826 matches found
Rebuild <= 3.5.5 - Server-Side Request Forgery
There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component. id: CVE-2024-1021 info: name: Rebuild = 3.5.5 - Server-Side Request Forgery author: BMCel severit...
SUSE CVE-2026-53289
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...
Linux Distros Unpatched Vulnerability : CVE-2026-53289
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM...
CVE-2026-53289
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...
UBUNTU-CVE-2026-53289
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...
EUVD-2026-39894
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...
CVE-2026-53289
In the Linux kernel ice driver, CVE-2026-53289 describes a NULL pointer dereference in ice_reset_all_vfs caused by ignoring the return value of ice_vf_rebuild_vsi(). If a VSI rebuild fails (e.g., during NVM firmware update), ice_vsi_rebuild_vsi leaves txq_map/rxq_map NULL and ice_vf_post_vsi_rebu...
PT-2026-52928
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ice reset all vfs function. The issue occurs because ice reset all vfs ignores the return value of ice vf rebuild vsi. If the VSI rebuild...
CVE-2026-52924
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
EUVD-2026-38727
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
Oracle Linux 9 : libtiff (ELSA-2026-19363)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19363 advisory. 4.4.0-18 - rebuild 4.4.0-15.3 - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile RHEL-159331 Tenable has extracted the preceding...
CVE-2026-48787
gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Ice: Avoid bpfprog refcount underflow The Ice driver includes routines for managing XDP resources that are shared between the ndobpf operation and the VSI rebuild flow. The latter occurs, for example, when the user changes the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Ice: Fixed a NULL pointer dereferencing during VSI rebuild. Fixed a race condition where PTP periodic work ran while VSI was being rebuilt, potentially leading to access to NULL vsi-rxrings. The sequence was as follows: 1...
PT-2026-50608
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The rebuild.php front controller, used to clear caches and rebuild the container when a site is in an unexpected condition, fails to correctly validate the Host header against trusted hos...
OPENSUSE-SU-2026:20947-1 Security update for java-21-openj9
This update for java-21-openj9 fixes the following issues: Changes in java-21-openj9: - Make post scripts less noisy bsc1267355 - Use libalternatives instead of update-alternatives for distributions where libalternatives is available - Update to OpenJDK 21.0.11 with OpenJ9 0.59.0 virtual machine ...
Fedora 44 : rust-sequoia-cert-store / rust-sequoia-chameleon-gnupg / etc (2026-5c5f4f40a4)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-5c5f4f40a4 advisory. - Update the sequoia-wot crate to version 0.15.2. - Update the sequoia-keystore crate to version 0.7.3. This includes a rebuild of all dependent applications...
EUVD-2026-34313
Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...
kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild
A flaw was found in the Linux kernel's ice network driver. A local attacker could exploit a race condition during the Virtual Station Interface VSI rebuild process. This flaw occurs when the Precision Time Protocol PTP periodic work attempts to access uninitialized memory, leading to a NULL point...
PT-2026-44907
Name of the Vulnerable Software and Affected Versions Froxlor version 2.3.6 Description A symlink-following flaw exists in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorized keys within a customer-controlled home...