VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1789 advisories across 32 monitored vendors.
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in __ceph_x_decrypt() In __ceph_x_decrypt(), a part of the buffer p is interpreted as a ceph_x_encrypt_header, and the magic field of this struct is accessed. This happens without any guarantee that the buffer is large enough to hold this struct. The function parameter ciphertext_len represents the length of the ciphertext to decrypt and is guaranteed to be at most the remaining size of the allocated buffer p. However, this value is not necessarily greater than sizeof(ceph_x_encrypt_header). E.g., a message frame of type FRAME_TAG_AUTH_REPLY_MORE, that is just as long to hold the ciphertext at its end with a ciphertext_len of 8 or less, can trigger an out-of-bounds memory access when accessing hdr->magic. This patch fixes the issue by adding a check to ensure that the decrypted plaintext in the buffer is large enough to represent at least the ceph_x_encrypt_header. A remote attacker could trigger an out-of-bounds memory access in the `__ceph_x_decrypt()` function by sending a specially crafted message frame of type `FRAME_TAG_AUTH_REPLY_MORE` with a small ciphertext length. This vulnerability arises because the function interprets a buffer as a `ceph_x_encrypt_header` without ensuring the buffer is large enough.
In the Linux kernel, the following vulnerability has been resolved: af_unix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AF_UNIX GC. When a socket in SOCKMAP receives skb with inflight fd, sk_psock_verdict_data_ready() looks up the mapped socket and enqueue skb to its psock->ingress_skb. Since neither the old nor the new GC can inspect the psock queue, the hidden skb leaks the inflight sockets. Note that this cannot be detected via kmemleak because inflight sockets are linked to a global list. In addition, SOCKMAP redirect breaks the Tarjan-based GC's assumption that unix_edge.successor is always alive, which is no longer true once skb is redirected, resulting in use-after-free below. [0] Moreover, SOCKMAP does not call scm_stat_del() properly, so unix_show_fdinfo() could report an incorrect fd count. sk_msg_recvmsg() does not support any SCM attributes in the first place. A flaw was found in the Linux kernel's af_unix component, specifically within its SOCKMAP feature. This vulnerability stems from the kernel's improper handling of Socket Control Message (SCM) attributes when data is passed to the SOCKMAP layer. This can lead to a use-after-free condition, which may allow an attacker to cause system instability or a denial of service. The issue also contributes to resource leaks of file descriptors and inaccurate reporting of file descriptor counts.
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: don't use simple_strtoul Replace unsafe port parsing in epaddr_len(), ct_sip_parse_header_uri(), and ct_sip_parse_request() with a new sip_parse_port() helper that validates each digit against the buffer limit, eliminating the use of simple_strtoul() which assumes NUL-terminated strings. The previous code dereferenced pointers without bounds checks after sip_parse_addr() and relied on simple_strtoul() on non-NUL-terminated skb data. A port that reaches the buffer limit without a trailing character is also rejected as malformed. Also get rid of all simple_strtoul() usage in conntrack, prefer a stricter version instead. There are intentional changes: - Bail out if number is > UINT_MAX and indicate a failure, same for too long sequences. While we do accept 05535 as port 5535, we will not accept e.g. 'sip:10.0.0.1:005060'. While its syntactically valid under RFC 3261, we should restrict this to not waste cycles when presented with malformed packets with 64k '0' characters. - Force base 10 in ct_sip_parse_numerical_param(). This is used to fetch 'expire=' and 'rports='; both are expected to use base-10. - In nf_nat_sip.c, only accept the parsed value if its within the 1k-64k range. - epaddr_len now returns 0 if the port is invalid, as it already does for invalid ip addresses.
fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER. Red Hat rates this moderate (CVSS 7). Weakness: CWE-364.
fix missing expect put in obj eval. Red Hat rates this moderate (CVSS 7). Weakness: CWE-772.
fix refcount saturation and potential UAF in qrtr_port_remove. Red Hat rates this moderate (CVSS 7). Weakness: CWE-911.
Fix potential use-after-free in get_timestamp. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
Clear HCI_UART_PROTO_INIT on error. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg. Red Hat rates this moderate (CVSS 7). Weakness: CWE-911.
Denial of Service via deeply nested JSON processing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1050.
Arbitrary code execution via PolymorphicTypeValidator bypass. Red Hat rates this important (CVSS 8.1). Weakness: CWE-502. Red Hat lists fixing advisory RHSA-2026:36839 with package jackson-databind.
Security bypass allows arbitrary code execution. Red Hat rates this important (CVSS 8.1). Weakness: CWE-184. Red Hat lists fixing advisory RHSA-2026:36839 with package jackson-databind.
Remote client can inject or override identity headers via header normalization. Red Hat rates this important (CVSS 8.1). Weakness: CWE-444.
Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Red Hat rates this important (CVSS 7.1). Weakness: CWE-131.
Active Session Hijacking via Insecure Session State Reuse. Red Hat rates this important (CVSS 7.8). Weakness: CWE-287. Red Hat lists fixing advisory RHSA-2026:28438 with package satellite/foreman-mcp-server-rhel9:1782228692.
Arbitrary code execution via SVG decoder command injection. Red Hat rates this important (CVSS 8.1). Weakness: CWE-78. Red Hat lists fixing advisory RHSA-2026:32961 with package ImageMagick-0:6.9.10.68-17.el7_9. Affected product named by the advisory: Red Hat Enterprise Linux 7.
Denial of Service via HTTP/2 Rapid Reset technique. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service via crafted SQL statements in sqlo_place_dt_set. Red Hat rates this important (CVSS 7.5). Weakness: CWE-89.
openlink virtuoso-opensource: Denial of Service via crafted SQL statements. Red Hat rates this important (CVSS 7.5). Weakness: CWE-89.
Denial of Service in st_compare component via crafted SQL statements. Red Hat rates this important (CVSS 7.5). Weakness: CWE-89.