8349 matches found
PT-2026-52009
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the fsl-mc bus. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This lead...
PT-2026-52006
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the rtlwifi PCI component. The irq prepare bcn tasklet is initialized in rtl pci init and scheduled upon a RTL IMR BCNINT hardware interrupt. Because thi...
PT-2026-51842
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the I2C TIMEOUT ioctl. The function accepts a user-provided timeout value in multiples of 10 ms. Although the argument is checked against INT MAX, it is...
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: asix: Proper error handling for USB read errors has been added. The Syzbot issue with the asix driver remains the same. The problem is still present—the asixreadcmd function reads fewer bytes than requested by the caller...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: Do not delete the error page from the page cache. This change is very similar to the change made for shmem 1. It addresses the same issue, but for the HugeTLBFS mechanism instead. Currently, when a poisoned HugeTLB pag...
Astra Linux – Vulnerability in Linux 5.15
A buffer overflow vulnerability was discovered in the Linux kernel’s Intel iSMT SMBus host controller driver. This vulnerability allows a local user to crash the system by triggering the I2CSMBUSBLOCKDATA function with malicious input data. source-iocs-preserved const=I2CSMBUS...
Astra Linux – Vulnerability in Linux 5.15
A buffer overflow vulnerability was discovered in the Linux kernel’s Intel iSMT SMBus host controller driver, particularly in its handling of the I2CSMBUSBLOCKPROCCALL case using the ioctl I2CSMBUS function. This flaw could allow a local user to cause the system to crash...
Astra Linux – Vulnerability in Intel Microcode
A failure in the protection mechanism of the bus lock regulator for certain IntelR processors may allow an unauthenticated user to potentially exploit the system to cause a denial of service through network access...
Astra Linux – Vulnerability in Linux 5.15
The rpmsgprobe function in the drivers/rpmsg/virtiorpmsgbus.c file in the Linux kernel, prior to version 5.18.4, contains a double-free issue...
CVE-2026-55740
Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...
CVE-2026-55740
Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...
CVE-2026-2604
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...
wireshark: Improperly Controlled Sequential Memory Allocation in Wireshark
A flaw was found in the USB HID dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing an excessive consumption of memory, resulting in a denial of service...
CVE-2026-34021 Lack of cryptographic protection in Wertheim SafeController 5400 enables RS-485 message sniffing and replay
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485...
CVE-2026-12189
A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...
PT-2026-49074
Name of the Vulnerable Software and Affected Versions abrt-dbus affected versions not specified Description A race condition exists in the ChownProblemDir method of the abrt-dbus D-Bus service. The ChownProblemDir method opens the dump directory using DD OPEN READONLY and executes dd chown to...
CVE-2026-44786
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...
EUVD-2026-36560
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for /webhookevents/ in Jobs::RedeliverWebHookEvents did not pass groupids, leaving the channel...