565 matches found
UBUNTU-CVE-2026-42321
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...
UBUNTU-CVE-2026-27145
x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...
DEBIAN-CVE-2026-46055
In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.04 with Linux 7.0-rc4 on an ARM64 Qualcomm Snapdragon X1 we see a string buffer overrun: BUG: KASAN: slab-out-of-bounds in aadfamatch...
DEBIAN-CVE-2026-46011
In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...
DEBIAN-CVE-2026-45949
In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...
RHSA-2026:20586 Red Hat Security Advisory: thunderbird security update
Bulletin has no description...
UBUNTU-CVE-2026-41292
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data...
0lever-utils (>=0.0.2 <=0.0.7), 2keys (=0.5.1) +5826 more potentially affected by CVE-2026-45409 via idna (>=2.0.0 <=3.14.0)
idna PYPI version =2.0.0, =0.0.2, =0.0.1a0, =0.0.2, =0.0.6, =0.1.0, =0.1.3, =0.0.3, =19.11.0, =0.2.0rc1, =1.1.0rc1 and more Source cves: CVE-2026-45409 Source advisory: OSV:GHSA-65PC-FJ4G-8RJX...
MGASA-2026-0147 Updated rclone packages fix security vulnerabilities
This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it...
MAL-2026-3382 Malicious code in solana-wallet-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0fafa4851b72650b6cb905d88ab0e9ac73276e188d44bf1ff2cb010eb6945c59 Code pretends to be a crypto utility but exfiltrates given private key / seed --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
RHSA-2026:13978 Red Hat Security Advisory: libsoup security update
Bulletin has no description...
a-mailx (=0.1.0), aaa-ml-datasets-course (=1.0.0) +103 more potentially affected by CVE-2026-42557 via notebook (>=7.0.0 <=7.5.5)
notebook PYPI version =7.0.0, =0.0.7, =1.0.1, =0.1.0, =1.6.4, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =0.1.8, =0.0.2, =0.0.6 - compare-my-stocks =1.0.5 and more Source cves: CVE-2026-42557 Source advisory: OSV:GHSA-MQCG-5X36-VFCG...
BIT-JAVA-2023-41074
The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...
UBUNTU-CVE-2026-43124
In the Linux kernel, the following vulnerability has been resolved: pstore: ramcore: fix incorrect success return when vmap fails In persistentramvmap, vmap may return NULL on failure. If offset is non-zero, adding offsetinpagestart causes the function to return a non-NULL pointer even though the...
DEBIAN-CVE-2026-31755
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...
JLSEC-2026-374
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding...
UBUNTU-CVE-2026-5408
BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
CLSA-2026-1776948287 vim: Fix of CVE-2022-3234
CVE-2022-3234 fix heap buffer overflow in opreplace when replacing NUL after Tab in virtualedit mode...
UBUNTU-CVE-2026-41196
Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...
DEBIAN-CVE-2026-31513
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...