7926 matches found
UBUNTU-CVE-2026-23258
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...
UBUNTU-CVE-2026-23256
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...
UBUNTU-CVE-2026-23257
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...
CVE-2026-23261
CVE-2026-23261 corresponds to a Linux kernel NVMe over Fabrics issue where nvme_fc_init_ctrl leaks admin blk-mq resources if subsequent steps fail during controller setup. The fix ensures the admin_tagset is freed by checking ctrl->ctrl.admin_tagset in the fail_ctrl path and calling nvme_remov...
CVE-2026-23258 net: liquidio: Initialize netdev pointer before queue setup
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...
CVE-2026-23258 net: liquidio: Initialize netdev pointer before queue setup
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...
CVE-2026-23258
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...
CVE-2026-23258
CVE-2026-23258 is acknowledged in OSV entries as a vulnerability present in the Linux kernel context via the Root:Ubuntu rootio-linux package. Ubuntu security advisories indicate patches are available for Ubuntu 22.04 LTS and 24.04 LTS (Root:Ubuntu:22.04 and Root:Ubuntu:24.04) with multiple fixed...
CVE-2026-23257 net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...
CVE-2026-23256
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...
CVE-2026-23256
CVE-2026-23256 relates to the Linux kernel and fixes an off-by-one error in the VF setup_nic_devices() cleanup (net: liquidio) that could leak memory. The Root:Ubuntu and Ubuntu OSV entries confirm patches in rootio-linux for Ubuntu 24.04 and 22.04 with multiple fixed kernel versions (e.g., kerne...
CVE-2026-23254
In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...
CVE-2026-2992
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...
CVE-2026-2992
The vulnerability affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin up to version 4.1.2. A missing authorization flaw exists on the REST endpoint /wp-json/kivicare/v1/setup-wizard/clinic, enabling unauthenticated attackers to create a new clinic and a WordPress user...
CVE-2026-2992 KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...
CVE-2026-2992 KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...
CVE-2026-32694
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...
CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...
WordPress plugin KiviCare 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Linux Distros Unpatched Vulnerability : CVE-2026-23261
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme-fc: release admin tagset if init fails nvmefabrics creates an NVMe/FC controller in following path: nvmfdevwrite - nvmfcreatectrl - nvmefccreatectrl -...