VIR Vulnerability Intelligence Relay

Search

Found 13,471 results in 1046ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46029 high 7.0 7.0 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: mm/slab: return NULL early from kmalloc_nolock() in NMI on UP On UP kernels (!CONFIG_SMP), spin_trylock() is a no-op that uncondi…
CVE-2026-46027 high 7.5 7.5 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smc_clc_wait_msg A CLC decline can be received while the handshake is still in an early stage,…
CVE-2026-46024 high 7.5 7.5 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() If a message of type CEPH_MSG_AUTH_REPLY contains a zero va…
CVE-2026-46015 high 7.8 7.8 FIX debian debianwindows windows sles google 9d ago In the Linux kernel, the following vulnerability has been resolved: tcp: call sk_data_ready() after listener migration When inet_csk_listen_stop() migrates an established child socket from a closin…
CVE-2026-46011 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtk_jpeg_release() function frees the context str…
CVE-2026-46010 high 8.1 8.1 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgk_extract_token() Fix a missing bit of error handling in rxgk_extract_token(): in the event that …
CVE-2026-46006 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveau_gem_pushbuf_reloc_apply() validates each relocation with …
CVE-2026-45999 high 7.1 7.1 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() Some crafted images can have illegal (!partial_decoding && m_llen <…
CVE-2026-45991 high 7.8 7.8 FIX debian debianwindows windows sles google 9d ago In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a h…
CVE-2026-45988 critical 9.8 9.8 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a …
CVE-2026-42791 low 3.7 3.7 FIX slesdebian debian erlang 9d ago Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP re…
CVE-2026-45984 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2…
CVE-2026-45980 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Stop job scheduling across aie2_release_resource() Running jobs on a hardware context while it is in the process o…
CVE-2026-45972 critical 9.8 9.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open()…
CVE-2026-45970 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlb_arp_recv during bond up/down The ALB RX path may access rx_hashtbl concurrently with bond teardown. …
CVE-2026-45959 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned wit…
CVE-2026-45958 high 7.1 7.1 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidi_connection_ioctl(), vidi->edid(user pointer) is direct…
CVE-2026-45956 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl() vidi_connection_ioctl() retrieves the driver_data …
CVE-2026-45955 high 7.1 7.1 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout When llbitmap_suspend_timeout() times out waiting for percpu_re…
CVE-2026-45951 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the check_pseudo_btf_id() function is incorrect: the __check_pse…
CVE-2026-45945 high 8.8 8.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix race condition during PASID entry replacement The Intel VT-d PASID table entry is 512 bits (64 bytes). When repla…
CVE-2026-45944 high 7.5 7.5 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down context entry When tearing down a context entry, the current implementation zer…
CVE-2026-45942 high 7.8 7.8 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page wo…
CVE-2026-45935 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot In the 'DeleteIndexEntryRoot' case of the 'do_action' function, the…
CVE-2026-45933 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in sync_linked_regs() sync_linked_regs() copies the id of known_reg to reg when propagating bounds o…
CVE-2026-45932 high 7.3 7.3 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPF_PROG_DETACH on tcx o…
CVE-2026-45931 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommu_sva_unbind_device() Some tests trigger a crash in iommu_sva_unbind_device() due to …
CVE-2026-45929 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpn_net_xmit When building the skb_list in ovpn_net_xmit, skb_share_check will free the ori…
CVE-2026-45910 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxe_tas…
CVE-2026-45909 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop __initconst from gates Since commit 8ceff24a754a ("clk: mediatek: clk-gate: Refactor mtk_clk_register_gate to…
CVE-2026-45898 critical 9.8 9.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplify cm_event_handler()") chan…
CVE-2026-45894 high 7.8 7.8 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down PASID entry The Intel VT-d Scalable Mode PASID table entry consists of 512 bits…
CVE-2026-45878 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 The address watch clear code receives watch_id as an unsigned …
CVE-2026-45862 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush cache for PASID table before using it When writing the address of a freshly allocated zero-initialized PASID ta…
CVE-2026-45861 high 7.8 7.8 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in qd_put Commit a475c5dd16e5 ("gfs2: Free quota data objects synchronously") started freeing quota…
CVE-2026-45860 high 7.5 7.5 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: increase the connection clean up limit to 64 After the optimization to only perform one GC per jiffy, a …
CVE-2026-45859 high 7.5 7.5 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation Ulrich reports a regression with nfqueue: If an appl…
CVE-2026-45856 high 7.1 7.1 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send ib_uverbs_post_send() uses cmd.wqe_size from userspace with…
CVE-2026-45852 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxe_srq_from_init In rxe_srq_from_init(), the queue pointer 'q' is assigned to 'srq->rq.queue' befor…
CVE-2026-3012 high 8.0 8.0 FIX slesdebian debian rhel 9d ago Important: samba security update
CVE-2026-45843 high 8.2 8.2 FIX slesdebian debianwindows windows google 9d ago In the Linux kernel, the following vulnerability has been resolved: slip: bound decode() reads against the compressed packet length slhc_uncompress() parses a VJ-compressed TCP header by advancing …
CVE-2026-8450 critical 9.1 9.1 FIX debian debian sles 9d ago HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cm…
CVE-2026-48962 high 7.3 7.3 FIX debian debianwindows windows 9d ago IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in …
CVE-2026-48961 high 7.3 7.3 FIX debian debian 9d ago IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decode_ux() in bin/…
CVE-2026-48959 high 7.5 7.5 FIX debian debian 9d ago IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward() compares length $offset (the digit count of the offset, 1 to 19) agains…
CVE-2026-49014 high 7.8 7.8 slesdebian debian osgeo 9d ago In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer with…
CVE-2026-8975 high 8.8 8.8 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8974 high 8.8 8.8 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8970 high 8.8 8.8 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8968 high 7.5 7.5 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8962 high 8.1 8.1 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8959 critical 9.6 9.6 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8958 high 8.6 8.6 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8957 high 8.8 8.8 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8956 critical 9.8 9.8 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8955 high 8.8 8.8 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8954 high 7.5 7.5 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8953 critical 9.6 9.6 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8950 critical 9.3 9.3 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8947 high 7.3 7.3 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8946 high 7.5 7.5 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-8401 critical 9.8 9.8 FIX rheldebian debian sles mozilla 9d ago Important: thunderbird security update
CVE-2026-34043 high 8.0 FIX rheldebian debianalmalinux almalinux 9d ago RHSA-2026:21291: .NET 8.0 security update (Important)
CVE-2025-70103 high 7.3 7.3 slesdebian debian 9d ago Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.
CVE-2026-44983 high 7.3 7.3 FIX debian debian 10d ago smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocati…
CVE-2026-42013 high 8.2 8.2 FIX debian debian sles rhel 10d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-42012 high 7.1 7.1 FIX debian debian rhelwindows windows 10d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-5260 high 8.2 8.2 FIX debian debian sles rhel 10d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-9572 low 3.3 3.3 debian debian gpac 10d ago A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of t…
CVE-2026-9567 low 3.3 3.3 debian debian 10d ago A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointe…
CVE-2026-48695 high 8.1 8.1 FIX debian debian pavel-odintsov 10d ago FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php…
CVE-2026-48694 high 8.1 8.1 FIX debian debian pavel-odintsov 10d ago FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK vari…
CVE-2026-44728 high 8.2 8.2 slesdebian debian babel 10d ago Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel t…
CVE-2026-48864 high 7.8 7.8 debian debian sles rhel opensuseredhat 10d ago A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker ca…
CVE-2026-48697 high 7.4 7.4 debian debian pavel-odintsov 10d ago FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl…
CVE-2026-48691 critical 9.8 9.8 FIX debian debian pavel-odintsov 10d ago FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attr…
CVE-2026-48690 high 7.1 7.1 FIX debian debian pavel-odintsov 10d ago FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memor…
CVE-2026-48692 high 8.1 8.1 debian debian pavel-odintsov 10d ago FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.c…
CVE-2026-48688 high 7.5 7.5 FIX debian debian pavel-odintsov 10d ago FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The function decode_mp_reach_ipv6() in src/bgp_protocol.cpp contains …
CVE-2026-48686 critical 9.8 9.8 FIX debian debian pavel-odintsov 10d ago FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() …
CVE-2026-40033 high 8.8 8.8 FIX slesdebian debian freerdp 10d ago FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle v…
CVE-2026-4480 critical 9.0 9.0 FIX slesdebian debian rhel redhatsamba 10d ago Important: samba security update
CVE-2026-9496 high 7.5 7.5 slesdebian debian 10d ago Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSp…
CVE-2026-9538 high 7.5 7.5 debian debianwindows windows archive\ 10d ago Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), …
CVE-2026-42497 high 7.5 7.5 debian debianwindows windows archive\ 10d ago Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without va…
CVE-2026-42496 critical 9.1 9.1 debian debianwindows windows archive\ 10d ago Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() with…
CVE-2026-8094 critical 9.8 9.8 FIX rheldebian debian sles mozilla 10d ago RHSA-2026:20566: firefox security update (Important)
CVE-2026-8092 high 8.1 8.1 FIX rheldebian debian sles mozilla 10d ago Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of th…
CVE-2026-8090 high 7.3 7.3 FIX rheldebian debian sles mozilla 10d ago Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.
CVE-2026-48689 critical 9.8 9.8 FIX debian debian pavel-odintsov 10d ago FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer,…
CVE-2026-48687 critical 9.8 9.8 FIX debian debian pavel-odintsov 10d ago FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (l…
CVE-2026-42014 high 8.0 FIX debian debian sles rhel 10d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-2332 critical 9.1 9.1 FIX rheldebian debian sles eclipse 10d ago Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
CVE-2026-8376 critical 9.8 9.8 slesdebian debianwindows windows perl 10d ago Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of th…
CVE-2026-48852 low 3.7 3.7 FIX debian debian putty 11d ago PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.
CVE-2026-48851 low 3.1 3.1 FIX debian debian putty 11d ago PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.
CVE-2026-48848 high 7.2 7.2 FIX debian debian 11d ago Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element…
CVE-2026-48847 low 3.7 3.7 FIX debian debian 11d ago Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.
CVE-2026-48844 high 7.5 7.5 FIX debian debian 11d ago Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been …
CVE-2026-48843 high 7.2 7.2 FIX debian debian 11d ago Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure,…