CVE-2026-45950 crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfiveaesaeaddoonereq The starfiveaesaeaddoonereq function allocates rctx-adata with kzalloc but fails to free it if sgcopytobuffer or starfiveaeshwinit fails, which lead to memory leaks...

CVE-2026-45950

CVE-2026-45950 : Linux kernel vulnerability in crypto: starfive, where the function starfive_aes_aead_do_one_req() allocates rctx->adata via kzalloc() but fails to free it on certain error paths (sg_copy_to_buffer(), starfive_aes_hw_init()), causing memory leaks. The issue is resolved by ensur...

CVE-2026-45907

CVE-2026-45907 : In the Linux kernel, the net/mlx5e subsystem could deadlock between devlink and netdev instance locks due to incorrect lock ordering during recovery. The fix moves netdev_trylock usage from high-level work handlers to the lower recovery functions where it’s actually required, ali...

CVE-2026-45870 SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: authgss: fix memory leaks in XDR decoding error paths The gssxdecctx, gssxdecstatus, and gssxdecname functions allocate memory via gssxdecbuffer, which calls kmemdup. When a subsequent decode operation fails, these...

CVE-2026-45870

The CVE-2026-45870 issue affects the Linux kernel SUNRPC auth_gss path, causing memory leaks in XDR decoding error paths. Specifically, gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name() allocate buffers via gssx_dec_buffer() (kmemdup) and may return early on a subsequent decode error without...

CVE-2026-42756

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ludwig You QuickWebP - Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP - Compress / Optimize Images & Convert WebP | SEO Friendly: fr...

SUSE CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

PT-2026-43838

In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOC MAX CACHE SIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into...

Gladinet Triofox 安全漏洞

Gladinet Triofox is an enterprise file sharing and remote access platform developed by the American company Gladinet. There is a security vulnerability in Gladinet Triofox, which stems from a stack buffer overflow issue when processing long URL paths starting with /woshome...

CVE-2026-45924

ksmbd: call ksmbdvfskernpathendremoving on some error paths...

Gladinet Triofox 安全漏洞

Gladinet Triofox is an enterprise file sharing and remote access platform developed by the American company Gladinet. There is a security vulnerability in Gladinet Triofox, which stems from a stack buffer overflow issue when processing long URL paths that start with “/resources”...

UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a security vulnerability. This vulnerability stems from the use of user-controlled taskname values to construct session log path names, which may...

Gladinet Triofox 安全漏洞

Gladinet Triofox is an enterprise file sharing and remote access platform developed by the American company Gladinet. There is a security vulnerability in Gladinet Triofox, which stems from listening on the TCP port 7878 and processing URL paths that start with /resources, /status, /sysinfo,...

PT-2026-44118

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software uses the user-controlled task name value directly when constructing session log...

PT-2026-43817

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the starfive aes aead do one req function. The function allocates rctx-adata using kzalloc, but fails to release this memory if the sg copy to buffer or starfive...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from accessing invalid leaf nodes when a reference key is not found in btrfsquotaenable, potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-42497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : GitPython vulnerabilities (USN-8303-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8303-1 advisory. Santos Gallegos discovered that GitPython did not properly validate paths when...

USN-8303-1: GitPython vulnerabilities

Santos Gallegos discovered that GitPython did not properly validate paths when resolving certain Git references. An attacker could possibly use this issue to cause files outside the .git directory to be accessed, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu...

USN-8303-1 python-git vulnerabilities

Santos Gallegos discovered that GitPython did not properly validate paths when resolving certain Git references. An attacker could possibly use this issue to cause files outside the .git directory to be accessed, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu...