9196 matches found
EUVD-2022-52713
RabbitMQ has predictable credential obfuscation seed value used in Shovel and Federation plugins...
CVE-2026-13751
Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...
CVE-2026-12856
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...
CVE-2026-53278
A flaw was found in the Linux kernel's armmpam component. This vulnerability occurs when the destroycomponentcfg function is called from mpamdisable before the configuration array has been properly allocated. This can lead to a null pointer dereference, potentially causing a system crash and...
CVE-2026-53290
A flaw was found in the Linux kernel's drm/xe/eustall component. This vulnerability occurs because the drmdevput function is called before a stream is disabled and its resources are freed within xeeustallstreamclose. This timing issue can lead to a use-after-free condition, where device structure...
Squid Proxy - HTTP Authentication Credentials Disclosure
Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...
SUSE CVE-2026-53278
In the Linux kernel, the following vulnerability has been resolved: armmpam: Check whether the config array is allocated before destroying it destroycomponentcfg is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If...
SUSE CVE-2026-53290
In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...
SUSE CVE-2026-53322
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...
Linux Distros Unpatched Vulnerability : CVE-2026-53260
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in...
DEBIAN-CVE-2026-53322
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...
CVE-2026-53322
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...
CVE-2026-53290
In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...
CVE-2026-53278
In the Linux kernel, the following vulnerability has been resolved: armmpam: Check whether the config array is allocated before destroying it destroycomponentcfg is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If...
UBUNTU-CVE-2026-53278
In the Linux kernel, the following vulnerability has been resolved: armmpam: Check whether the config array is allocated before destroying it destroycomponentcfg is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If...
CVE-2026-53322 vfio/pci: Clean up DMABUFs before disabling function
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...
CVE-2026-53290 drm/xe/eustall: Fix drm_dev_put called before stream disable in close
In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...
CVE-2026-53290
In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...
CVE-2026-53290
CVE-2026-53290 relates to the Linux kernel DRM subsystem (xe/stall path). The issue occurs in xe_eu_stall_stream_close() where drm_dev_put() is invoked before the stream is disabled and its resources freed. If this drops the last reference, device structures may be freed while subsequent cleanup ...
CVE-2026-56368
A flaw was found in ImageMagick. This memory leak vulnerability exists in multiple coders that write raw pixel data, where allocated objects are not properly freed. A remote attacker can exploit this by processing specially crafted images, leading to memory exhaustion and a denial of service...