CVE-2026-22994

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpfprogtestrunxdp syzbot is reporting unregisternetdevice: waiting for sit0 to become free. Usage count = 2 problem. A debug printk patch found that a refcount is obtained at xdpconvertmdtobuff fr...

TencentOS Server 3: curl (TSSA-2025:0994)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0994 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

UBUNTU-CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

PT-2026-6137

In the Linux kernel, the following vulnerability has been resolved: iommu/io-pgtable-arm: fix size t signedness bug in unmap path arm lpae unmap returns size t but was returning -ENOENT negative error code when encountering an unmapped PTE. Since size t is unsigned, -ENOENT typically -2 becomes a...

SUSE CVE-2023-54106

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fix potential memory leak in mlx5einitreprx The memory pointed to by the priv-rxres pointer is not freed in the error path of mlx5einitreprx, which can lead to a memory leak. Fix by freeing the memory in the error path,...

Linux Distros Unpatched Vulnerability : CVE-2022-50752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md/raid5: Remove unnecessary bioput in raid5readonechunk When running chunk-sized reads on disks with badblocks duplicate bio free/puts are observed:...

curl: libcurl: Curl out of bounds read for cookie path

An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site...

RHEL 9 : curl (RHSA-2025:23127)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23127 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP,...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

OPENSUSE-SU-2025:20090-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 - CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348 Other fixes: - tooloperate: fix...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988898)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988898 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix use-after-free in rdata-readintopages When the network status is unstable, use-after-fr...

Linux Distros Unpatched Vulnerability : CVE-2025-39976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futexhashallocatedefault copyprocess uses the wrong...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: curl (UTSA-2025-987465)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987465 advisory. 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2025-987455)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987455 advisory. 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear...

EUVD-2025-29014

Malicious code in bioql PyPI...

CVE-2025-9086 Out of bounds read for cookie path

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

Linux Distros Unpatched Vulnerability : CVE-2025-38409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the...

Linux Distros Unpatched Vulnerability : CVE-2025-22106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: vmxnet3: unregister xdp rxq info in the reset path vmxnet3 does not unregister xdp rxq info ...

Linux Distros Unpatched Vulnerability : CVE-2024-27043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: edia: dvbdev: fix a use-after-free In dvbregisterdevice, pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, pdvbdev...

Linux Distros Unpatched Vulnerability : CVE-2021-47015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bnxten: Fix RX consumer index logic in the error path. In bnxtrxpkt, the RX buffers are expected to complete in order. If the RX consumer index indicates an out...