30 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46243
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority- bearing fields such as pid, uid, creduid, and upcalltarge...
CVE-2026-46243
In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...
EUVD-2026-33668
In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: Fixed the issue of loading RxGK tokens to check bounds. The rxrpcpreparsexdryfsrxgk function reads the raw key length and ticket length from the XDR token as u32 values. It rounds each value up by 4 before using the...
PT-2026-45478
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 6.18.34 Linux kernel versions prior to 6.12.92 Linux kernel versions prior to 6.6.142 Linux kernel versions prior to 6.1.175 Linux kernel versions prior to 5.15.209 Linux...
DEBIAN-CVE-2026-31641
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpcpreparsexdryfsrxgk reads the raw key length and ticket length from the XDR token as u32 values and passes each through roundupx, 4 before using the rounded value for validation a...
CVE-2026-31641
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpcpreparsexdryfsrxgk reads the raw key length and ticket length from the XDR token as u32 values and passes each through roundupx, 4 before using the rounded value for validation a...
CVE-2026-31641
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpcpreparsexdryfsrxgk reads the raw key length and ticket length from the XDR token as u32 values and passes each through roundupx, 4 before using the rounded value for validation a...
CVE-2026-31641 rxrpc: Fix RxGK token loading to check bounds
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpcpreparsexdryfsrxgk reads the raw key length and ticket length from the XDR token as u32 values and passes each through roundupx, 4 before using the rounded value for validation a...
CVE-2026-31641
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpcpreparsexdryfsrxgk reads the raw key length and ticket length from the XDR token as u32 values and passes each through roundupx, 4 before using the rounded value for validation a...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001268)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001268 advisory. The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of addkey for a key that already exists but is uninstantiated, which allows local users to cause...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000566)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000566 advisory. Memory leak in the keylinkend function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service memory consumption...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003159)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003159 advisory. security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002671)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002671 advisory. security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003032)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003032 advisory. The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of addkey for a key that already exists but is uninstantiated, which allows local users to cause...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002143)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002143 advisory. Memory leak in the keylinkend function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service memory consumption...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001971)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001971 advisory. Memory leak in the keylinkend function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service memory consumption...
SUSE CVE-2016-8650
The mpipowm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service stack memory corruption and panic via an addkey system call for an RSA key with a zero exponent...
SUSE CVE-2017-15274
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted addkey or keyctl system call, a different...
Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin
āļø Description The Add Key functionality in the Application is vulnerable to CSRF attack. šµļøāāļø Proof of Concept history.pushState'', '', '/' š„ Impact This vulnerability can let an attacker add data to the database without the knowledge/interaction of the user. š Location index.phpL1 š References...