CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags overflow in rxcomplete A malicious USB device claiming to be a CDC Phonet modem can overflow the skbsharedinfo-frags array by sending an unbounded sequence of full-page bulk transfers. Drop the...

EUVD-2023-53102

Malicious code in bioql PyPI...

linux-pam: Incomplete fix for CVE-2025-6020

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

linux-pam: Incomplete fix for CVE-2025-6020

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

PT-2025-18588 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to memory leaks in the Linux kernel, specifically in the napi get frags function. The problem occurs when tun get user is called, leading to memory leaks in tun na...

Important: kernel-livepatch-4.14.345-262.561

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete CVE-2024-39480 Affected Packages: kernel-livepatch-4.14.345-262.561 Issue Correction: Please ensure you have live patching enabled. Run yum update...

FreeBSD : www/awstats -- Partial absolute pathname (bba3f684-9b1d-11ed-9a3f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bba3f684-9b1d-11ed-9a3f-b42e991fc52e advisory. - In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the...

Denial Of Service (DoS)

eap7 is vulnerable to denial of service. The vulnerability exists because the lack of handling by the browser over HTTP/2 may cause overhead or application crashes. This flaw exists because of an incomplete fix for CVE-2021-3629...

Design/Logic Flaw

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest...

Denial Of Service (DoS)

puma is vulnerable to denial of service DoS. The vulnerability exists as it was possible to monopolize a thread if the client does not reset and keeps requesting. This CVE exists due to an incomplete fix for CVE-2019-16770...

SUSE-SU-2021:1431-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2021-25329: Complete fix for CVE-2020-9484 bsc1182909...

Double free

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

CVE-2015-2265

The removebadchars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the 1 model or 2 PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707...

CVE-2014-7824

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix fo...

Integer overflow

Integer overflow in the rbaryfill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service crash or possibly have unspecified other impact via a call to the Arrayfill method with a start aka beg argument greater than ARYMAXSIZE. NOTE: this...

PT-2008-2963 · Red Hat · Cups +1

Name of the Vulnerable Software and Affected Versions: CUPS versions in Red Hat Enterprise Linux 3 and 4 Description: The issue is caused by an integer overflow in the pdftops filter in CUPS, which can be exploited by remote attackers to execute arbitrary code via a crafted PDF file. This issue i...

Important: Red Hat Security Advisory: samba security update

Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1. Samba provides file and printer sharing services to SMB/CIFS clients. Greg MacManus of iDEFENSE Labs discovered an integer overflow bug in Samba versions prior to 3.0.10. An...