156 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nilfs2: The error related to directory read operations from nilfsfindentry is now propagated to the calling functions. Syzbot reported that a task hang occurred in vcsopen during a fuzzing test for nilfs2. The root cause of this...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: starfive – Properly handles the return of sgnentsforlen The return value of sgnentsforlen was assigned to a unsigned long in starfivehashdigest, causing negative error codes to be converted into large positive integers...
openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
A flaw was found in OpenSSL's CMSdecrypt and PKCS7decrypt functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME...
EUVD-2026-32301
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Handle probe errors properly The probe procedure of setupcard in caiaq driver doesn't treat the error cases gracefully, e.g. the error from sndcardregister calls sndcardfree but continues. This would lead to a UAF fo...
CVE-2026-46004
CVE-2026-46004 concerns the Linux kernel ALSA caiaq driver. The issue stems from the probe path in setup_card(), where error handling was insufficient: on certain errors the code could drop into non-fatal paths, risking a use-after-free (UAF) on subsequent caiaq-initiated calls. The patch introdu...
PT-2026-43871
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A Use-After-Free UAF issue exists in the caiaq driver of the Linux kernel. The setup card function does not handle error cas...
PT-2026-42801
Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are handled. In src/crypto.cpp, the custom verify callback treats X509 V ERR UNABLE TO GET ISSUER CERT...
CVE-2026-44074
A flaw was found in Netatalk. A remote attacker may cause a minor service disruption by triggering conditions that lead to multiple simultaneous error conditions. This occurs because Netatalk incorrectly combines multiple error values using a bitwise OR operation, resulting in incorrect error cod...
CVE-2026-44074 Bitwise OR of errno values
Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...
CVE-2026-44074
Netatalk versions 2.1.0 through 4.4.2 are affected. The issue arises from combining multiple errno values with a bitwise OR, yielding incorrect error codes when several error conditions occur simultaneously. This may allow a remote attacker to trigger incorrect error-handling paths and cause a mi...
EUVD-2026-31247
Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...
CVE-2026-44074
Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc in lpfcsli4cgnparamsread. If kzalloc fails in lpfcsli4cgnparamsread, then we rely on lpfcreadobject’s routine to perform a NULL check on pdata. Currently, an early return error is thrown from...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/a3xx: Fixed error handling in a3xxgpuinit. These error paths now return 1 on failure, instead of a negative error code. This could lead to an Oops in the calling function. Another issue is that the check for "if ret !=...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: Fixed the error code msmParseDeeps. The SUBMITERROR macro converts the error code to a negative value. This additional '-' operation converts it back to a positive EINVAL. The error code is passed to ERRPTR; since...
EUVD-2026-14986
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...
CVE-2026-21783 HCL Traveler is affected by sensitive information disclosure
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...
CVE-2026-21783
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...
PT-2026-27497
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...
Information Exposure
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Information Exposure via the POST /store-api/account/login endpoint returning distinct error codes and echoing the probed email address. An attacker c...