121 matches found
JLSEC-2026-731 In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when...
In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...
CVE-2026-7639
Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code. Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete...
CVE-2026-6101
The CVE-2026-6101 entry affects the AMP for WP – Accelerated Mobile Pages WordPress plugin (versions up to and including 1.1.12). The vulnerability arises from unsafe ZIP extraction in ampforwp_save_local_font() plus inadequate cleanup that omits removal of nested directories/files, enabling auth...
EUVD-2026-25004
mknod: Device nodes created mislabeled on SELinux, with broken cleanup removedir on a node...
CVE-2026-44947
CVE-2026-44947 describes a missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher, affecting versions 2.13.0–2.13.7 and 2.14.0–2.14.3. The issue allows users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those per...
CVE-2026-53299
CVE-2026-53299 affects the Linux kernel net:airoha component. The vulnerability stems from premature initialization of ndesc in airoha_qdma_init_tx_queue; if queue entry list allocation fails, airoha_qdma_cleanup_tx_queue() may dereference a NULL queue entry array, potentially causing a DoS/syste...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fixed an issue where missing cleanup was performed after a getburstcount call failed. getburstcount may return -EBUSY when it times out. In such cases, st33zp24send returns directly without releasing the locality...
draw.io 跨站脚本漏洞
Draw.IO is an open-source configurable charting and whiteboard application. Versions of Draw.IO prior to 29.7.12 had a cross-site scripting vulnerability. This vulnerability occurred because the feature detection routine in the Text Format panel did not clean up the original cell labels, allowing...
CVE-2026-46235
In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164devsetup. If ioremap for BAR0 or BAR2 fails, release the already allocated PCI memory regions, remove the device from the globa...
kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackhelper. When a connection tracking helper is unregistered, its associated expectations are not properly cleaned up. This oversight can lead to a use-after-free vulnerability, where the system attempts t...
Linux Distros Unpatched Vulnerability : CVE-2026-45941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm: tpmi2cinfineon: Fix locality leak on getburstcount failure getburstcount can return -EBUSY on timeout. When this happens, the function returns directly...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cxl/region: Do not attempt cleanup after a failure in cxlRegionAttach. Commit 5e42bcbc3fef “cxl/region: Decrement -nrtargets in case of errors in cxlRegionAttach” attempted to prevent initialization errors when -nrtargets...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/rw: Potential allocated iovec in the cache may be freed after a failure. If a read/write request passes through ioreqrwcleanup, and an allocated iovec is attached to the request but fails to be placed into the rwcache, it...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: A buggy exit annotation for the remove function was removed. With tpd12s015remove marked with exit, this function is discarded when the driver is compiled as a built-in component. As a result, when the driv...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: Fixed possible memory leaks in dsaloopinit. kmemleak: Reported memory leaks in dsaloopinit: kmemleak: 12 new suspected memory leaks. Unreferenced object 0xffff8880138ce000 size 2048: comm "modprobe", pid 390, jiffies...
kernel: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails
In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...
EUVD-2026-28675
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code calls...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to properly clean up the userspace infrastructure when force-feed initialization fails in the...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the leakage of mechToken after the SPNEGO decoding fails. This vulnerability arises due to an err...