grow in long-running instrumented JVMs. The issue causes heap exhaus...

CVE-2026-5071

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...

SUSE-SU-2026:2203-1 Security update for wireshark

This update for wireshark fixes the following issues - CVE-2026-5401: AFP dissector crash bsc1263756. - CVE-2026-5403: SBC audio codec crash bsc1263765. - CVE-2026-5404: K12 RF5 file parser crash bsc1263766. - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5406: FC-SWILS dissector cras...

Linux Distros Unpatched Vulnerability : CVE-2026-44660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and...

CVE-2026-5071

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...

CVE-2026-5071

The CVE-2026-5071 entry concerns the SocketCAN implementation (Zephyr context) where a user-provided buffer containing a socketcan_frame is validated only by a NET_ASSERT in zcan_sendto_ctx() and then dereferenced in socketcan_to_can_frame(). In production builds with assertions disabled, a users...

Security update for perl-YAML-Syck (moderate)

openSUSE Security Update: Security update for perl-YAML-Syck Announcement ID: openSUSE-SU-2026:0180-1 Rating: moderate References: 1252111 1259757 Cross-References: CVE-2025-11683 CVE-2026-4177 CVSS scores: CVE-2025-11683 SUSE: 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products:...

Exim 安全漏洞

Exim is an open-source message transfer agent MTA developed by Exim Software, running on Unix systems. It primarily handles the routing, forwarding, and delivery of emails. Versions of Exim from 4.88 to 4.99.4 contained security vulnerabilities. These vulnerabilities stemmed from improper handlin...

PT-2026-45078

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan frame object using only a NET ASSERT statement in zcan sendto ctx before dereferencing it in socketcan to can frame. In production builds where assertions are disabled, a userspace application that...