VIR Vulnerability Intelligence Relay

Search

Found 26,724 results in 1292ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-31664 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in build_polexpire() build_expire() clears the trailing padding bytes of struct xfrm_user_expire aft…
CVE-2026-31661 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: Fix dma_free_coherent() size dma_alloc_consistent() may change the size to align it. The new size is saved in all…
CVE-2026-31660 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. T…
CVE-2026-31658 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() When dma_map_single() fails in tse_start_xmit(), the funct…
CVE-2026-31655 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled Keep the NOC_HDCP clock always enabled to fix the potential hang cause…
CVE-2026-31654 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in __mmap_region() commit 605f6586ecf7 ("mm/vma: do not leak memory when .mmap_prepare swaps the file") h…
CVE-2026-31653 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails damon_call() for repeat_call_control of DAMON_SYSFS could fail …
CVE-2026-31651 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix NULL-deref on disconnect Make sure to deregister the controller before dropping the reference to the driver data…
CVE-2026-31647 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local loc…
CVE-2026-31646 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool() page_pool_create() can return an ERR_PTR on failu…
CVE-2026-31645 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if the subseq…
CVE-2026-31643 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk can be leaked in a few error …
CVE-2026-31642 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to use RCU safe deletion Fix rxrpc call removal from the rxnet->calls list to use list_del_rcu() rather t…
CVE-2026-31639 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call->key When creating a client call in rxrpc_alloc_client_call(), the code obtains a r…
CVE-2026-31634 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpc_server_keyring() This patch fixes a reference count leak in rxrpc_server_keyring() by ch…
CVE-2026-31632 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix leak of rxgk context in rxgk_verify_response() Fix rxgk_verify_response() to clean up the rxgk context it creates.
CVE-2026-31628 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: x86/CPU: Fix FPDSS on Zen1 Zen1's hardware divider can leave, under certain circumstances, partial results from previous operatio…
CVE-2026-31625 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: HID: alps: fix NULL pointer dereference in alps_raw_event() Commit ecfa6f34492c ("HID: Add HID_CLAIMED_INPUT guards in raw_event …
CVE-2026-31624 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in s32ton() to avoid undefined shift s32ton() shifts by n-1 where n is the field's report_size, a va…
CVE-2026-31623 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() A malicious USB device claiming to be a CDC Phonet modem can over…
CVE-2026-31621 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: bnge: return after auxiliary_device_uninit() in error path When auxiliary_device_add() fails, the error block calls auxiliary_dev…
CVE-2026-31620 medium 4.6 4.6 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can hav…
CVE-2026-31619 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value su…
CVE-2026-31618 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divid…
CVE-2026-31617 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() The block_len read from the host-supplied NTB header is checke…
CVE-2026-31616 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() A broken/bored/mean USB host can overflow the skb_shared_info…
CVE-2026-31615 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesas_usb3: validate endpoint index in standard request handlers The GET_STATUS and SET/CLEAR_FEATURE handlers ext…
CVE-2026-31610 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incremen…
CVE-2026-31606 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: don't call cdev_init while cdev in use When calling unbind, then bind again, cdev_init reinitialized the cdev…
CVE-2026-31605 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide…
CVE-2026-31604 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while …
CVE-2026-31603 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: staging: sm750fb: fix division by zero in ps_to_hz() ps_to_hz() is called from hw_sm750_crtc_set_mode() without validating that p…
CVE-2026-31601 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: vfio/xe: Reorganize the init to decouple migration from reset Attempting to issue reset on VF devices that don't support migratio…
CVE-2026-31599 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections syzbot reported a general protection fault in vidt…
CVE-2026-31596 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle invalid dinode in ocfs2_group_extend [BUG] kernel BUG at fs/ocfs2/resize.c:308! Oops: invalid opcode: 0000 [#1] SMP…
CVE-2026-31595 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup Disable the delayed work before clearing BAR mappings a…
CVE-2026-31594 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epf_ntb_epc_destroy() duplicates the teardown that the caller is …
CVE-2026-31593 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VM…
CVE-2026-31592 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock Take and hold kvm->lock for before checking sev_guest() i…
CVE-2026-31591 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish Lock all vCPUs when synchronizing and encrypting VMSAs for…
CVE-2026-31590 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION Drop the WARN in sev_pin_memory() on npages overflowing an in…
CVE-2026-31585 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on start_streaming failure syzbot reported a memory leak in vidtv_psi_service_desc_init…
CVE-2026-31579 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit wg_netns_pre_exit() manually acquires rtnl_lock…
CVE-2026-31577 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map The DAT inode's btree node cache (i_assoc_inode) is in…
CVE-2026-31575 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfill_atomic_hugetlb(), linear_page_index() is used to calculate the …
CVE-2026-31574 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed …
CVE-2026-31573 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to __initconst misuse Fix a kernel panic when probing the driver as a module: Unable …
CVE-2026-31572 medium 4.7 4.7 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix resume-probe race condition issue Identified resume-probe race condition in kernel v7.0 with the com…
CVE-2026-31571 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: drm/i915: Unlink NV12 planes earlier unlink_nv12_plane() will clobber parts of the plane state potentially already set up by plan…
CVE-2026-31567 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Drop spurious WARN_ON() from pm_restore_gfp_mask() Commit 35e4a69b2003f ("PM: sleep: Allow pm_restrict_gfp_mask() stac…
CVE-2026-31565 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix deadlock during netdev reset with active connections Resolve deadlock that occurs when user executes netdev reset…
CVE-2026-31564 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access() In function kvm_eiointc_regs_access(), the register bas…
CVE-2026-31562 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register The call to mipi_dsi_host_register triggers a callbac…
CVE-2026-31561 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so …
CVE-2026-31560 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. …
CVE-2026-31559 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup() 1. Replace "of_find_node_by_path("/")" with "of_root" to avoid multiple calls to…
CVE-2026-31556 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchk_quota_item can return early after calling xchk_fblock_process_er…
CVE-2026-31555 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: futex: Clear stale exiting pointer in futex_lock_pi() retry path Fuzzying/stressing futexes triggered: WARNING: kernel/futex…
CVE-2026-31551 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. syzbot reported static_branch_dec() underflow in aql_enable_wr…
CVE-2026-31550 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: Increase ASB control timeout The bcm2835_asb_control() function uses a tight polling loop to wait f…
CVE-2026-31549 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name bu…
CVE-2026-31547 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccs_mode_store ccs_mode_store() calls xe_gt_reset() which internally invokes xe_pm_ru…
CVE-2026-31546 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bond_debug_rlb_hash_show rlb_clear_slave intentionally keeps RLB hash-table entries on the rx_has…
CVE-2026-31545 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: NFC: nxp-nci: allow GPIOs to sleep Allow the firmware and enable GPIOs to sleep. This fixes a `WARN_ON' and allows the driver to…
CVE-2026-31544 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier reg…
CVE-2026-31543 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying When debug logging is enabled, read_key_from_user_keying() …
CVE-2026-31542 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This causes a pan…
CVE-2026-31540 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check set_default_submission() before deferencing When the i915 driver firmware binaries are not present, the set_de…
CVE-2026-31537 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.send_io.bcredits It turns out that our code will corrupt the stream of reassabled data …
CVE-2026-31535 medium 4.7 4.7 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_i…
CVE-2026-5265 medium 6.5 6.5 FIX slesdebian debian 1mo ago When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total leng…
CVE-2026-41043 medium 5.5 debian debian 1mo ago Apache ActiveMQ Vulnerable to Cross-site Scripting
CVE-2026-23865 medium 5.3 5.3 FIX rheldebian debian sles freetype 1mo ago RHSA-2026:9689: java-21-openjdk security update (Important)
CVE-2026-2708 medium 5.3 5.3 debian debian sles rhel gnome 1mo ago A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each hea…
CVE-2026-39973 unknown FIX debian debian 1mo ago Apktool: Path Traversal to Arbitrary File Write
CVE-2026-28525 medium 6.8 6.8 FIX debian debian swupdate 1mo ago SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTT…
CVE-2026-41240 medium 6.1 6.1 FIX debian debian cure53 1mo ago DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TA…
CVE-2026-31531 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() When querying a nexthop object via RTM_GETNEXTHOP, the kernel curren…
CVE-2026-41314 medium 6.5 6.5 debian debian pypdf_project 1mo ago pypdf: Manipulated FlateDecode image dimensions can exhaust RAM
CVE-2026-6019 medium 6.1 6.1 FIX slesdebian debian python 1mo ago http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the gen…
CVE-2026-35364 medium 5.5 FIX debian debian 1mo ago uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-35363 medium 5.5 FIX debian debian 1mo ago uutils coreutils has a Path Traversal issue
CVE-2026-35360 medium 5.5 debian debian 1mo ago uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-35359 medium 5.5 FIX debian debian 1mo ago uutils coreutils has a Link Following issue
CVE-2026-35357 medium 5.5 FIX debian debian 1mo ago uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-35356 medium 5.5 FIX debian debian 1mo ago A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a seco…
CVE-2026-35355 medium 5.5 FIX debian debian 1mo ago The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination file and t…
CVE-2026-35354 medium 5.5 FIX debian debian 1mo ago uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition
CVE-2026-35351 medium 5.5 FIX debian debian 1mo ago uutils coreutils doesn't preserve file ownership during moves across different filesystem boundaries
CVE-2026-35350 medium 5.5 FIX debian debian 1mo ago uutils coreutils doesn't properly handle setuid and setgid bits when ownership preservation fails
CVE-2026-35349 medium 5.5 FIX debian debian 1mo ago A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to …
CVE-2026-35348 medium 5.5 debian debian 1mo ago uutils coreutils has an Uncaught Exception When Encountering Valid but Non-UTF-8 Paths
CVE-2026-35347 medium 5.5 FIX debian debian 1mo ago The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input p…
CVE-2026-41239 unknown FIX debian debian 1mo ago DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, `SAFE_FOR_TEMPLATES` strips `{{...}}` expressions from untrust…
CVE-2026-41238 unknown FIX debian debian 1mo ago DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOMP…
CVE-2026-35380 medium 5.5 5.5 FIX debian debian uutils 1mo ago A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as an empty delimiter. The implementation mistakenl…
CVE-2026-35376 medium 5.8 5.8 debian debian uutils 1mo ago uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-35374 medium 6.3 6.3 debian debian uutils 1mo ago uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-35373 medium 5.5 5.5 debian debian uutils 1mo ago uutils coreutils has an Improper Handling of Unicode Encoding Issue
CVE-2026-35372 medium 5.0 5.0 FIX debian debian uutils 1mo ago A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) flag is explicitly provided. The implementation pre…