1422 matches found
CVE-2026-31787
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmdvmops defines .close privcmdclose, but neither .maysplit nor .open. When userspace does a partial munmap on a privcmd mapping, the kernel splits the VMA via splitvma. Since...
CVE-2026-31787
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmdvmops defines .close privcmdclose, but neither .maysplit nor .open. When userspace does a partial munmap on a privcmd mapping, the kernel splits the VMA via splitvma. Since...
CVE-2026-31787
CVE-2026-31787 affects the Linux kernel, specifically the xen/privcmd mapping flow. The root cause is a double-free in the VMA splitting path when userspace performs partial munmap() on a privcmd mapping. Because privcmd_vm_ops defines .close but not .may_split or .open, the kernel may_split() pe...
CVE-2026-31787
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmdvmops defines .close privcmdclose, but neither .maysplit nor .open. When userspace does a partial munmap on a privcmd mapping, the kernel splits the VMA via splitvma. Since...
CVE-2026-31787 xen/privcmd: fix double free via VMA splitting
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmdvmops defines .close privcmdclose, but neither .maysplit nor .open. When userspace does a partial munmap on a privcmd mapping, the kernel splits the VMA via splitvma. Since...
[SECURITY] Fedora 44 Update: python3.9-3.9.25-9.fc44
Python 3.9 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.9 package provides the "python3.9" executable: the...
PT-2026-36101
Name of the Vulnerable Software and Affected Versions nanobot affected versions not specified Description An issue exists where including the | character in a sender address allows an attacker to bypass the Channel allowlist. This bypass provides full access to the Agent Loop, exposing all tools,...
CLSA-2026-1777453408 Fix CVE(s): CVE-2026-35414
SECURITY UPDATE: incorrect matching of principals in the authorizedkeys principals="..." option when a certificate principal contains a comma. - debian/patches/CVE-2026-35414.patch: fix matchprincipalsoption to split on comma and compare principals exactly - CVE-2026-35414...
Linux Distros Unpatched Vulnerability : CVE-2026-31668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and...
Malicious code in @ozon-complt/split (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c1f495268eb36a5d6c7f43e110ffb8cb58953bce375fdb4e6feb02818b3ce0 The package @ozon-complt/split was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3067 Malicious code in @ozon-complt/split (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c1f495268eb36a5d6c7f43e110ffb8cb58953bce375fdb4e6feb02818b3ce0 The package @ozon-complt/split was found to contain malicious code. Source: ghsa-malware...
GHSA-X2QX-6953-8485 GitPython: Unsafe option check validates multi_options before shlex.split transformation
Summary clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but after split becomes "--branch", "main", "--config", "core.hooksPath=/x". Git applies the...
GitPython: Unsafe option check validates multi_options before shlex.split transformation
Summary clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but after split becomes "--branch", "main", "--config", "core.hooksPath=/x". Git applies the...
CVE-2026-35375
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
In the Linux kernel, the following vulnerability has been resolved: seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and seg6outputcore. These two paths can perform the post-encap SID lookup ...
PT-2026-35020
In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst cache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dst cache per encap route, shared between seg6 input core and seg6 output core. These two paths can perform the post-encap SID...
PT-2026-34940
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the KVM x86 component. This occurs when the emulator initiates a write using an on-stack local variable as the source, the write splits a page boundary,...
SUSE CVE-2026-6507
A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY Bootstrap Protocol Reply packet to a dnsmasq server configured with the --dhcp-split-relay option. This can lead to memory corruption, causing the dnsmasq...
SUSE CVE-2026-31456
In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walkpudrange can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared. A...
EUVD-2026-25024
A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...