1253 matches found
PT-2026-39249
Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF in free5GC terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. This occurs within the PfdChangeNotifier.FlushNotifications...
PT-2026-38969
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A synchronization bug exists in the amdgpu dma buf move notify function within the drm/amdgpu component. The issue occurs when a buffer object BO is moved by one process, requiring other...
SUSE CVE-2026-43103
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEVPRETYPECHANGE lapbethdatatransmit expects the underlying device type to be ARPHRDETHER. Returning NOTIFYBAD from lapbethdeviceevent makes sure bonding driver can not break this expectation...
CVE-2026-43103
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEVPRETYPECHANGE lapbethdatatransmit expects the underlying device type to be ARPHRDETHER. Returning NOTIFYBAD from lapbethdeviceevent makes sure bonding driver can not break this expectation...
PT-2026-37413
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the lapbether network driver where the lapbeth data transmit function expects the underlying device type to be ARPHRD ETHER. The issue is addressed by returning NOTIFY B...
AVideo: HTML Injection in notifySubscribers.json.php Allows Platform-Branded Phishing Emails to Channel Subscribers
Summary objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail, which substitutes it directly into an HTML email template via strreplace on the message placeholder and renders it with PHPMailer::msgHTML. There is no HTML sanitization, character...
CVE-2026-7518
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...
EUVD-2026-26542
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsinotifycommon The connector number extracted from CCI via UCSICCICONNECTOR is a 7-bit field 0-127 that is used to index into the connector array in ucsiconnectorchange. However, t...
CVE-2026-31729
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsinotifycommon The connector number extracted from CCI via UCSICCICONNECTOR is a 7-bit field 0-127 that is used to index into the connector array in ucsiconnectorchange. However, t...
CLSA-2026-1777614769 kernel: Fix of 13 CVEs
crypto: algifaead - Fix minimum RX size check for decryption - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl - crypto: authencesn - Fix src offset when decrypting in-place - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - crypto: authenc - use...
CVE-2026-7518 Open5GS AMF SBI Endpoint sdmsubscription-notify amf_namf_callback_handle_sdm_data_change_notify denial of service
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...
CVE-2026-7518 Open5GS AMF SBI Endpoint sdmsubscription-notify amf_namf_callback_handle_sdm_data_change_notify denial of service
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...
CVE-2026-7518
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...
CVE-2026-7518
Open5GS AMF SBI Endpoint (named path /namf-callback/v1/{id}/sdmsubscription-notify) is affected up to version 2.7.7. The vulnerability arises in amf_namf_callback_handle_sdm_data_change_notify where manipulation of changeItem.newValue leads to denial of service. The issue can be triggered remotel...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the amfnamfcallbackhandlesdmdatachangenotify function in the AMF...
DEBIAN-CVE-2026-31544
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 "firmware: armscmi: Avoid notifier registration for unsupported events" the call chains leading to the helper scmieventhandlergetops expect a...
CVE-2026-31544
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 "firmware: armscmi: Avoid notifier registration for unsupported events" the call chains leading to the helper scmieventhandlergetops expect a...
EUVD-2026-25437
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 "firmware: armscmi: Avoid notifier registration for unsupported events" the call chains leading to the helper scmieventhandlergetops expect a...
CVE-2026-31544
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 "firmware: armscmi: Avoid notifier registration for unsupported events" the call chains leading to the helper scmieventhandlergetops expect a...
CVE-2026-31544
The CVE-2026-31544 issue affects the Linux kernel firmware component arm_scmi, where the helper __scmi_event_handler_get_ops could yield a NULL instead of an ERR_PTR when an event handler is missing or not created. This caused a NULL dereference in the notify error path, potentially leading to a ...