3208 matches found
CVE-2026-23274 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...
CVE-2026-23274
CVE-2026-23274 : In the Linux kernel, a bug in netfilter xt_IDLETIMER allows rev0 rules to reuse timers labeled as ALARM if a prior timer exists. This can cause mod_timer() to run on an uninitialized timer_list, triggering debug warnings and potentially a panic when panic_on_warn=1. The fix rejec...
CVE-2026-23274 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...
CVE-2026-23274
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xtIDLETIMER module allowing rev0 rules to reuse ALARM type timer labels. This could lead to a...
CVE-2026-23274
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...
Linux Distros Unpatched Vulnerability : CVE-2026-23274
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules...
Security update for freerdp
This update for freerdp fixes the following issue: CVE-2026-24491: Heap-use-after-free in videotimer additional fix bsc1257981. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
SUSE-SU-2026:0933-1 Security update for freerdp
This update for freerdp fixes the following issue: - CVE-2026-24491: Heap-use-after-free in videotimer additional fix bsc1257981...
CVE-2026-32723
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...
CVE-2026-32723
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...
CVE-2026-32723
SandboxJS (affected: SandboxJS) prior to 0.8.35 suffers an execution-quota bypass due to a race condition on the global currentTicks.current shared state across concurrent sandboxes. Timer handlers are compiled at execution time using the global tick state rather than the scheduling sandbox’s tic...
CVE-2026-32723 SandboxJS timers have an execution-quota bypass (cross-sandbox currentTicks race)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...
CVE-2026-23245
In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...
Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030
This module provides a site administrator the ability to log users out after a specified time of inactivity. The module doesn't sufficiently protect its routes from cross-site request forgery CSRF, allowing the logout route to be triggered without user interaction...
SandboxJS 竞争条件问题漏洞
SandboxJS is a security assessment tool developed by nyariv’s individual developer. Versions of SandboxJS prior to 0.8.35 contained a race condition vulnerability. This vulnerability stemmed from a timer’s execution quota bypass issue, which could allow, in multi-tenant scenarios, timer callbacks...
SUSE-SU-2026:0902-1 Security update for freerdp
This update for freerdp fixes the following issue: - CVE-2026-24491: Heap-use-after-free in videotimer additional fix bsc1257981...
GHSA-7P5M-XRH7-769R SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers
Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...
SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers
Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...
PT-2026-25822
Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...