Lucene search
K

289 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005801 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/19 12:26 a.m.3 views

SUSE CVE-2026-23228

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...

5.3CVSS5.7AI score0.00118EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/18 2:53 p.m.3 views

CVE-2026-23228

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...

5AI score0.00118EPSS
Exploits0References8Affected Software1
Amazon
Amazon
added 2026/02/18 12:0 a.m.10 views

Medium: alsa-lib

Issue Overview: alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without...

4.6CVSS5.7AI score0.00191EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-23228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which...

5.5CVSS6.1AI score0.00118EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/16 12:24 a.m.5 views

SUSE CVE-2026-23206

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZEROSIZEPTR dereference when numifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc with ethsw-swattr.numifs as the element count. When the device reports zero interfaces...

5.5CVSS5.3AI score0.00114EPSS
Exploits0References3
CVE
CVE
added 2026/02/14 4:27 p.m.23 views

CVE-2026-23206

Summary: CVE-2026-23206 affects the Linux kernel dpaa2-switch driver where zero interfaces (num_ifs == 0) caused a NULL-like ZERO_SIZE_PTR allocation and a kernel panic during probe. The issue stems from allocating arrays with kcalloc() using ethsw->sw_attr.num_ifs and dereferencing ports[0] i...

5.5CVSS5.2AI score0.00114EPSS
Exploits0References6Affected Software1
Fedora
Fedora
added 2026/02/11 1:0 a.m.7 views

[SECURITY] Fedora 42 Update: rust-num-conv-0.2.0-1.fc42

numconv is a crate to convert between integer types without using as casts. This provides better certainty when refactoring, makes the exact behavior of code more explicit, and allows using turbofish syntax...

7.5CVSS5.7AI score0.00443EPSS
Exploits1
Fedora
Fedora
added 2026/02/10 1:34 a.m.6 views

[SECURITY] Fedora 43 Update: rust-num-conv-0.2.0-1.fc43

numconv is a crate to convert between integer types without using as casts. This provides better certainty when refactoring, makes the exact behavior of code more explicit, and allows using turbofish syntax...

7.5CVSS5.7AI score0.00443EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.6 views

Fedora 42 : atuin / bustle / envision / glycin / greetd / helix / etc (2026-6388b28850)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-6388b28850 advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update...

7.5CVSS5.6AI score0.00443EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.6 views

Fedora 43 : asciinema / atuin / bustle / envision / glycin / greetd / helix / etc (2026-f400579a21)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-f400579a21 advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update...

7.5CVSS5.6AI score0.00443EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/08 12:0 a.m.7 views

Fedora 44 : asciinema / atuin / bustle / envision / glycin / greetd / helix / etc (2026-1b11ddff94)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-1b11ddff94 advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update the...

7.5CVSS5.5AI score0.00443EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/08 12:0 a.m.6 views

Fedora 45 : asciinema / atuin / bustle / envision / glycin / greetd / helix / etc (2026-fd61fd216d)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-fd61fd216d advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update the...

7.5CVSS5.5AI score0.00443EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/30 3:5 p.m.5 views

CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References2
EUVD
EUVD
added 2026/01/30 3:5 p.m.5 views

EUVD-2026-5023

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.6 views

PT-2026-5407

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.7.2 Description ChurchCRM is an open-source church management system. A SQL Injection issue exists in the /PaddleNumEditor.php endpoint. Any authenticated user, even with limited permissions, can exploit SQL...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References11
OSV
OSV
added 2026/01/29 8:16 p.m.5 views

AZL-75773 CVE-2026-25068 affecting package alsa-lib 1.2.9-1

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

4.6CVSS6AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/01/29 8:16 p.m.4 views

UBUNTU-CVE-2026-25068

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

4.6CVSS6AI score0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/01/29 7:8 p.m.57 views

CVE-2026-25068

Summary: CVE-2026-25068 affects alsa-lib versions 1.2.2 through 1.2.15.2 (before commit 5f7fe33). A heap-based buffer overflow in the topology mixer control decoder is caused by tplg_decode_control_mixer1() reading the untrusted num_channels from a .tplg file and using it as a loop bound without ...

4.6CVSS6AI score0.00191EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004952)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004952 advisory. In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindloc...

4.7CVSS6.6AI score0.00288EPSS
Exploits0References4
Rows per page
Query Builder