CVE-2026-46280

A flaw was found in the Linux kernel's Heterogeneous Memory Management HMM test module. When a device mirror dmirror structure is freed, its associated device private pages are not properly migrated back to system memory. This can lead to a use-after-free condition where a dangling pointer to the...

EUVD-2026-35077

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2026-11522

CVE-2026-11522 describes a stack-based buffer overflow in the Tenda W20E firmware version 15.11.0.6, specifically in the formSetPortMirror function exposed via /goform/setPortMirror. By manipulating the portMirrorMirroredPorts argument, an attacker can trigger the overflow remotely. This vulnerab...

PT-2026-47307

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2026-10796

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

EUVD-2026-34303

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796

Vulnerability summary (CVE-2026-10796) : nvm (Node Version Manager)

kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

SUSE CVE-2026-46023

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

UBUNTU-CVE-2026-46023

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

CVE-2026-46023

The CVE describes a Linux kernel dm-mirror issue in create_dirty_log(): the arg count is computed as 2 + param_count before argc is validated, allowing an unsigned overflow when param_count approaches UINT_MAX. This can bypass the argc

CVE-2026-46023

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

EUVD-2026-32404

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

Linux Distros Unpatched Vulnerability : CVE-2026-46023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: Tightened bounds checking in decodemessage. The bounds checking was moved from encodemessage to decodemessage. This patch addresses the following issues: - Ensure that there is enough space for at least one header,...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerabilities have been resolved: NFS: Fixed an oopsable condition in nfspageioaddrequest. Ensured that nfspageioerrorcleanup resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also, changed the test in...