2507 matches found
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /approve command. An attacker can gain unauthorized approval or denial of pending execution requests by sending specially crafted chat messages through a...
SUSE CVE-2026-23137
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...
Linux Distros Unpatched Vulnerability : CVE-2026-23153
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transaction is...
SUSE CVE-2026-23188
In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: DPM device timeout after 10 seconds; 15 seconds until panic Call Trace: schedule+0x483/0x1370...
CVE-2026-23153
In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transaction is enumerated without acquiring card lock when processing AR response event. This causes a race condition bug when processing AT request completi...
CVE-2026-23137
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...
CVE-2026-23137
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...
UBUNTU-CVE-2026-23137
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...
UBUNTU-CVE-2026-23158
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...
CVE-2026-23173 net/mlx5e: TC, delete flows only for existing peers
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, delete flows only for existing peers When deleting TC steering flows, iterate only over actual devcom peers instead of assuming all possible ports exist. This avoids touching non-existent peers and ensures cleanup ...
CVE-2026-23158 gpio: virtuser: fix UAF in configfs release path
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...
CVE-2026-23158 gpio: virtuser: fix UAF in configfs release path
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guardmutex to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutexunlock to operate ...
CVE-2026-23153
CVE-2026-23153 concerns the Linux kernel regarding a race condition in the FireWire core when enumerating the transaction list without a lock during AR response processing, potentially impacting AT request completion handling. The issue is resolved by moving the timer start for split-transaction ...
CVE-2026-23137
CVE-2026-23137 (Linux kernel). In unittest_data_add() a memory leak could occur if of_resolve_phandles() failed, leaving unittest_data allocated. The fix uses a scope-based cleanup helper (__free(kfree)) to automatically free unittest_data on error paths, and retain_and_null_ptr() on the success ...
CVE-2026-23137 of: unittest: Fix memory leak in unittest_data_add()
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...
EUVD-2026-5900
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...
CVE-2026-23137
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...
CVE-2026-23137 of: unittest: Fix memory leak in unittest_data_add()
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittestdataadd In unittestdataadd, if ofresolvephandles fails, the allocated unittestdata is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper freekfree for...
SUSE CVE-2026-23989
REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...
SUSE CVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle's agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out-of-scope containers for example, env=prod on the same agen...