CVE-2026-8512

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

MiracleLinux 7 : glibc-2.17-106.el7.4 (AXSA:2016-096:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-096:01 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as t...

CVE-2022-50856

The CVE-2022-50856 entry applies to the Linux kernel, specifically the CIFS subsystem. The vulnerability was caused by an xid leak in cifs_ses_add_channel() where the xid was not freed before returning. A fix was applied to ensure the xid is freed, mitigating the leak. Affected versions/contexts ...

kernel: cifs: Fix oops due to uninitialised variable

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3inittransformrq to initialise buffer to NULL before calling netfsallocfolioqbuffer as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 8 : kernel (RHSA-2025:21083)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21083 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: wifi: mac80211: check S1G...

SUSE CVE-2022-49380

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid f2fsbugon in decvalidnodecount As Yanming reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215897 I have encountered a bug in F2FS file system in kernel v5.17. The kernel should enable...

Internet Bug Bounty: [SECURITY] CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet

A vulnerability was discovered in Apache Tomcat where a race condition could be triggered on a Windows machine with a write-enabled default servlet, leading to remote code execution. The issue was caused by the case-insensitive nature of the file system, which allowed an uploaded file to be treat...

SUSE CVE-2024-49999

In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag In afswaitforoperation, we set transcribe the call responded flag to the server record that we used after doing the fileserver iteration loop - but it's possible to exit the loop...

Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref CVE-2024-26735 kernel: fs: sysfs: Fix reference leak in sysfsbreakactiveprotection CVE-2024-26993 For more details about the...

ALPINE-CVE-2023-34241

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

client and idm:DL1 bug fix and enhancement update

An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, slapi-nis, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

SUSE-SU-2021:2925-1 Security update for xen

This update for xen fixes the following issues: Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed bsc1186428 - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling bsc1186429 - CVE-2021-0089: xen: Speculative Code Store Bypass bsc1186433 -...

DEBIAN-CVE-2018-4208

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks...

UBUNTU-CVE-2018-13096

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service out-of-bounds memory access and BUG can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image...

UBUNTU-CVE-2018-12930

ntfsendbufferasyncread in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

Week in Security (August 7 – August 13)

Last week, we explained how security certificates work and how malware authors have used them to block security software from being downloaded and executed. We also showed how the Magnitude exploit kit is spreading a Cerber ransomware variant that uses binary padding in an attempt to get skipped,...

Third-party service side of the drain: Let's Encrypt leaked 7 6 1 8 name User email address-bug warning-the black bar safety net

! Let's Encrypt translated into Chinese called“let's encrypt”, in fact, this is one for the majority of the site free-issued SSL/TLS certificates of the project. Let's Encrypt the backing is not small, at the moment it is by the Linux Foundation managed to initiate the project of organizations...

Let's Encrypt Accidentally Spills 7,600 User Emails

Certificate authority Let’s Encrypt accidentally disclosed the email addresses of several thousand of its users this weekend. Josh Aas, Executive Director for the Internet Security Research Group ISRG, the nonprofit group that helped launch the CA, apologized for the error on Saturday. In what...

Fedora Update for bugzilla FEDORA-2012-0328

Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2012-0328 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...