5271 matches found
CVE-2026-23256
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...
CVE-2026-23256 net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...
CVE-2026-23256
CVE-2026-23256 relates to the Linux kernel and fixes an off-by-one error in the VF setup_nic_devices() cleanup (net: liquidio) that could leak memory. The Root:Ubuntu and Ubuntu OSV entries confirm patches in rootio-linux for Ubuntu 24.04 and 22.04 with multiple fixed kernel versions (e.g., kerne...
CVE-2026-23256 net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...
UBUNTU-CVE-2026-23247
In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...
Linux Distros Unpatched Vulnerability : CVE-2026-23257
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: liquidio: Fix off-by-one error in PF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The...
EUVD-2026-12542
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
GHSA-2W8X-224X-785M sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
CVE-2026-4258
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
CVE-2026-4258
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
CVE-2026-4258
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
CVE-2026-4258
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
CVE-2026-4258
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
CVE-2026-4258
Affected software: sjcl (Stanford Javascript Crypto Library). Vulnerability: Improper verification of cryptographic signatures due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). This allows an attacker to recover a victim’s ECDH private key by sending crafted off-curve pub...
EulerOS Virtualization 2.12.1 : libarchive (EulerOS-SA-2026-1435)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when...
EulerOS Virtualization 2.12.0 : libarchive (EulerOS-SA-2026-1492)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when...
SUSE CVE-2026-29775
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to...
Free real estate: GoPix, the banking Trojan living off your memory
Introduction GoPix is an advanced persistent threat targeting Brazilian financial institutions' customers and cryptocurrency users. It represents an evolved threat targeting internet banking users through memory-only implants and obfuscated PowerShell scripts. It evolved from the RAT and Automate...
CVE-2025-11500
CVE-2025-11500 affects Tinycontrol devices (tcPDU; LK3.5, LK3.9, LK4). When the secondary authentication (protecting non-interface resources) is disabled (default), an unauthenticated attacker on the local network can read the login page response and access a JSON payload containing usernames and...