3139 matches found
CVE-2026-56018
CVE-2026-56018 concerns JavaScript::Minifier::XS for Perl with memory leak in versions before 0.16. The root cause is that, in JsMinify (XS.xs), cleanup frees only NodeSet structures but not per-token contents buffers, and JsDiscardNode unlinks nodes without freeing their contents. As a result, e...
UBUNTU-CVE-2026-11979
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow intern...
CVE-2026-53322
A flaw was found in the Linux kernel's vfio/pci subsystem. During device shutdown, an improper order of operations in cleaning up Direct Memory Access Buffers DMABUFs before disabling the function creates a brief window. In this window, a device's Base Address Registers BARs could still be access...
CVE-2026-53284
A flaw was found in the Linux kernel's Btrfs filesystem. A local user performing specific filesystem operations could trigger an error during the writing of dirty extent buffers. This improper handling of the dirty pages I/O tree can prevent unsubmitted records from being cleaned up, leading to...
SUSE CVE-2026-53284
In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...
net: mvpp2: refill RX buffers before XDP or skb use
...
EUVD-2026-31694
Hackney has unbounded buffer accumulation in WebSocket...
DEBIAN-CVE-2026-53322
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...
CVE-2026-53284
In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...
CVE-2026-53322
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...
CVE-2026-53322
CVE-2026-53322 affects the Linux kernel’s vfio/pci subsystem. The issue occurs during device shutdown when vfio_pci_core_close_device() disables a function before calling vfio_pci_dma_buf_cleanup(), allowing a small window where the function’s MSE is cleared while DMABUF-access to BARs may still ...
EUVD-2026-39889
In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...
CVE-2026-53284
In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...
CVE-2026-53284
CVE-2026-53284 (Linux kernel, btrfs): The issue arises in btrfs_write_and_wait_transaction() where, after an error from btrfs_write_marked_extent(), the code still calls btrfs_extent_io_tree_release() to clear the dirty_pages io tree. This tree may contain records not yet submitted, and subsequen...
CVE-2026-53054
A flaw was found in the Linux kernel's Direct Rendering Manager DRM subsystem, specifically within the Qualcomm Adreno GPU MSM driver. An incorrect argument in the VMBIND UNMAP locking mechanism meant that certain objects involved in unmapping operations were not consistently locked. This could...
OPENSUSE-SU-2026:21066-1 Security update for python-python-multipart
This update for python-python-multipart fixes the following issues - CVE-2026-53537: multipart/form-data with extended parameters can lead to file or parameter smuggling bsc1268506. - CVE-2026-53538: urlencoded requests containing semicolons can lead to form field smuggling bsc1268496. -...
CVE-2026-53215
A flaw was found in the Linux kernel's mvpp2 network driver. This vulnerability occurs due to incorrect handling of receive RX buffers, where a buffer is returned to the hardware Buffer Manager BM pool after it has been passed to the eXpress Data Path XDP or attached to a socket buffer skb. This...
PT-2026-52961
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists during device shutdown where the vfio pci core close device function may not revoke DMABUF access before the function is disabled via vfio pci core disable. This creates ...
SUSE SLES12 Security Update : kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:2549-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2549-1 advisory. This update for the SUSE Linux Enterprise Kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: -...
Oracle Linux 8 : openssl (ELSA-2026-50323)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50323 advisory. - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 - Fix CVE-2024-4741: Use After Free with SSLfreebuffers Resolve...