456494 matches found
EUVD-2026-38702
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...
CVE-2026-52932
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...
CVE-2026-52932
In CVE-2026-52932, the Linux kernel xfrm IPcomp path contains a fix to ensure that the allocated destination scatter-gather (dst SG) list is freed on error as well as on success, preventing potential resource leaks. The root cause is improper memory deallocation during error handling in the xfrm ...
CVE-2026-52932 xfrm: ipcomp: Free destination pages on acomp errors
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...
CVE-2026-52932
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...
Malicious code in bn-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...
MAL-2026-6376 Malicious code in bn-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...
MGASA-2026-0231 Updated opensc packages fix security vulnerabilities
These packages fix security vulnerabilities: CVE-2026-10275, A flaw has been found in OpenSC up to 0.26.1. This affects the function testkpgencertwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is...
Updated podofo packages fix security vulnerabilities
Podofo v0.9.8 shares some of the vulnerable code that was discovered in Podofo v0.10.0. This package fixes that. CVE-2023-31567 Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. CVE-2023-31568 Podofo v0.10.0 was discovered ...
Updated opensc packages fix security vulnerabilities
These packages fix security vulnerabilities: CVE-2026-10275, A flaw has been found in OpenSC up to 0.26.1. This affects the function testkpgencertwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is...
MGASA-2026-0229 Updated podofo packages fix security vulnerabilities
Podofo v0.9.8 shares some of the vulnerable code that was discovered in Podofo v0.10.0. This package fixes that. CVE-2023-31567 Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. CVE-2023-31568 Podofo v0.10.0 was discovered ...
Open Redirect
Nuxt is vulnerable to open redirect. The vulnerability is due to improper validation of path-normalized URLs in navigateTo, where specially crafted paths can bypass external-host checks after normalization, allowing attackers to redirect users to malicious websites and facilitate phishing attacks...
Cross Site Scripting
Nuxt is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization in the NoScript component, where untrusted slot content is written to innerHTML without escaping, allowing attackers to inject malicious scripts through user-controlled data that execute in the...
CVE-2026-9539
An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...
UBUNTU-CVE-2026-9539
An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...
python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module
A flaw was found in Python's http.cookies module. The Morsel.jsoutput function, responsible for generating JavaScript output for cookies, does not properly neutralize the HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to...
CVE-2026-9539
An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...
EUVD-2026-38654
An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...
CVE-2026-9539 libslirp TCP URG OOB Read Information Leak
An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...
CVE-2026-9539 libslirp TCP URG OOB Read Information Leak
An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...