7470 matches found
SUSE-SU-2026:1723-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues: - CVE-2026-40253: updated fix by IBM for malformed BER-encoded cryptographic objects bsc1263819...
CVE-2026-43269
In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomicdestroystate callback After several commits, the slab memory increases. Some drmcrtccommit objects are not freed. The atomicdestroystate callback only put the framebuffer. Use the...
[SECURITY] Fedora 44 Update: squid-7.5-1.fc44
Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...
PT-2026-37609
In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomic destroy state callback After several commits, the slab memory increases. Some drm crtc commit objects are not freed. The atomic destroy state callback only put the framebuffer. Use...
GHSA-3R68-X3XC-RXPG wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured
Description Impact wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox alloweddirs is None by default and only activates when the...
wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured
Description Impact wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox alloweddirs is None by default and only activates when the...
SUSE-SU-2026:21492-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1263819...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nftct module not properly disposing of queued messages when it is removed, potentially leading to...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of Skia objects after its release, which could allow remote attackers to exploit the vulnerability...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of V8 objects after its release, which could allow attackers to execute arbitrary code within a sandbox...
PT-2026-37305
Name of the Vulnerable Software and Affected Versions wireshark-mcp versions 1.1.5 and earlier Description wireshark-mcp exposes a wireshark export objects tool that accepts an attacker-controlled dest dir parameter and passes it to the --export-objects flag of tshark without mandatory path...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node.js built-in modules listed in the allowlist. Version 3.10.4 of vm2 contains security vulnerabilities. Attackers can exploit these vulnerabilities to obtain host process objects...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: Block: Do not delete a queue kobject before its child kobjects are deleted. Kobjects are not supposed to be deleted before their child kobjects are deleted. Apparently, this is usually harmless; however, a warning will be trigger...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: “drm/gem-shmem: Use dmabuf from GEM object instance” has been reverted. This reversion is associated with the commit 1a148af06000e545e714fe3210af3d77ff903c11. The dmabuf field in the struct drmgemobject is not stable throughout t...
Astra Linux - уязвимость в wpa
A issue was discovered in Ubuntu wpasupplicant, resulting in the loading of arbitrary shared objects. This allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of wpasupplica...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: accel/ivpu: Fixed a race condition when unbinding BOs. Fixed a warning stating “Memory manager not cleaned during takedown” that occurs when ivpugembofree removes a BO from the BOs list before it is unmapped. Then,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to “Unset the parent pointer for all rate objects”. However, it only calls the driver-specific rateleafparentset or...
Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fixed a use-after-free of work objects after the cmid is destroyed The commit 59c68ac31e15 “iwcm: Free cmid resources on the last deref” simplified cmid resource management by freeing the cmid once all references to it...
Astra Linux - уязвимость в samba
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...