54645 matches found
CVE-2026-23362
A flaw was found in the Linux kernel's Controller Area Network CAN Broadcast Manager BCM module. When the RXRTRFRAME flag is set and a specific Remote Transmission Request RTR frame is received, the bcmtxlock was not properly initialized in the bcmrxsetup function. This missing initialization of...
EUVD-2026-15392
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...
CVE-2026-23381
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. Then, if...
CVE-2026-23391
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...
CVE-2026-23379
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'qsum' and 'qpsum'. Using unsigned int, the same integer size a...
CVE-2026-23328 accel/amdxdna: Fix NULL pointer dereference of mgmt_chann
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmtchann mgmtchann may be set to NULL if the firmware returns an unexpected error in aie2sendmgmtmsgwait. This can later lead to a NULL pointer dereference in aie2hwstop. Fix this b...
CVE-2026-23320
Removed by vendor...
CVE-2026-23305
In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could be the case with EPROBEDEFER, we need to properly unwind by decrementing the counter we just incremented and if this is the first core we...
CVE-2026-23286 atm: lec: fix null-ptr-deref in lec_arp_clear_vccs
In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix null-ptr-deref in lecarpclearvccs syzkaller reported a null-ptr-deref in lecarpclearvccs. This issue can be easily reproduced using the syzkaller reproducer. In the ATM LANE LAN Emulation module, the same atmvcc can...
CVE-2026-23280
CVE-2026-23280 affects the Linux kernel’s accel/amdxdna component. The issue is a size calculation overflow for the ubuf, which can lead to an undersized allocation and potential memory corruption. The root cause is improper handling of arithmetic when computing the ubuf size. The publicly docume...
CVE-2026-23280
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possible memory corruption. Use checkaddoverflow helpers to validate the size calculation before allocati...
SUSE-SU-2026:1026-1 Security update 5.0.7 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2025-67724: fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: fixed HTTP header parameter parsing algorithm bsc1254904...
Security update 5.0.7 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
SUSE-SU-2026:1012-1 Security update 5.0.7 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
SUSE CVE-2026-27654
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...
SUSE CVE-2026-27784
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it i...
SUSE CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
SUSE CVE-2026-28755
NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...