CLSA-2026-1774369958 openssh: Fix of CVE-2026-3497

CVE-2026-3497: replace incorrect use of sshpktdisconnect with sshpacketdisconnect and properly initialize variables...

gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function

A flaw was found in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function that handles PKCS11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the applicatio...

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Stack-based Buffer Overflow in gnutlspkcs11tokeninit Function CVE-2025-9820 gnutls: GnuTLS: Denial of Service vi...

ALSA-2026:5585 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Stack-based Buffer Overflow in gnutlspkcs11tokeninit Function CVE-2025-9820 gnutls: GnuTLS: Denial of Service vi...

ROS-20260324-73-0007

A vulnerability in the pptp component of the Linux operating system kernel is related to errors in variable initialization. Exploitation of the vulnerability allows an intruder to affect confidentiality, integrity and availability of protected information...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38400)

In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...

Siemens SIMATIC S7-1500 NULL Pointer Dereference(CVE-2025-38231)

In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromatwork to prevent NULL dereference In nfs4statestartnet, laundromatwork may access nfsdssc through nfs4laundromat - nfsd4sscexpireumount. If nfsdssc isn't initialized, this can cause NULL point...

CVE-2026-33179 libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

CVE-2026-33179 libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the SNI extraction when handling fragmented TLS ClientHello packets. An attacker can gain unauthorized access to services protected by mutual TLS by sending a fragmented ClientHello, causin...

SUSE CVE-2025-46299

A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app...

SUSE CVE-2026-23258

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

SUSE CVE-2026-23261

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvmefabrics creates an NVMe/FC controller in following path: nvmfdevwrite - nvmfcreatectrl - nvmefccreatectrl - nvmefcinitctrl nvmefcinitctrl allocates the admin blk-mq resources right...

Linux Distros Unpatched Vulnerability : CVE-2025-46299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS...

EUVD-2026-12890

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

EUVD-2026-12896

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvmefabrics creates an NVMe/FC controller in following path: nvmfdevwrite - nvmfcreatectrl - nvmefccreatectrl - nvmefcinitctrl nvmefcinitctrl allocates the admin blk-mq resources right...

DEBIAN-CVE-2026-23261

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvmefabrics creates an NVMe/FC controller in following path: nvmfdevwrite - nvmfcreatectrl - nvmefccreatectrl - nvmefcinitctrl nvmefcinitctrl allocates the admin blk-mq resources right...

CVE-2026-23258

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

UBUNTU-CVE-2026-23258

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

UBUNTU-CVE-2026-23263

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix page array leak d9f595b9a65e "iouring/zcrx: fix leaking pages on sg init fail" fixed a page leakage but didn't free the page array, release it as well...