142646 matches found
CVE-2026-46064
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
CVE-2026-45994
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in commandfilewrite due to missing size checks The commandfilewrite handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the buffer against the dot...
CVE-2026-45975
In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the iouringsqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...
UBUNTU-CVE-2026-46064
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
UBUNTU-CVE-2026-45979
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: clean up the amdgpucsparserbos In low memory conditions, kmalloc can fail. In such conditions unlock the mutex for a clean exit. We do not need to amdgpubolistput as it's been handled in the amdgpucsparserfini...
UBUNTU-CVE-2026-45994
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in commandfilewrite due to missing size checks The commandfilewrite handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the buffer against the dot...
CVE-2026-36540
Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skkset.cgi endpoint. The password and newpwdconfirm POST parameters are passed directly to the underlying OS shell without sanitization. An attacker can inject arbitrary shell commands by...
CVE-2026-36044
@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...
CVE-2026-46598 vulnerabilities
Vulnerabilities for packages: flux, istio, docker-cli-buildx, kots, kaf, kubernetes, nerdctl, argo-cd, aactl, containerd, prometheus-operator, external-dns, cilium-cli, k3s, kubernetes-dashboard, opentofu, knative-serving, rancher-agent, podman, spire-server, gitlab-kas, kine, minio, loki,...
CVE-2026-39834 vulnerabilities
Vulnerabilities for packages: docker-cli-buildx, eksctl, nfpm, terraform-provider-azapi, crossplane-provider-azure-managedidentity, argo-cd, cloudflared, kubescape, flux-notification-controller, aactl, flux-operator, wolfictl, go-discover, opentofu, knative-serving, osv-scanner, spire-server,...
CVE-2026-39828 vulnerabilities
Vulnerabilities for packages: flux, istio, kots, skaffold, kaf, kubernetes, nerdctl, argo-cd, kubescape, aactl, containerd, prometheus-operator, external-dns, cilium-cli, k3s, kubernetes-dashboard, knative-serving, rancher-agent, osv-scanner, spire-server, gitlab-kas, kine, argocd-image-updater,...
CVE-2026-46595 vulnerabilities
Vulnerabilities for packages: trivy-fips, kyverno-fips, argo-cd, kubescape, aactl, kube-state-metrics, opentofu, knative-serving, osv-scanner, spire-server, gitlab-kas, argo-cd-fips, seaweedfs-rocksdb, flux-source-controller, knative-serving-fips, seaweedfs-rocksdb-fips, argocd-image-updater-fips...
CVE-2026-39832 vulnerabilities
Vulnerabilities for packages: trivy-fips, docker-cli-buildx, kyverno-fips, prometheus-podman-exporter, nfpm, argo-cd, kubescape, docker-cli-buildx-fips, packer, aactl, wolfictl, kube-state-metrics, go-discover, opentofu, knative-serving, osv-scanner, spire-server, gitlab-kas, argo-cd-fips,...
USN-8321-1: Papers vulnerability
It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could use this issue to manipulate command lines and possibly execute arbitrary code...
USN-8321-1 papers vulnerability
It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could use this issue to manipulate command lines and possibly execute arbitrary code...
CVE-2026-46064 ibmasm: fix heap over-read in ibmasm_send_i2o_message()
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
EUVD-2026-32446
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
CVE-2026-46064
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
CVE-2026-46064
The CVE-2026-46064 issue affects the Linux kernel’s ibmasm path. The ibmasm_send_i2o_message() helper derives the memcpy_toio() byte count from user-controlled dot_command_header fields (command_size: u8, data_size: u16) via get_dot_command_size(), but does not validate against the actual allocat...
CVE-2026-46038
CVE-2026-46038 affects the Linux kernel’s net: qrtr: ns code. The issue is a memory leak where the nameserver fails to free the node memory after processing a BYE packet, potentially persisting when a node goes down. The fix modifies the BYE handling to remove the node from the Xarray list and fr...