CVE-2026-46003

The CVE-2026-46003 entry concerns the Linux kernel, specifically the net: qrtr: ns component. The issue is that the nameserver did not cap the total number of nodes it handles, allowing a malicious client to register many nodes and potentially exhaust memory. The documented fix limits the maximum...

CVE-2026-46003

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading to memory...

CVE-2026-45845

A flaw was found in the Linux kernel's TAPRIO Traffic Policing and Rate Limiting I/O qdisc. An unprivileged local user, with namespace-scoped CAPNETADMIN capabilities, can trigger a kernel null pointer dereference. This occurs by creating a TAPRIO qdisc in a new network namespace, grafting and th...

EUVD-2026-32171

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...

CVE-2026-41704

AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...

CVE-2026-41704 Compromised VM can make arbitrary blobstore deletes

AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...

CVE-2026-41704

CVE-2026-41704 affects BOSH Director prior to v282.1.12. The issue arises from AgentClient#handle_method handling NATS responses: it may invoke inject_compile_log and format_exception, and the blobstore resource flow calls ResourceManager#get_resource(blob_id) followed by ResourceManager#delete_r...

Cloud Foundry BOSH Director 安全漏洞

Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. Versions of Cloud Foundry BOSH Director prior to v282.1.12 contained security vulnerabilities. These vulnerabilities stemmed from AgentClient not performin...

CVE-2026-46038

net: qrtr: ns: Free the node during ctrlcmdbye...

PT-2026-43914

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the QRTR nameservice driver during the remove process. If a packet arrives after destroy workqueue is called but before sock release, the qrtr ns data...

CVE-2026-46026

net: qrtr: ns: Limit the maximum number of lookups...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the issue of reusing resources after the removal of the qtrrns driver. This could lead to the...

CVE-2026-46003

net: qrtr: ns: Limit the total number of nodes...

PT-2026-43893

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The net:qrtr:ns component lacks bound checking on the number of lookups a client can perform. A malicious local client could...

CVE-2026-46047

net: qrtr: ns: Fix use-after-free in driver remove...

Linux Distros Unpatched Vulnerability : CVE-2022-29582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 5.17.3, fs/iouring.c has a use-after-free due to a race condition in iouring timeouts. This can be triggered by a local user who has ...

Linux Distros Unpatched Vulnerability : CVE-2026-46003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicio...

Linux Distros Unpatched Vulnerability : CVE-2026-45842

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no...

PT-2026-43870

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The nameserver in the Qualcomm Router qrtr network subsystem does not limit the number of nodes it handles. A malicious clie...

Malicious code in loadtest-browser-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 934a61b207f82f8549de09139a73a80f47746bba1dacd21f657d34e6e542324e On npm install, the package's preinstall hook executes index.js, which collects host identifiers hostname, username, platform, arch, cwd, pid,...