113930 matches found
systemd security update
An update is available for systemd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The systemd packages contain systemd, a system and service manager for Linux,...
RLSA-2026:18029 Critical: nginx security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...
openssl security update
An update is available for openssl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...
CVE-2026-43497
A flaw was found in the Linux kernel's udlfb driver. This use-after-free vulnerability occurs because the dlfbopsmmap function does not properly track active memory mappings. When the framebuffer is reallocated, existing memory page table entries PTEs are not invalidated. This allows a local...
CVE-2026-44055
A flaw was found in Netatalk. A bitwise or logic bug allows for shell injection. This vulnerability can enable an attacker to execute arbitrary code on the affected system...
CVE-2026-44076
A flaw was found in Netatalk. A local user with high privileges could exploit this vulnerability by injecting shell commands through a crafted volume path. This shell injection could lead to arbitrary code execution, allowing the attacker to gain full control over the affected system...
CVE-2026-8632
A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...
Possible arbitrary code execution during DNSSEC validation
...
CVE-2026-44049 Out-of-bounds write in convert_charset() null termination
An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...
KLA91068 ACE vulnerability in Microsoft Office
A remote code execution vulnerability was found in Microsoft Office. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-45659 Exploitation Related products Microsoft-SharePoint CVE list CVE-2026-45659 critical KB list 5002863 5002868 5002870...
MiracleLinux 9 : ruby:3.3 (AXSA:2026-706:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-706:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : nginx:1.22 (AXSA:2026-703:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-703:01 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...
PT-2026-42429
Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.0 through 4.4.2 Description Insufficient sanitization of volume paths allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path. This occurs through shell injection involvin...
MiracleLinux 9 : ruby-3.0.7-166.el9_7 (AXSA:2026-694:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-694:02 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...
PT-2026-42688
Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...
PT-2026-42605
Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...
MiracleLinux 9 : nginx:1.26 (AXSA:2026-705:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-705:01 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...
Linux Distros Unpatched Vulnerability : CVE-2026-24425
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template...
PT-2026-42406
Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.4 through 4.4.2 Description A stack-based buffer overflow occurs due to UCS-2 type confusion within the convert charset function. This allows a remote authenticated attacker to execute arbitrary code or cause a denial of...
Netatalk 操作系统命令注入漏洞
Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.0 to 4.4.2 of Netatalk have a vulnerability related to operating system command injection. This vulnerability stems fr...