69 matches found
CVE-2026-44505 Nimiq network-libp2p: Untrusted peer can wedge DHT
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handledhtget network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record...
CVE-2026-44505 Nimiq network-libp2p: Untrusted peer can wedge DHT
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handledhtget network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record...
PT-2026-45556
Name of the Vulnerable Software and Affected Versions FlexRIC version 2.0.0 Description A flaw allows a single SCTP connection to bind multiple xapp ids by sending multiple E42 SETUP REQUESTs. Upon disconnection, the system only cleans up resources for the first registered xapp id, leaving...
CVE-2026-45871
In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fix missing cleanup on getburstcount error getburstcount can return -EBUSY on timeout. When this happens, st33zp24send returns directly without releasing the locality acquired earlier. Use goto outerr to ensure...
Linux Distros Unpatched Vulnerability : CVE-2026-45871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm: st33zp24: Fix missing cleanup on getburstcount error getburstcount can return -EBUSY on timeout. When this happens, st33zp24send returns directly without...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the atmel-aes driver’s cleanup function, which only releases the first page of memory, resulting ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mshv: Error handling in mshvregionpin has been fixed. The current error handling has two issues: Firstly, the pinuserpagesfast function may return a short pin count less than the requested count but greater than zero when it...
curl: CURLOPT_HSTS_CTRL disables shared HSTS without share guard — use-after-free and double-free
Hi all, CURLOPTHSTSCTRL set to a value without CURLHSTSENABLE unconditionally frees the easy's HSTS object — even when that object is shared via a CURLSH. The result is a use-after-free and a double-free on the shared 48-byte struct hsts block when the share or any other linked easy is later torn...
CVE-2026-43888
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...
EUVD-2026-29332
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...
SUSE CVE-2026-43168
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix reflink preserve cleanup issue commit c06c303832ec "ocfs2: fix xattr array entry countedby error" doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'last' pointer should be...
CVE-2026-43168
CVE-2026-43168 concerns the Linux kernel OCFS2 reflink preserve cleanup issue. Multiple connected sources confirm a bug in the cleanup of preserved xattr entries: the last pointer should be shifted by one unit after an array entry cleanup, and the first entry may not be cleaned when xh_count is 1...
Linux Distros Unpatched Vulnerability : CVE-2026-43168
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: fix reflink preserve cleanup issue commit c06c303832ec ocfs2: fix xattr array entry countedby error doesn't handle all cases and the cleanup job for...
Security Bulletin:Axios HTTP/2 Session Cleanup Logic State Corruption Bug Fixed in 1.13.2
Summary Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The...
DEBIAN-CVE-2026-31621
In the Linux kernel, the following vulnerability has been resolved: bnge: return after auxiliarydeviceuninit in error path When auxiliarydeviceadd fails, the error block calls auxiliarydeviceuninit but does not return. The uninit drops the last reference and synchronously runs bngeauxdevrelease,...
kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure
A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...
kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure
A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...
kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure
A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in axios (CVE-2026-39865, CVE-2025-62718, CVE-2026-25639, CVE-2026-40175)
Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in axios CVE-2026-39865, CVE-2025-62718, CVE-2026-25639, CVE-2026-40175. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-39865 DESCRIPTION: Axios is a promise based...
kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure
A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...