Microsoft Exchange Server 跨站脚本漏洞

Microsoft Exchange Server is a set of email service programs provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. Microsoft Exchange Server has a cross-site scripting vulnerability. Attackers utilize thi...

Microsoft Exchange Server 代码问题漏洞

Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...

CVE-2026-46132

A flaw was found in the Linux kernel's rtnetlink component. The rtnlfillvfinfo function declares a structure on the stack without full initialization. When processing RTMGETLINK requests with a specific attribute, an unprivileged local process can exploit this to read up to 26 bytes of...

CVE-2026-45930

A flaw was found in the Linux kernel's Multi-Channel Transport Protocol MCTP networking implementation. When processing a RTMGETNEIGH request, the system may return uninitialized data in the ndmsg pad bytes. This can allow a local attacker to obtain sensitive information from kernel memory, leadi...

CVE-2026-45845

The CVE-2026-45845 entry concerns the Linux kernel net/sched TAPRIO implementation. A NULL pointer dereference in taprio_dump_class can occur when a TAPRIO child qdisc is deleted and new == NULL in taprio_graft, leading to dereferencing child->handle during RTM_GETTCLASS dumps. The issue is re...

Linux Distros Unpatched Vulnerability : CVE-2026-45930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Tren...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed a potential “struct net” leak in inet6rtmgetaddr. It appears that if the user space provides a correct IFATARGETNETNSID value, but no IFAADDRESS or IFALOCAL attributes are set, inet6rtmgetaddr will return -EINVAL, alo...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: phonet: fixed the rtmphonetnotify function’s skb allocation. The fillroute function stores three components in the skb: - struct rtmsg - RTADST u8 - RTAOIF u32 Therefore, rtmphonetnotify should use: NLMSGALIGNsizeofstruct rtmsg...

EUVD-2026-25218

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtmgetnexthop When querying a nexthop object via RTMGETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSGGOODSIZE. While sufficient for single nexthops and small...

CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtmgetnexthop When querying a nexthop object via RTMGETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSGGOODSIZE. While sufficient for single nexthops and small...

CVE-2026-31531

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtmgetnexthop When querying a nexthop object via RTMGETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSGGOODSIZE. While sufficient for single nexthops and small...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the allocation of fixed-sized SKBs in the rtmgetnexthop function. This vulnerability may cause...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006936)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006936 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential struct net leak in inet6rtmgetaddr It seems that if userspace provides a...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006772)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006772 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential struct net leak in inet6rtmgetaddr It seems that if userspace provides a...

Release Information for Veeam ONE 13.0.1 RTM Patch 0

Update Applicability This "Patch 0" update for Veeam ONE 13.0.1 is strictly intended for deployments using the RTM release build 13.0.1.5860. If Veeam ONE 13.0.1 GA build 13.0.1.5924 is installed, this update can be ignored as it is not needed. All resolved issues listed in this article were foun...

DEBIAN-CVE-2025-39874

In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTMNEWLINK Syzkaller managed to lock the lower device via ETHTOOLSFEATURES: netdevlock include/linux/netdevice.h:2761 inline netdevlockops include/net/netdevlock.h:42 inline netdevsynclowerfeatures...

CVE-2025-39874 macsec: sync features on RTM_NEWLINK

In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTMNEWLINK Syzkaller managed to lock the lower device via ETHTOOLSFEATURES: netdevlock include/linux/netdevice.h:2761 inline netdevlockops include/net/netdevlock.h:42 inline netdevsynclowerfeatures...

CVE-2025-39874

CVE-2025-39874 - Linux kernel macsec feature synchronization race : The issue occurs in macsec feature updates where lower (real) and upper device feature states can become out of sync during ETHTOOL_SFEATURES handling, potentially causing a lock in the lower device while updating features. The r...

CVE-2025-39874 macsec: sync features on RTM_NEWLINK

In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTMNEWLINK Syzkaller managed to lock the lower device via ETHTOOLSFEATURES: netdevlock include/linux/netdevice.h:2761 inline netdevlockops include/net/netdevlock.h:42 inline netdevsynclowerfeatures...

Linux Distros Unpatched Vulnerability : CVE-2024-36946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phonet: fix rtmphonetnotify skb allocation fillroute stores three components in the skb: - struct rtmsg - RTADST u8 - RTAOIF u32 Therefore, rtmphonetnotify shou...