222 matches found
UBUNTU-CVE-2026-40553
Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk ftype routine. This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below...
CVE-2026-40553
Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk ftype routine. This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below...
CVE-2026-40553
CVE-2026-40553 affects GNU awk (gawk); a buffer/stack-based overflow in the extension/readdir.c ftype() routine can crash the process and, per the CVE description, potentially enable code execution, though this has not been confirmed. Vulnerable as of version 5.4.0 and earlier. No remediation det...
EUVD-2026-43495
Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk ftype routine. This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below...
OPENSUSE-SU-2026:21253-1 Security update for qemu
This update for qemu fixes the following issues: Update to version 10.0.11. Security issues fixed: - CVE-2026-3886: integer overflow leading to privilege escalation due to lack of proper validation of user-supplied data in the virtio-gpu driver bsc1268061. - CVE-2026-48914: heap buffer overflow d...
SUSE CVE-2026-53174
In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...
CVE-2026-53174
In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...
CVE-2026-53174 ovl: keep err zero after successful ovl_cache_get()
In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...
EUVD-2026-39265
In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...
PT-2026-52270
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ovl iterate merged function where the err variable is assigned the value of PTR ERRcache before verifying if cache is an error using IS ERRcache. When the operatio...
Siemens RUGGEDCOM RST2428P Permissive Regular Expression (CVE-2025-40271)
"In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
EUVD-2026-34832
Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ceph: A memory leak was fixed in cephreaddir when notelastdentry returns an error. lastreaddir was reset at the same time, and a comment was added explaining why lastreaddir is not freed when diremit returns false...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds read in addmissingindices. stbl is an s8 type, but it must contain offsets into slots that can range from 0 to 127. A bound check was added for this error, and the error code -EIO will be...
SUSE CVE-2026-31694
In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...
Linux Distros Unpatched Vulnerability : CVE-2026-31694
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dire...
CVE-2026-31694
In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...
CVE-2026-31694
Summary: CVE-2026-31694 fixes a Linux kernel FUSE directory-entry handling flaw. A malicious FUSE server could cause a 24-byte overflow by returning a dirent whose serialized size (based on namelen) exceeds a single PAGE_SIZE. The bug arises in fuse_add_dirent_to_cache(), which previously only ch...
CVE-2026-31694 fuse: reject oversized dirents in page cache
In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...
CVE-2026-31694 fuse: reject oversized dirents in page cache
In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...