4038 matches found
CVE-2026-55865 Python Liquid: Infinite loop when parsing malformed `{% case %}` tags
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed % case % tag without an associated % when % or % else % block and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give...
CVE-2026-54695
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid...
CVE-2026-54695 Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid...
UBUNTU-CVE-2026-53336
In the Linux kernel, the following vulnerability has been resolved: nvmem: layouts: onie-tlv: fix hang on unknown types The EEPROM on my board has a vendor specific entry of type 0x41. When stumbling upon that, this driver hangs in an endless loop. Fix it by keep incrementing the offset on unknow...
CVE-2026-53279
A flaw was found in the Linux kernel's drm/gma500/oaktraillvds component. This issue occurs during the initialization of the Low-Voltage Differential Signaling LVDS display interface. Due to improper error handling, the system may attempt to deregister an I2C adapter that is still in use, causing...
Linux Distros Unpatched Vulnerability : CVE-2026-53279
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/gma500/oaktraillvds: fix hang on init failure The LVDS init code looks up an I2C adapter using i2cgetadapter and tries to read the EDID before falling back ...
CVE-2026-53279
In the Linux kernel, the following vulnerability has been resolved: drm/gma500/oaktraillvds: fix hang on init failure The LVDS init code looks up an I2C adapter using i2cgetadapter and tries to read the EDID before falling back to allocating and registering its own adapter. The error handling doe...
CVE-2026-53279 drm/gma500/oaktrail_lvds: fix hang on init failure
In the Linux kernel, the following vulnerability has been resolved: drm/gma500/oaktraillvds: fix hang on init failure The LVDS init code looks up an I2C adapter using i2cgetadapter and tries to read the EDID before falling back to allocating and registering its own adapter. The error handling doe...
CVE-2026-53063
A flaw was found in the Linux kernel's device-mapper dm cache component. Incomplete logic within the invalidateremove function, which handles write operations after cache invalidation, can lead to a system hang. This occurs because the function sets up remapping for write operations but fails to...
Linux Distros Unpatched Vulnerability : CVE-2026-53063
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm cache: fix write hang in passthrough mode The invalidateremove function has incomplete logic for handling write hit bios after cache invalidation. It sets up...
EUVD-2026-38931
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidateremove function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwritebio but then drops it immediately...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release the per-CPU pgmap reference when vminsertpage fails. When vminsertpage fails in p2pmemallocmmap, p2pmemallocmmap does not invoke percpurefput to free the per-CPU reference to pgmap acquired after...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: libceph: The calctarget function should set t-paused, rather than simply clearing it. Currently, calctarget clears t-paused if the request should no longer be paused. However, it never sets t-paused, even though it can determine...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Viawdt: fixed a critical boot hang caused by unnamed resource allocation. The VIA watchdog driver uses allocateresource to reserve a MMIO region for the watchdog control register. However, the allocated resource was not given a...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: vhost-scsi: Fixed the handling of multiple calls to vhostscsisetendpoint. If vhostscsisetendpoint is called multiple times without a vhostscsiclearendpoint between them, we may encounter several bugs identified by Haoran Zhang...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: nilfs2: A potential block overflow issue that could cause system hangs has been fixed. When a user executes the FITRIM command, a underflow can occur when calculating nblocks, if the endblock is too small. Since nblocks is of the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: uacce: Fixed the handling of cdev in the cleanup path. When cdevdeviceadd fails, it internally releases the cdev memory. If cdevdevicedel is then executed, it will cause a hang error. To fix this issue, we check the return value ...
PT-2026-51957
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the dm cache passthrough mode where the invalidate remove function contains incomplete logic for handling write hit bios following cache invalidation. The system sets ...
UBUNTU-CVE-2026-47241
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...
SUSE-SU-2026:2490-1 Security update for libarchive
This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...