27 matches found
BELL-CVE-2026-46160
Bulletin has no description...
DEBIAN-CVE-2026-46139
In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...
DEBIAN-CVE-2026-46079
In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...
BELL-CVE-2026-43354
Bulletin has no description...
RHSA-2026:19160 Red Hat Security Advisory: firefox security update
Bulletin has no description...
DEBIAN-CVE-2026-43035
In the Linux kernel, the following vulnerability has been resolved: net: sched: clsapi: fix tcchainfillnode to initialize tcminfo to zero to prevent an info-leak When building netlink messages, tcchainfillnode never initializes the tcminfo field of struct tcmsg. Since the allocation is not zeroed...
DEBIAN-CVE-2026-31756
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...
DEBIAN-CVE-2026-31738
In the Linux kernel, the following vulnerability has been resolved: vxlan: validate ND option lengths in vxlannacreate vxlannacreate walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLAD...
DEBIAN-CVE-2026-3219
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
DEBIAN-CVE-2026-2921
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending o...
DEBIAN-CVE-2026-23059
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by firmware is used to calculate the copy length into item-iocb. However, the iocb member is...
BELL-CVE-2025-71138
Bulletin has no description...
DEBIAN-CVE-2025-13014
Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...
CVE-2023-30669
Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code...
CVE-2024-10387
CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service...
CVE-2024-6679
A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...
CVE-2023-40642
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...
BELL-CVE-2021-4193 CVE-2021-4193 does not affect BellSoft software
Bulletin has no description...
PT-2022-3561 · Google +1 · Google-Oauth-Java-Client +1
Name of the Vulnerable Software and Affected Versions: google-oauth-java-client versions prior to 1.33.3 Description: The vulnerability is related to the IDToken verifier not verifying if a token is properly signed. This allows an attacker to provide a compromised token with a custom payload, whi...
cmark-gfm 输入验证错误漏洞
cmark-gfm is an extended version of the C-reference implementation of CommonMark, a rationalized version with canonical Markdown syntax. cmark-gfm suffers from an input validation error vulnerability that could be exploited by an attacker to cause remote code execution in applications using the...