167 matches found
libxslt: use-after-free with key data stored cross-RVT
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...
libxslt: use-after-free with key data stored cross-RVT
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...
libxslt: use-after-free with key data stored cross-RVT
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...
Moderate: Red Hat Security Advisory: libxslt security update
An update for libxslt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerabilit...
libxslt security update
An update is available for libxslt. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libxslt is a library for transforming XML files into other textual formats...
libxslt: use-after-free with key data stored cross-RVT
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...
libxslt: use-after-free with key data stored cross-RVT
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...
CVE-2026-50221
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...
Red Hat assisted-service 安全漏洞
Red Hat Assisted-Service is a backend service component provided by Red Hat Inc. in the United States, which offers REST APIs. It primarily serves the OpenShift ecosystem. There is a security vulnerability in Red Hat Assisted-Service. This vulnerability arises from writing the original key conten...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Fix use after free for wext The key information in wext.connect is not reset upon reconnection, and this can retain data from a previous connection. Resetting the key data prevents drivers or mac80211 from...
Astra Linux – Vulnerability in krb5
The file “lib/kadm5/kadmrpcxdr.c” in MIT Kerberos 5 also known as krb5 before versions 1.20.2 and 1.21.x before version 1.21.1 exposes an uninitialized pointer. A remotely authenticated user can cause a Kadmind crash. This occurs because the function xdrkadm5principalentrec does not validate the...
CVE-2026-31679 openvswitch: validate MPLS set/set_masked payload length
In the Linux kernel, the following vulnerability has been resolved: openvswitch: validate MPLS set/setmasked payload length validateset accepted OVSKEYATTRMPLS as variable-sized payload for SET/SETMASKED actions. In action handling, OVS expects fixed-size MPLS key data struct ovskeympls. Use the...
JLSEC-2026-92
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...
Linux Distros Unpatched Vulnerability : CVE-2026-23143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtionet: Fix misalignment bug in struct virtnetinfo Use the new TRAILINGOVERLAP helper to fix a misalignment bug along with the following warning:...
CVE-2026-23143
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix misalignment bug in struct virtnetinfo Use the new TRAILINGOVERLAP helper to fix a misalignment bug along with the following warning: drivers/net/virtionet.c:429:46: warning: structure containing a flexible array...
UBUNTU-CVE-2026-23143
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix misalignment bug in struct virtnetinfo Use the new TRAILINGOVERLAP helper to fix a misalignment bug along with the following warning: drivers/net/virtionet.c:429:46: warning: structure containing a flexible array...
PT-2026-8138
In the Linux kernel, the following vulnerability has been resolved: virtio net: Fix misalignment bug in struct virtnet info Use the new TRAILING OVERLAP helper to fix a misalignment bug along with the following warning: drivers/net/virtio net.c:429:46: warning: structure containing a flexible arr...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000858)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000858 advisory. security/keys/bigkey.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allow...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992195)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992195 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Fix use after free for wext Key information in wext.connect is not reset on...
📄 libxslt Key Data Storage 1.1.38 Use-After-Free / Memory Corruption
libxslt Key Data Storage version 1.1.38 suffers from an improper handling of Result Value Trees RVTs when evaluating XSLT keys that can result in memory corruption...