ROS-20260403-73-0011

A vulnerability in the Linux operating system kernel is related to a flaw in the use of the assert function. Exploitation of the vulnerability allows an attacker to cause a denial of service...

EUVD-2026-17223

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

CVE-2026-22790

EVerest is an EV charging software stack. Prior to version 2026.02.0, HomeplugMessage::setuppayload trusts len after an assert; in release builds the check is removed, so oversized SLAC payloads are memcpy'd into a 1497-byte stack buffer, corrupting the stack and enabling remote code execution fr...

EUVD-2026-16197

EVerest is an EV charging software stack. Prior to version 2026.02.0, HomeplugMessage::setuppayload trusts len after an assert; in release builds the check is removed, so oversized SLAC payloads are memcpy'd into a 1497-byte stack buffer, corrupting the stack and enabling remote code execution fr...

Security update for systemd

This update for systemd fixes the following issues: CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. udev: check for invalid chars in various fields...

systemd: Local unprivileged user can trigger an assert

...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-006302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006302 advisory. When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size...

Linux Distros Unpatched Vulnerability : CVE-2026-29111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v2...

DEBIAN-CVE-2026-29111

systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...

CVE-2026-29111

CVE-2026-29111: systemd local unprivileged user can trigger an assert via an unprivileged IPC API call with spurious data. The issue affects versions from v239 onward; older than v239 are not affected, while v249 and older exhibited stack overwriting, attacker-controlled content. Patches exist in...

CVE-2026-29111 systemd: Local unprivileged user can trigger an assert

systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...

CVE-2026-29111 systemd: Local unprivileged user can trigger an assert

systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...

UBUNTU-CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

CVE-2026-23555 Xenstored DoS by unprivileged domain

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

ROS-20260311-73-0004

Vulnerability in mongodb-org related to a flaw in the use of assert. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

SUSE SLES15 Security Update : valkey (SUSE-SU-2026:0848-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0848-1 advisory. Update to version 8.0.7. Security issues fixed: - CVE-2025-67733: data tampering and denial of service via improper null character...

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. CVE-2025-69224: Fixed unicode processing of header values could cause...

ROS-20260310-73-0031

A vulnerability in the csnNormalize23 function of the OpenLDAP LDAP protocol implementation is related to a flaw in the use of the assert function. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a malicious packet...

UBUNTU-CVE-2026-27015

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in smartcardunpackreadsizealign libfreerdp/utils/smartcardpack.c:1703 allows a malicious RDP server to crash the FreeRDP client via a reachable WINPRASSERT → abort. The crash occurs in...