311402 matches found
PT-2026-52947
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak and a use-after-free issue exist in the max77705 power supply driver. The driver fails to destroy the allocated workqueue during the remove process, leading to memory...
PT-2026-52939
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the enetc network driver regarding NTMP DMA Direct Memory Access operations. If the netc xmit ntmp cmd function times out and returns an error, the pendi...
PT-2026-52950
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where the fuse dentry revalidate function may be called with a dentry that has an uninitialized d time variable. This behavior was identified using KMSAN, occurring when...
PT-2026-52895
Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down....
CVE-2026-38571
The CVE-2026-38571 case concerns the Tenda N300 F3 device (version V603), where the unauthenticated UART debug console stores WPA2 credentials in cleartext and does not require authentication for rr/wr memory read/write commands. This enables a physically proximate attacker to extract stored WPA2...
PT-2026-52937
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the airoha qdma init rx queue function when queue entry or DMA descriptor list allocation fails. This happens because the ndesc variable is initializ...
PT-2026-52893
Name of the Vulnerable Software and Affected Versions Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description A Use-After-Free UAF issue exists in the ext authz HTTP filter when processing per-route authorization overrides...
PT-2026-52958
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The wbt init enable default function uses WARN ON ONCE to check for failures from wbt alloc and wbt init. However, these are expected failure paths: wbt alloc may return NULL during memo...
PT-2026-52961
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists during device shutdown where the vfio pci core close device function may not revoke DMABUF access before the function is disabled via vfio pci core disable. This creates ...
PT-2026-52933
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where a double-free occurs during the process of freeing channels. This happens because the RX channel can be aliased to the TX channel if i...
PT-2026-52889
Name of the Vulnerable Software and Affected Versions Envoy versions 1.23.0 through 1.35.10 Envoy versions 1.36.0 through 1.36.6 Envoy versions 1.37.0 through 1.37.2 Envoy versions 1.38.0 through 1.38.0 Description A flaw exists in the zstd decompressor implementation ZstdDecompressorImpl. When...
PT-2026-52842
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Kernel software running within a Host VM can send improper commands to the GPU Firmware. This allows the firmware to perform memory read or write operations...
ROS-20260626-73-0021
The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260626-73-0010
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to reading data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
SUSE SLES16: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2026:22177-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22177-1 advisory. This update for postgresql14 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on...
AlmaLinux 9 : thunderbird (ALSA-2026:29940)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:29940 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...
Ubuntu 25.10 / 26.04 LTS : containerd-stable vulnerabilities (USN-8473-1)
The remote Ubuntu 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8473-1 advisory. It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd...
SUSE SLED15: ImageMagick / ImageMagick-config-7-SUSE / etc (SUSE-SU-2026:2580-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2580-1 advisory. This update for ImageMagick fixes the following issues This update for ImageMagick fixes the following issues ...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : containerd vulnerabilities (USN-8472-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8472-1 advisory. It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibl...
SUSE SLES16: WebKitGTK-4.1-lang / WebKitGTK-6.0-lang / etc (SUSE-SU-2026:22212-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22212-1 advisory. This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: - CVE-2026-28847: processing maliciously crafted...