22 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53073
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hcildisc: Clear HCIUARTPROTOINIT on error When hciregisterdev fails in hciuartregisterdev HCIUARTPROTOINIT is not cleared before calling...
curl: SMTP connection reuse ignores --ssl-reqd / CURLOPT_USE_SSL and reuses a clear-text STARTTLS session on current master
Summary: Current master reintroduces a STARTTLS connection-reuse bug in SMTP. After commit 91dcf4e610 url: urlmatchdestination fix, curl/libcurl can reuse an already-established clear-text smtp:// session for a later logical request that explicitly requires TLS via --ssl-reqd or CURLOPTUSESSL =...
SUSE CVE-2026-43859
mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...
Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.103 fixes various security issues The following security issues were fixed: CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255577. CVE-2023-54142: gtp: Fix use-after-free in gtpencapdestroy bsc1256097...
CVE-2025-12131
A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service...
MiracleLinux 4 : curl-7.19.7-46.AXS4 (AXSA:2015-432:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-432:02 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002300)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002300 advisory. The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended...
AlmaLinux 8 : kernel (ALSA-2025:17797)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:17797 advisory. kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 CVE-2022-50228 kernel: Bluetooth: L2CAP: Fix use-after-free CVE-2023-53305 Tenab...
Linux Distros Unpatched Vulnerability : CVE-2024-39301
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/9p: fix uninit-value in p9clientrpc Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace9pclientres...
CVE-2025-54885 Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits
Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...
AZL-78960 CVE-2024-24791 affecting package golang 1.25.7-1
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...
CVE-2021-47162
In the Linux kernel, the following vulnerability has been resolved: tipc: skblinearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's fraglist if the fraglist already has skbs from elsewhere, such as this skb was created by pskbcopy where the fraglist w...
The vulnerability of the VPN package based on the IPSec protocol strongSwan is caused by a mistake in the charon-tkm process, allowing a hacker to execute arbitrary code.
The vulnerability of the VPN package based on the IPSec protocol and strongSwan is caused by a mistake in the charon-tkm process, where the Key Exchange Protocol IKE is implemented using the TKMv2 Trusted Key Manager. Exploiting this vulnerability allows an attacker operating remotely to execute...
kernel: Linux kernel (TIPC): Information disclosure via uninitialized memory in tipc_topsrv_kern_subscr
A flaw was found in the Linux kernel's Transparent Inter-Process Communication TIPC protocol. This vulnerability allows a local user to disclose sensitive information due to four uninitialized bytes in the sub.usrhandle field within the tipctopsrvkernsubscr function. When a user issues a setsocko...
UBUNTU-CVE-2021-22212
ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...
NTPsec 加密问题漏洞
NTPsec is a more secure NTP. A security vulnerability exists in NTPsec 1.2.0 that allows ntpkeygen to generate keys...
thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...
CentOS Update for httpd CESA-2017:1721 centos6
Check the version of httpd SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882751";...
The vulnerability of Cisco Nexus 1000V microprogramming software allows a remote attacker to gain unauthorized access to the device.
The function for receiving messages in the ntpproto.c file continues to operate even after an error message is displayed. This allows a remote attacker to gain unauthorized access to the device using specially crafted packets...
The vulnerability of the microprogramming software of Cisco Nexus 5000 allows a remote attacker to gain unauthorized access to the device.
The function for receiving messages in the ntpproto.c file continues to operate even after an error message is displayed. This allows a remote attacker to gain unauthorized access to the device using specially crafted packets...