NLnet Labs Unbound 缓冲区错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the use of incorrect counters in the DNSSEC verifier to calculate the write offset, resulting...

NVIDIA TensorRT 缓冲区错误漏洞

NVIDIA TensorRT is a software development toolkit provided by NVIDIA Corporation for the optimization of deep learning model inference and high-performance deployment. NVIDIA TensorRT has a buffer error vulnerability, which stems from out-of-bounds writes, potentially leading to data corruption...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021580)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021580 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUGON on ENOMEM from btrfslookupextentinfo in walkdownproc We handle errors here...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021603)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021603 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: map the EBADMSG to nfserrio to avoid warning Ext4 will throw -EBADMSG through ext4readdir...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021622)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021622 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhciallocstreaminfo xhciallocstreaminfo allocates...

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1647)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1647 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API...

NVIDIA Triton Inference Server 缓冲区错误漏洞

NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI in production environments. NVIDIA Triton Inference Server has a buffer error vulnerability, which stems from out-of-bounds reads in the...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021571)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021571 advisory. In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6create sockinitdata attaches the allocated...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021644)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021644 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are...

Linux Distros Unpatched Vulnerability : CVE-2026-43397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/bridge: samsung-dsim: Fix memory leak in error path In samsungdsimhostattach, drmbridgeadd is called to add the bridge. However, if samsungdsimregisterteirq...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021654 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2getinitinode fails syzbot is reporting busy inodes after unmount, for...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021577)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021577 advisory. In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtprxrtssessionnew...

Linux Distros Unpatched Vulnerability : CVE-2026-43286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/hugetlb: restore failed global reservations to subpool Commit a833a693a490 mm: hugetlb: fix incorrect fallback for subpool fixed an underflow error for...

Fedora 43 : mysql8.4 (2026-a7adf2637c)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a7adf2637c advisory. MySQL 8.4.9 Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-9.html Known issue: s390x-specific issue - zlib with DFLTCC...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1638)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1638 advisory. Mitgation of CVE-2026-4519 was incomplete. If the URL contained %action the mitigation could be bypassed for certain browser types the webbrowser.open API could have commands injected into the...

CVE-2023-7345

Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

giflib: Giflib: Double-free vulnerability leading to memory corruption

A flaw was found in giflib. This double-free vulnerability, caused by a shallow copy in GifMakeSavedImage and incorrect error handling, may allow an attacker to corrupt memory. While difficult to trigger, successful exploitation could potentially lead to arbitrary code execution or a denial of...

Malicious code in openirf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb17f2c97bd5a4cabcb86b5a51c9639749048f9675b6fa1d881e66d4d8b02958 pyproject.toml lists tdqm as a runtime dependency alongside numpy, scipy, and matplotlib. The package's source code imports tqdm the legitimate...

MAL-2026-4761 Malicious code in openirf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb17f2c97bd5a4cabcb86b5a51c9639749048f9675b6fa1d881e66d4d8b02958 pyproject.toml lists tdqm as a runtime dependency alongside numpy, scipy, and matplotlib. The package's source code imports tqdm the legitimate...