12196 matches found
CVE-2026-49188
The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...
CVE-2026-49188
The CVE-2026-49188 entry concerns the ai_cmd utility, which executes with full root permissions. The vulnerability arises because input received over a socket is piped directly to popen(), enabling unauthenticated users to cause arbitrary root commands to run. This is described in multiple source...
EUVD-2026-34205
The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...
CVE-2026-49188 Elevated Root Command Execution via ai_cmd Sockets
The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...
CVE-2026-49188
The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...
PT-2026-46145
The ai cmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...
kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service
A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...
CVE-2026-46267
In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...
kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...
SUSE CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
USN-8373-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
USN-8370-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
EUVD-2026-33818
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
Ubuntu 25.10 / 26.04 LTS : OpenJDK 26 vulnerabilities (USN-8341-1)
The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8341-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker...
CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
DEBIAN-CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
UBUNTU-CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-10294
CVE-2026-10294 affects PackageKit up to 1.3.5. The vulnerable component is the API function g_file_test in src/pk-transaction.c. Manipulation of the argument frontend-socket leads to improper authorization. The issue can be exploited remotely, and the exploit has been disclosed publicly and may b...