71 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-52987
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: avoid double drmexecfini in userq validate When newaddition is true, amdgpuuserqvmvalidate calls drmexecfini&exec before iterating over the collecte...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: fixed the issue with preserving cleanup for reflinks. The commit c06c303832ec “ocfs2: fixed the error where xattr array entries were not properly handled” does not handle all cases, and the cleanup of preserved xattr...
CVE-2026-44505 Nimiq network-libp2p: Untrusted peer can wedge DHT
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handledhtget network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record...
CVE-2026-44505 Nimiq network-libp2p: Untrusted peer can wedge DHT
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handledhtget network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record...
PT-2026-45556
Name of the Vulnerable Software and Affected Versions FlexRIC version 2.0.0 Description A flaw allows a single SCTP connection to bind multiple xapp ids by sending multiple E42 SETUP REQUESTs. Upon disconnection, the system only cleans up resources for the first registered xapp id, leaving...
CVE-2026-45871
In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fix missing cleanup on getburstcount error getburstcount can return -EBUSY on timeout. When this happens, st33zp24send returns directly without releasing the locality acquired earlier. Use goto outerr to ensure...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the atmel-aes driver’s cleanup function, which only releases the first page of memory, resulting ...
Linux Distros Unpatched Vulnerability : CVE-2026-45871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm: st33zp24: Fix missing cleanup on getburstcount error getburstcount can return -EBUSY on timeout. When this happens, st33zp24send returns directly without...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mshv: Error handling in mshvregionpin has been fixed. The current error handling has two issues: Firstly, the pinuserpagesfast function may return a short pin count less than the requested count but greater than zero when it...
curl: CURLOPT_HSTS_CTRL disables shared HSTS without share guard — use-after-free and double-free
Hi all, CURLOPTHSTSCTRL set to a value without CURLHSTSENABLE unconditionally frees the easy's HSTS object — even when that object is shared via a CURLSH. The result is a use-after-free and a double-free on the shared 48-byte struct hsts block when the share or any other linked easy is later torn...
CVE-2026-43888
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...
EUVD-2026-29332
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...
SUSE CVE-2026-43168
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix reflink preserve cleanup issue commit c06c303832ec "ocfs2: fix xattr array entry countedby error" doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'last' pointer should be...
CVE-2026-43168
CVE-2026-43168 concerns the Linux kernel OCFS2 reflink preserve cleanup issue. Multiple connected sources confirm a bug in the cleanup of preserved xattr entries: the last pointer should be shifted by one unit after an array entry cleanup, and the first entry may not be cleaned when xh_count is 1...
Linux Distros Unpatched Vulnerability : CVE-2026-43168
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: fix reflink preserve cleanup issue commit c06c303832ec ocfs2: fix xattr array entry countedby error doesn't handle all cases and the cleanup job for...
Security Bulletin:Axios HTTP/2 Session Cleanup Logic State Corruption Bug Fixed in 1.13.2
Summary Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The...
DEBIAN-CVE-2026-31621
In the Linux kernel, the following vulnerability has been resolved: bnge: return after auxiliarydeviceuninit in error path When auxiliarydeviceadd fails, the error block calls auxiliarydeviceuninit but does not return. The uninit drops the last reference and synchronously runs bngeauxdevrelease,...
kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure
A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...
kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure
A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...
kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure
A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...