73864 matches found
CVE-2026-31689 EDAC/mc: Fix error path ordering in edac_mc_alloc()
In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...
CVE-2026-31689
In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...
CVE-2026-6337
REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
freerdp: FreeRDP has a Heap-use-after-free in play_thread
A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...
freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface
A heap buffer use after free has been discovered in FreeRDP. urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface...
Malicious code in @b2b_blocker/show_activation_error (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79dc8a9f5dac0334c50b1129f725d9f0c98e7c1085624d74c6172ade69db8417 The package @b2bblocker/showactivationerror was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3115 Malicious code in @b2b_blocker/show_activation_error (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79dc8a9f5dac0334c50b1129f725d9f0c98e7c1085624d74c6172ade69db8417 The package @b2bblocker/showactivationerror was found to contain malicious code. Source: ghsa-malware...
Malicious code in @activation_code/error (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fec73b17468bf333bb1bf6a071209103b774e371dfbf9961ad522dbd006fff7d The package @activationcode/error was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3107 Malicious code in @activation_code/error (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fec73b17468bf333bb1bf6a071209103b774e371dfbf9961ad522dbd006fff7d The package @activationcode/error was found to contain malicious code. Source: ghsa-malware...
kernel: iavf: Fix reset error handling
A deadlock condition exists in the linux kernel such that when calling iavfclose in iavfresettask error handling,doing so can lead to double call of napidisable thereby leading to a denial of service due to the deadlock...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions
A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
Aegra 资源管理错误漏洞
Aegra is a large-scale model application platform developed by Aegra Corporation, designed for building and orchestrating multi-step intelligent agent processes. The Aegra commit e9a89f version contains a resource management vulnerability, which stems from improper handling of the...
GPAC 缓冲区错误漏洞
GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC such as 26.03-DEV-rev105-g8f39a1eb3-master and earlier have a buffer error vulnerability. This vulnerability stems from the function elngboxread in the MP4Box component’s file src/isomedia/boxcodebase.c, which process...
PT-2026-35495
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the EDAC/mc component where the error path ordering in the edac mc alloc function is incorrect. When the mci-pvt info allocation fails, the system calls put device,...
Linux Distros Unpatched Vulnerability : CVE-2026-31666
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix incorrect return value after changing leaf in lookupextentdataref After commit 1618aa3c2e01 btrfs: simplify return variables in lookupextentdataref,...
Fedora 44 : curl (2026-f13d888b0f)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f13d888b0f advisory. - Fix bad reuse of HTTP Negotiate connection CVE-2026-1965 - Fix token leak with redirect and netrc CVE-2026-3783 - Fix wrong proxy connection reuse...