CVE-2025-68806 ksmbd: fix buffer validation by including null terminator size in EA length

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2setea function, which handles Extended Attributes EA, was performing buffer validation checks that incorrectly omitted the size of the null...

PT-2026-2613

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt re: Fix OOB write in bnxt re copy err stats Commit ef56081d1864 "RDMA/bnxt re: RoCE related hardware counters update" added three new counters and placed them after BNXT RE OUT OF SEQ ERR. BNXT RE OUT OF SEQ ERR acts as...

MiracleLinux 8 : thunderbird-128.13.0-3.el8_10.ML.1 (AXSA:2025-10749:19)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10749:19 advisory. firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035...

MiracleLinux 7 : openssl-1.0.2k-26.0.4.el7.AXS7 (AXSA:2025-10514:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10514:03 advisory. CVE-2019-1563: fix information disclosure in PKCS7dataDecode and CMSdecryptset1pkey CVEs: CVE-2019-1563 In situations where an attacker receives automated...

Tenda AX-3 安全漏洞

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the wanMTU2 parameter in the fromAdvSetMacMtuWan function failing to correctly validate...

PT-2026-2588

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to handling block sizes during the mounting of NTFS file systems. Specifically, when mounting, the superblock's block size sb-s blocksize is used...

MiracleLinux 7 : php-5.4.16-48.0.12.el7.AXS7 (AXSA:2025-10958:11)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10958:11 advisory. CVE-2017-9228: fix heap out-of-bounds write in bitsetsetrange and parsecharclass functions CVEs: CVE-2017-9228 Tenable has extracted the preceding descripti...

kernel: mm: slub: avoid wake up kswapd in set_track_prepare

A deadlock lock recursion vulnerability exists in the linux kernel such that when CONFIGDEBUGOBJECTSTIMERS is set, may wake up kswapd in settrackprepare, and try to hold the percpuhrtimerbases lock...

ROS-20260112-7381

A vulnerability in the sc16is7xxsetbaud function of the Linux operating system kernel is related to a flaw in the controlled area delimitations of the system. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260112-7325

A vulnerability in the btrfssetitemkeysafe function of the Linux operating system kernel is related to synchronization errors when using a shared resource "Race Situation". Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20260112-7315

A vulnerability in the fecsetmacaddress function of the drivers/net/ethernet/freescale/fecmain.c module of the Linux operating system kernel is related to insufficient resource locking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

PT-2026-2034

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A security flaw exists in UTT 进取 520W version 1.7.7-180627. The strcpy function within the file /goform/ConfigWirelessBase is susceptible to a buffer overflow when the ssid argument is manipulated...

CVE-2026-21876

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

PT-2026-3440

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description A flaw exists in the setWiFiBasicCfg function within the /cgi-bin/cstecgi.cgi file of the affected software. This issue is a buffer overflow that occurs when processing the ssid paramete...

CVE-2023-49430

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg...

CVE-2023-49437

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList...

CVE-2025-66051

CVE-2025-66051 affects the Vivotek IP7137 camera running firmware 0200a. A path traversal flaw allows an authenticated attacker to access resources outside the webroot via a direct HTTP request. The issue is linked to end-of-life status of the product and there is no expected fix. The vulnerabili...

CVE-2021-0437

In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9...

CVE-2022-38831

Tenda RX9Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList...

CVE-2022-37175

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet...