fprime 输入验证错误漏洞

fprime is an open-source flight software and embedded system framework developed by NASA. Versions of fprime prior to 4.2.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from boundary-checking use of U32 addition, which allowed overflow bypasses, and the...

Linux Distros Unpatched Vulnerability : CVE-2026-31432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consume...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013695)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013695 advisory. In the Linux kernel, the following vulnerability has been resolved: hfs: Fix OOB Write in hfsasc2mac Syzbot reported a OOB Write bug: loop0: detected capacity change...

MiracleLinux 8 : thunderbird-140.9.1-1.el8_10.ML.1 (AXSA:2026-485:09)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-485:09 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013450 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2writ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013508)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013508 advisory. In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgenthreadwrite Honour the user given...

PT-2026-34581

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation

Exploit Title: Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation Exploit Details: https://xavibel.com/2025/12/22/using-vulnerable-drivers-in-red-team-exercises/ Date: 8/12/2025 Exploit Author: Xavi Beltran Vendor Homepage:...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a security vulnerability. This vulnerability stems from the mv utility’s check-time-to-use-time flaw during cross-device operations. The extended attribute retention logic utilizes...

Linux Distros Unpatched Vulnerability : CVE-2026-31437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfsunbufferedwrite on retry When a write subrequest...

Linux Distros Unpatched Vulnerability : CVE-2026-35356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013741)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013741 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013426)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013426 advisory. A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013787 advisory. In the Linux kernel, the following vulnerability has been resolved: hfs: fix OOB Read in hfsbrecfind Syzbot reported a OOB read bug:...

CVE-2026-41144

CVE-2026-41144 affects F Prime prior to 4.2.0. The vulnerability arises from an integer overflow in a bounds check: adding byteOffset and dataSize uses 32-bit unsigned addition that can wrap around. With a crafted DataPacket (e.g., byteOffset=0xFFFFFF9C, dataSize=100), the check is bypassed and a...

CVE-2026-41144 F´ (F Prime) has Integer Overflow in FileUplink

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

CVE-2026-41144

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

EUVD-2026-24577

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

CVE-2026-41144 F´ (F Prime) has Integer Overflow in FileUplink

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

ALPINE-CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...