73865 matches found
OESA-2026-1998 sudo security update
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setui...
SUSE CVE-2026-31544
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 "firmware: armscmi: Avoid notifier registration for unsupported events" the call chains leading to the helper scmieventhandlergetops expect a...
SUSE CVE-2026-31560
In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. In this case, the system will crash. In this case, it's better to use dev from the struct ctlr struc...
SUSE CVE-2026-31613
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUSSTOPPEDONSYMLINK, smb2checkmessage returns success without any length validation, leaving the symlink parsers as the only defense against an...
SUSE CVE-2026-31621
In the Linux kernel, the following vulnerability has been resolved: bnge: return after auxiliarydeviceuninit in error path When auxiliarydeviceadd fails, the error block calls auxiliarydeviceuninit but does not return. The uninit drops the last reference and synchronously runs bngeauxdevrelease,...
SUSE CVE-2026-31645
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966xfdmarxalloc creates a page pool but does not destroy it if the subsequent fdmaalloccoherent call fails, leaking the pool. Similarly, lan966xfdmainit frees the coherent DMA...
SUSE CVE-2026-31646
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix pagepool error handling in lan966xfdmarxallocpagepool pagepoolcreate can return an ERRPTR on failure. The return value is used unconditionally in the loop that follows, passing the error pointer through...
SUSE CVE-2026-31654
In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in mmapregion commit 605f6586ecf7 "mm/vma: do not leak memory when .mmapprepare swaps the file" handled the success path by skipping getfile via filedoesntneedget, but missed the error path. When /dev/zero...
Linux Distros Unpatched Vulnerability : CVE-2026-31621
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bnge: return after auxiliarydeviceuninit in error path When auxiliarydeviceadd fails, the error block calls auxiliarydeviceuninit but does not return. The unini...
Linux Distros Unpatched Vulnerability : CVE-2026-31613
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUSSTOPPEDONSYMLINK, smb2checkmessage returns success without any length...
Linux Distros Unpatched Vulnerability : CVE-2026-31645
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: lan966x: fix page pool leak in error paths lan966xfdmarxalloc creates a page pool but does not destroy it if the subsequent fdmaalloccoherent call fails,...
Linux Distros Unpatched Vulnerability : CVE-2026-31646
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: lan966x: fix pagepool error handling in lan966xfdmarxallocpagepool pagepoolcreate can return an ERRPTR on failure. The return value is used unconditionally...
Linux Distros Unpatched Vulnerability : CVE-2026-31611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: require 3 sub-authorities before reading subauth2 parsedacl compares each ACE SID against sidunixNFSmode and on match reads sid.subauth2 as the file mode...
CVE-2026-31666
A flaw was found in the Linux kernel's btrfs filesystem. An incorrect return value in the lookupextentdataref function can lead to the system believing a lookup succeeded when it did not. This can cause operations to be performed on the wrong extent tree item, potentially resulting in data...
CVE-2026-31658
A flaw was found in the Linux kernel's net: altera-tse network driver. When a Direct Memory Access DMA mapping error occurs in the tsestartxmit function, the system fails to free the allocated socket buffer skb. This oversight causes a memory leak with each DMA mapping failure, potentially leadin...
CVE-2026-31654
A flaw was found in the Linux kernel. When a shared memory mapping is created for /dev/zero, a memory leak can occur if the virtual memory area VMA allocation fails. This happens because a newly allocated file, intended to back the mapping, is not properly released in the error path, leading to...
CVE-2026-31645
A flaw was found in the Linux kernel's lan966x network driver. This vulnerability, a page pool leak, occurs when certain error paths in the lan966xfdmarxalloc and lan966xfdmainit functions fail to properly destroy allocated page pools. This oversight can lead to a gradual depletion of system memo...
CVE-2026-31621
A flaw was found in the Linux kernel's bnge driver. When an error occurs during device initialization, the driver fails to return after deallocating a device, leading to a null pointer dereference. This can cause system instability or a crash, resulting in a Denial of Service DoS for affected...
Prototype Pollution
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDirectKeys function in mergeConfig. An attacker can force a request configuration to inherit attacker-controlled properti...
CVE-2026-31595
A flaw was found in the Linux kernel's pci-epf-vntb module. This vulnerability occurs due to improper handling of the cmdhandler work during the epfntbepccleanup process. If the delayed work is not disabled before clearing BAR mappings and doorbells, the handler can attempt to access resources th...