CVE-2026-54228 Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013359 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

CVE-2026-23333

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

GHSA-5HC8-QMG8-PW27 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SVG Sanitizer Bypass via Element — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangerous...

Azure Linux 3.0 Security Update: kernel (CVE-2024-27012)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27012 advisory. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set element...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001703)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001703 advisory. An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414399)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414399 advisory. An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to...

SUSE CVE-2023-53566

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: fix null deref on element insertion There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 1 PREEM...

VulnCheck KEV: CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – Use a timestamp to check for set element timeout. A timestamp field was added at the beginning of the transaction; it is stored in the nftablespernetns area. The .insert, .deactivate, and syncgc functions...

kernel: netfilter: nf_tables: use timestamp to check for set element timeout

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: netfilter: nf_tables: use timestamp to check for set element timeout

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: netfilter: nf_tables: use timestamp to check for set element timeout

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: netfilter: nf_tables: use timestamp to check for set element timeout

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: netfilter: nf_tables: use timestamp to check for set element timeout

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2024-27397

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation In order to trigger the issue, it requires the ability to create user/net...

DEBIAN-CVE-2024-27397

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

AZL-40546 CVE-2024-27397 affecting package hyperv-daemons for versions less than 6.6.56.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

UBUNTU-CVE-2024-27397

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

CVE-2024-27397

...