CentOS 9 : kernel-5.14.0-710.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the kernel-5.14.0-710.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et....

CVE-2026-43256

A flaw was found in the Linux kernel's media subsystem, specifically within the Qualcomm Camera Subsystem CAMSS Video Front End VFE driver. An out-of-bounds memory access can occur in the vfeisrregupdate function when processing interrupt service routines. This vulnerability arises because a loop...

CVE-2026-43219

In the Linux kernel, the following vulnerability has been resolved: net: cpswnew: Fix potential unregister of netdev that has not been registered yet If an error occurs during registernetdev for the first MAC in cpswregisterports, even though cpsw-slaves0.ndev is set to NULL, cpsw-slaves1.ndev...

CVE-2026-43256 media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

Linux Distros Unpatched Vulnerability : CVE-2026-43093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xsk: tighten UMEM headroom validation to account for tailroom and min frame The current headroom validation in xdpumemreg could leave us with insufficient space...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient header space validation in xdpumemreg. This vulnerability may lead to insufficient...

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +95 more potentially affected by CVE-2026-35397 via jupyter-server (>=2.0.0rc3 <=2.17.0)

jupyter-server PYPI version =2.0.0rc3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =3.0.0, =0.1.0, =0.0.1, =0.0.6 and more Source cves: CVE-2026-35397 Source advisory: SNYK:PYTHON-JUPYTERSERVER-16425698...

Astra Linux - уязвимость в leptonlib

Leptonica before 1.80.0 allows an over-reading of the heap-based buffer in rasteropGeneralLow, related to adaptmapreg.c and adaptmap.c...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: prevents reg-wait speculation. By using ENTEREXTARGREG instead of passing a user pointer along with arguments for the waiting loop, the user can specify an offset within a pre-mapped region of memory. In this case, offse...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR Normally, zero filling would hide the missing initialization. However, setting descsize in regcreate incorrectly causes a crash: BUG: Unable to handle a page fault f...

CVE-2026-7601

A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument regtype leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able...

CVE-2026-7601 Open5GS AMF gmm-handler.c denial of service

A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument regtype leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able...

CVE-2026-7601 Open5GS AMF gmm-handler.c denial of service

A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument regtype leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able...

CVE-2026-7601

The CVE-2026-7601 entry affects Open5GS (up to 2.7.6), specifically the AMF component via the gmm-handler.c function. The root cause is manipulation of the reg_type argument, which can cause a denial of service. The issue is remotely exploitable. A fix is available in Open5GS v2.7.7, with patch i...

PT-2026-36559

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.7 Description A remote denial of service issue exists in the AMF component within the src/amf/gmm-handler.c file. The flaw is triggered by the manipulation of the reg type argument. Recommendations Upgrade to...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of parameters regtype by unknown functions in...

JLSEC-2026-346

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FLreggclist of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...

CVE-2026-35040

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some modifiers are statef...

GHSA-CJW9-GHJ4-FWXF fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification

⚠️ IMPORTANT CLARIFICATIONS Affected Configurations This vulnerability ONLY affects applications that: - Use RegExp objects not strings in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options - Configure patterns susceptible to catastrophic backtracking - Example: allowedAud...

EUVD-2026-20898

fast-jwt: Stateful RegExp /g or /y causes non-deterministic allowed-claim validation logical DoS...