UBUNTU-CVE-2026-46114

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt: value = u64 payloadaddrpkt; checkrkey previously accepted an...

CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt: value = u64 payloadaddrpkt; checkrkey previously accepted an...

CVE-2026-34003

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

CVE-2026-34003

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

UBUNTU-CVE-2026-34003

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

EUVD-2022-35211

Malicious code in bioql PyPI...

PT-2025-2592 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a confused deputy in the checkKeyIntent function of AccountManagerService.java, allowing a possible bypass of intent security checks. This could lead to the...

PT-2024-37050 · WordPress · The Newsletter - Api

Name of the Vulnerable Software and Affected Versions: The Newsletter - API v1 and v2 addon plugin for WordPress versions up to, and including, 2.4.5 Description: The issue allows unauthorized management of subscribers due to a PHP type juggling problem in the check api key function. This enables...

PT-2023-25257 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to unsafe deserialization in the checkKeyIntentParceledCorrectly function of AccountManagerService.java. This could lead to local escalation of privilege with no...

CVE-2023-21131

In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...

PT-2023-17923 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: A logic error in the checkKeyIntentParceledCorrectly function of ActivityManagerService.java can lead to a bypass of Parcel Mismatch mitigations. This issue could result in local...

CVE-2020-0338

In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-123700107...

Дырка в GNUPG

Если письмо содержит несколько подписанных частей, то проверяется целостность лишь последей части. Кроме того, программа производит обмен приватным ключем с сервером и некорректно проверяются сигнатуры файлов...