EUVD-2026-32660

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisksdrivegetserial, udisksdrivegetvendor, and udisksdrivegetmodel directly to strcmp without NULL checks. The GIO/UDisks API documentation states these...

PT-2026-44110

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7 Description In src/device.c, the return values of the functions udisks drive get serial, udisks drive get vendor, and udisks drive get model are passed directly to strcmp without NULL checks. According to...

CLSA-2026-1779436377 cups: Fix of CVE-2026-27447

CVE-2026-27447: fix authorization bypass in cupsd by replacing case-insensitive username comparisons with byte-exact strcmp against pw-pwname; also include upstream follow-up commit 849fba7d "Fix unauthenticated print policies", Issue 1557 to restore behavior for CUPSDAUTHNONE policies with named...

CLSA-2026-1777947165 Fix CVE(s): CVE-2026-35414

SECURITY UPDATE: authorizedkeys principals="" option mismatches certificate principals containing comma characters. - debian/patches/CVE-2026-35414.patch: rewrite matchprincipalsoption to split principallist with strsep and compare with strcmp. - CVE-2026-35414...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: lltemac: platformgetresource replaced by wrong function The function platformgetresource was replaced with devmplatformioremapresourcebyname and is called using 0 as name. This eventually ends up in platformgetresourcebyname...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtlwifi: Fixed a global-out-of-bounds bug in rtl8812ae PhySetTxPowerLimit There is a reported global-out-of-bounds issue by KASAN: BUG: KASAN: Global-out-of-bounds in rtl8812aeeqnbyte.part.0+0x3d/0x84 rtl8821ae Reading of...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013608 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter kasprintf would return NULL pointer when kmallo...

SUSE CVE-2026-23474

In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 "fortify: Use builtindynamicobjectsize when available" produces the warning below and an oops. Searchi...

CVE-2026-23474

In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 "fortify: Use builtindynamicobjectsize when available" produces the warning below and an oops. Searchi...

CVE-2026-23474

In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 "fortify: Use builtindynamicobjectsize when available" produces the warning below and an oops. Searchi...

UBUNTU-CVE-2026-23474

In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 "fortify: Use builtindynamicobjectsize when available" produces the warning below and an oops. Searchi...

CVE-2026-23474

In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 "fortify: Use builtindynamicobjectsize when available" produces the warning below and an oops. Searchi...

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

CVE-2025-57784

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

CVE-2025-57784

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

CVE-2025-57784 Tomahawk authentication timing attack due to usage of 'strcmp'

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

CVE-2025-57784

CVE-2025-57784 refers to a Tomahawk authentication timing attack in the Hiawatha webserver (version 11.7) caused by the use of strcmp in the admin handling path, which could enable a local attacker to access the management client. The Red Hat and CVE records corroborate the issue as a local-timin...

Hiawatha security vulnerabilities

Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by the use of strcmp, which may...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992961)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992961 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Fix global-out-of-bounds bug in rtl8812aephysettxpowerlimit There is a...

CVE-2022-50866

In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter kasprintf would return NULL pointer when kmalloc fail to allocate. Need to check the return pointer before calling strcmp...