289 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of the numkeys value provided by the user in the nvmeprreadkeys function. This...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005801)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005801 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is...
SUSE CVE-2026-23228
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...
CVE-2026-23228
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...
Linux Distros Unpatched Vulnerability : CVE-2026-23228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which...
Medium: alsa-lib
Issue Overview: alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without...
SUSE CVE-2026-23206
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZEROSIZEPTR dereference when numifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc with ethsw-swattr.numifs as the element count. When the device reports zero interfaces...
CVE-2026-23206
Summary: CVE-2026-23206 affects the Linux kernel dpaa2-switch driver where zero interfaces (num_ifs == 0) caused a NULL-like ZERO_SIZE_PTR allocation and a kernel panic during probe. The issue stems from allocating arrays with kcalloc() using ethsw->sw_attr.num_ifs and dereferencing ports[0] i...
[SECURITY] Fedora 42 Update: rust-num-conv-0.2.0-1.fc42
numconv is a crate to convert between integer types without using as casts. This provides better certainty when refactoring, makes the exact behavior of code more explicit, and allows using turbofish syntax...
[SECURITY] Fedora 43 Update: rust-num-conv-0.2.0-1.fc43
numconv is a crate to convert between integer types without using as casts. This provides better certainty when refactoring, makes the exact behavior of code more explicit, and allows using turbofish syntax...
Fedora 43 : asciinema / atuin / bustle / envision / glycin / greetd / helix / etc (2026-f400579a21)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-f400579a21 advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update...
Fedora 42 : atuin / bustle / envision / glycin / greetd / helix / etc (2026-6388b28850)
The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-6388b28850 advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update...
Fedora 45 : asciinema / atuin / bustle / envision / glycin / greetd / helix / etc (2026-fd61fd216d)
The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-fd61fd216d advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update the...
Fedora 44 : asciinema / atuin / bustle / envision / glycin / greetd / helix / etc (2026-1b11ddff94)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-1b11ddff94 advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update the...
CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...
EUVD-2026-5023
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...
PT-2026-5407
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.7.2 Description ChurchCRM is an open-source church management system. A SQL Injection issue exists in the /PaddleNumEditor.php endpoint. Any authenticated user, even with limited permissions, can exploit SQL...
AZL-75773 CVE-2026-25068 affecting package alsa-lib 1.2.9-1
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...
UBUNTU-CVE-2026-25068
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...
CVE-2026-25068
Summary: CVE-2026-25068 affects alsa-lib versions 1.2.2 through 1.2.15.2 (before commit 5f7fe33). A heap-based buffer overflow in the topology mixer control decoder is caused by tplg_decode_control_mixer1() reading the untrusted num_channels from a .tplg file and using it as a loop bound without ...