70 matches found
CVE-2026-40264
A flaw was found in OpenBao. OpenBao's multi-tenant separation feature allows a privileged administrator in one tenant to revoke or renew a token belonging to another tenant if that token's accessors are leaked. This unauthorized token management could lead to a denial of service for the affected...
SUSE CVE-2026-40264
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...
CVE-2026-40264
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...
CVE-2026-40264 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...
CVE-2026-40264
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...
CVE-2026-40264
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, a tenant that leaks token accessors could have their token revoked or renewed by a privileged administrator in another tenant. This cross-namespace exposure is mitigated in version 2.5.3. The CVE entry not...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011166)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011166 advisory. In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb',...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007480)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007480 advisory. In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb',...
CVE-2026-32845
cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...
Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse
Summary TemplateContext caches type accessors by Type only, but those accessors are built using the current MemberFilter and MemberRenamer. When a TemplateContext is reused and the filter is tightened for a later render, Scriban still reuses the old accessor and continues exposing members that...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the cgltfvalidate function when processing sparse accessors. An attacker can cause out-of-bounds reads and potential memory disclosure by supplying crafted glTF/GLB files with attacker-controlled size...
CVE-2026-32845
cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...
CVE-2026-32845
Cgltf version 1.15 and earlier contains an integer overflow in cgltf_validate() when validating sparse accessors, enabling heap buffer over-reads of attacker-controlled size values in crafted glTF/GLB inputs. This leads to denial of service crashes and potential memory disclosure via cgltf_calc_i...
PT-2026-27144
Name of the Vulnerable Software and Affected Versions cgltf versions prior to 1.15 Description cgltf versions prior to 1.15 contain an integer overflow issue in the cgltf validate function when validating sparse accessors. This allows attackers to trigger out-of-bounds reads by providing speciall...
SUSE CVE-2022-50814
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sglsgenr KASAN reported this Bug: 17619.659757 BUG: KASAN: global-out-of-bounds in paramgetint+0x34/0x60 17619.673193 Read of size 4 at addr fffff01332d7ed00 by task readall/1507958...
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-2464)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : scsi: qla2xxx: Fix warning message due to adisc being flushedCVE-2022-49158 scsi: qla2xxx: Implement ref count for SRBCVE-2022-49159 tcp: add...
SUSE CVE-2022-50647
In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb', outsb', etc. which use the physical PCI port I/O address rather than the corresponding memory mapping to get at the requested...
EUVD-2022-55709
In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb', outsb', etc. which use the physical PCI port I/O address rather than the corresponding memory mapping to get at the requested...
CVE-2022-50647
In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb', outsb', etc. which use the physical PCI port I/O address rather than the corresponding memory mapping to get at the requested...
UBUNTU-CVE-2022-50647
In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb', outsb', etc. which use the physical PCI port I/O address rather than the corresponding memory mapping to get at the requested...