61 matches found
CLSA-2026-1779212665 php: Fix of 14 CVEs
CVE-2018-5711: fix infinite loop in gdImageCreateFromGifCtx - CVE-2018-5712: remove file name from phar stub error output XSS - CVE-2018-10545: do not set PRSETDUMPABLE in php-fpm workers by default - CVE-2018-10546: fail iconvmimedecode on invalid multibyte sequences - CVE-2018-10547: escape...
EUVD-2026-29943
ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...
CVE-2026-43141 ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario rounddownpowoftwo will cause undefined behaviour and should not be performed. This...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcdv2extoffset when receiving proposal msg When receiving proposal msg in server, the field smcdv2extoffset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcdv2extoffset...
CVE-2026-31777
A flaw was found in the Linux kernel's ALSA ctxfi driver. The driver failed to properly validate the return value from the daiodeviceindex function. This oversight could lead to the driver making incorrect assumptions, potentially causing system instability. Mitigation To mitigate this issue,...
USN-8198-1: Tornado vulnerabilities
It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. CVE-2026-31958 It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use...
USN-8198-1 python-tornado vulnerabilities
It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. CVE-2026-31958 It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use...
SUSE-SU-2026:21320-1 Security update for opensc
This update for opensc fixes the following issues: - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to...
PT-2026-30184
In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer overflow in hid hw request right now the returned value is considered to be always valid. However, when playing with HID-BPF, the return value can be arbitrary big, because it's the return value of dispat...
ROS-20260126-73-0053
A vulnerability in the virtiofs component of the Linux operating system kernel is related to improper validation of a function's return value. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2025-68792 tpm2-sessions: Fix out of range indexing in name_size
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...
ROS-20260112-7356
A vulnerability in the dcn3clkmgrconstruct function of the drivers/gpu/drm/amd/display/dc/clkmgr/dcn30/dcn30clkmgr.c module of the Linux operating system kernel is related to a lack of return value validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
GHSA-G59M-GF8J-GJF5 AWS SDK for Rust v1 adopted defense in depth enhancement for region parameter value
Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement has been implemented in th...
CVE-2025-40072
In the Linux kernel, the following vulnerability has been resolved: fanotify: Validate the return value of mntnsfromdentry before dereferencing The function dofanotifymark does not validate if mntnsfromdentry returns NULL before dereferencing mntns-userns. This causes a NULL pointer dereference i...
EUVD-2022-54679
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectorsperclusters When the NTFS BOOT sectorsperclusters field is 0x80, it represents a shift value. Make sure that the shift value is not too large before using it NTFS max cluster size is 2MB. Return...
WordPress plugin Web Accessibility By accessiBe 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...
EUVD-2017-6387
Malware in sbrugna...
EUVD-2021-26000
Malware in sbrugna...
EUVD-2021-21747
Malware in sbrugna...
EUVD-2010-0433
Malware in sbrugna...