Search

Find a vulnerability

Search criteria

    21533 vulnerabilities by debian

    CERTFR-2026-AVI-0862

    Vulnerability from certfr_avis - Published: 2026-07-10 - Updated: 2026-07-10

    De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Debian Debian Debian bookworm versions antérieures à 6.1.176
    Debian Debian Debian bullseye versions antérieures à 5.10.259
    Debian Debian Debian bullseye versions antérieures à 6.6.1.176.95-1
    Debian Debian Debian trixie versions antérieures à 6.12.95-1
    References
    Bulletin de sécurité Debian LTS msg00006 2026-07-03 vendor-advisory
    Bulletin de sécurité Debian msg00292 2026-07-05 vendor-advisory
    Bulletin de sécurité Debian LTS msg00012 2026-07-05 vendor-advisory
    Bulletin de sécurité Debian LTS msg00005 2026-07-03 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.176",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian bullseye versions ant\u00e9rieures \u00e0 5.10.259",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian bullseye versions ant\u00e9rieures \u00e0 6.6.1.176.95-1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.95-1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-31623",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31623"
        },
        {
          "name": "CVE-2026-45842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45842"
        },
        {
          "name": "CVE-2023-54129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-54129"
        },
        {
          "name": "CVE-2025-22026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
        },
        {
          "name": "CVE-2026-53349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53349"
        },
        {
          "name": "CVE-2026-43113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43113"
        },
        {
          "name": "CVE-2025-39997",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39997"
        },
        {
          "name": "CVE-2026-46119",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46119"
        },
        {
          "name": "CVE-2026-52934",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52934"
        },
        {
          "name": "CVE-2026-53179",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53179"
        },
        {
          "name": "CVE-2026-46184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46184"
        },
        {
          "name": "CVE-2026-53049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53049"
        },
        {
          "name": "CVE-2025-22107",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22107"
        },
        {
          "name": "CVE-2026-31619",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31619"
        },
        {
          "name": "CVE-2026-31618",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31618"
        },
        {
          "name": "CVE-2026-52955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52955"
        },
        {
          "name": "CVE-2026-53350",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53350"
        },
        {
          "name": "CVE-2022-50493",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-50493"
        },
        {
          "name": "CVE-2026-52957",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52957"
        },
        {
          "name": "CVE-2026-52925",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52925"
        },
        {
          "name": "CVE-2026-46307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46307"
        },
        {
          "name": "CVE-2026-52929",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52929"
        },
        {
          "name": "CVE-2026-52968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52968"
        },
        {
          "name": "CVE-2026-53061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53061"
        },
        {
          "name": "CVE-2026-53002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53002"
        },
        {
          "name": "CVE-2026-53287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53287"
        },
        {
          "name": "CVE-2026-46124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46124"
        },
        {
          "name": "CVE-2026-31578",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31578"
        },
        {
          "name": "CVE-2026-53274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53274"
        },
        {
          "name": "CVE-2026-46082",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46082"
        },
        {
          "name": "CVE-2026-43421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43421"
        },
        {
          "name": "CVE-2026-53128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53128"
        },
        {
          "name": "CVE-2026-53320",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53320"
        },
        {
          "name": "CVE-2026-52947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52947"
        },
        {
          "name": "CVE-2026-53218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53218"
        },
        {
          "name": "CVE-2024-53221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53221"
        },
        {
          "name": "CVE-2026-53041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53041"
        },
        {
          "name": "CVE-2026-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53066"
        },
        {
          "name": "CVE-2026-31696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31696"
        },
        {
          "name": "CVE-2026-31704",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31704"
        },
        {
          "name": "CVE-2026-31685",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31685"
        },
        {
          "name": "CVE-2026-53161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53161"
        },
        {
          "name": "CVE-2026-52970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52970"
        },
        {
          "name": "CVE-2026-52958",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52958"
        },
        {
          "name": "CVE-2026-46319",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46319"
        },
        {
          "name": "CVE-2026-43492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43492"
        },
        {
          "name": "CVE-2026-31656",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31656"
        },
        {
          "name": "CVE-2023-53421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53421"
        },
        {
          "name": "CVE-2026-52999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52999"
        },
        {
          "name": "CVE-2026-46065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46065"
        },
        {
          "name": "CVE-2026-46227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46227"
        },
        {
          "name": "CVE-2023-54271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-54271"
        },
        {
          "name": "CVE-2026-53040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53040"
        },
        {
          "name": "CVE-2026-46185",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46185"
        },
        {
          "name": "CVE-2026-46064",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46064"
        },
        {
          "name": "CVE-2026-31698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31698"
        },
        {
          "name": "CVE-2026-31664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31664"
        },
        {
          "name": "CVE-2026-46112",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46112"
        },
        {
          "name": "CVE-2026-46196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46196"
        },
        {
          "name": "CVE-2026-31597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31597"
        },
        {
          "name": "CVE-2026-52989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52989"
        },
        {
          "name": "CVE-2026-53291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53291"
        },
        {
          "name": "CVE-2026-43064",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43064"
        },
        {
          "name": "CVE-2026-52924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52924"
        },
        {
          "name": "CVE-2026-53227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53227"
        },
        {
          "name": "CVE-2026-23468",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23468"
        },
        {
          "name": "CVE-2026-46280",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46280"
        },
        {
          "name": "CVE-2026-53239",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53239"
        },
        {
          "name": "CVE-2026-31586",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31586"
        },
        {
          "name": "CVE-2026-53181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53181"
        },
        {
          "name": "CVE-2026-46233",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46233"
        },
        {
          "name": "CVE-2026-52918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52918"
        },
        {
          "name": "CVE-2025-23131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23131"
        },
        {
          "name": "CVE-2026-52963",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52963"
        },
        {
          "name": "CVE-2026-46303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46303"
        },
        {
          "name": "CVE-2026-31613",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31613"
        },
        {
          "name": "CVE-2026-53331",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53331"
        },
        {
          "name": "CVE-2024-27012",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27012"
        },
        {
          "name": "CVE-2026-52993",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52993"
        },
        {
          "name": "CVE-2026-46080",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46080"
        },
        {
          "name": "CVE-2026-46231",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46231"
        },
        {
          "name": "CVE-2026-43010",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43010"
        },
        {
          "name": "CVE-2026-45835",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45835"
        },
        {
          "name": "CVE-2026-52943",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52943"
        },
        {
          "name": "CVE-2026-31581",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31581"
        },
        {
          "name": "CVE-2026-31617",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31617"
        },
        {
          "name": "CVE-2026-45996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45996"
        },
        {
          "name": "CVE-2026-46019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46019"
        },
        {
          "name": "CVE-2026-43052",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43052"
        },
        {
          "name": "CVE-2026-43496",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43496"
        },
        {
          "name": "CVE-2026-52915",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52915"
        },
        {
          "name": "CVE-2026-53163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53163"
        },
        {
          "name": "CVE-2026-46173",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46173"
        },
        {
          "name": "CVE-2026-46195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46195"
        },
        {
          "name": "CVE-2026-46214",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46214"
        },
        {
          "name": "CVE-2026-53146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53146"
        },
        {
          "name": "CVE-2026-53354",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53354"
        },
        {
          "name": "CVE-2026-31711",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31711"
        },
        {
          "name": "CVE-2026-31611",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31611"
        },
        {
          "name": "CVE-2025-40347",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40347"
        },
        {
          "name": "CVE-2025-39929",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39929"
        },
        {
          "name": "CVE-2026-46027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46027"
        },
        {
          "name": "CVE-2026-53309",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53309"
        },
        {
          "name": "CVE-2026-46320",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46320"
        },
        {
          "name": "CVE-2023-53989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53989"
        },
        {
          "name": "CVE-2026-31599",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31599"
        },
        {
          "name": "CVE-2026-46040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46040"
        },
        {
          "name": "CVE-2026-46236",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46236"
        },
        {
          "name": "CVE-2026-52913",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52913"
        },
        {
          "name": "CVE-2026-46113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46113"
        },
        {
          "name": "CVE-2025-38710",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38710"
        },
        {
          "name": "CVE-2026-23099",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23099"
        },
        {
          "name": "CVE-2026-43058",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43058"
        },
        {
          "name": "CVE-2026-46137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46137"
        },
        {
          "name": "CVE-2026-53071",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53071"
        },
        {
          "name": "CVE-2026-52941",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52941"
        },
        {
          "name": "CVE-2026-45841",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45841"
        },
        {
          "name": "CVE-2026-46072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46072"
        },
        {
          "name": "CVE-2026-53150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53150"
        },
        {
          "name": "CVE-2026-53327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53327"
        },
        {
          "name": "CVE-2026-52939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52939"
        },
        {
          "name": "CVE-2026-23066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23066"
        },
        {
          "name": "CVE-2026-53147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53147"
        },
        {
          "name": "CVE-2026-46159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46159"
        },
        {
          "name": "CVE-2026-52942",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52942"
        },
        {
          "name": "CVE-2026-46190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46190"
        },
        {
          "name": "CVE-2026-46331",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46331"
        },
        {
          "name": "CVE-2026-46252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46252"
        },
        {
          "name": "CVE-2025-22105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22105"
        },
        {
          "name": "CVE-2026-52935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52935"
        },
        {
          "name": "CVE-2026-53183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53183"
        },
        {
          "name": "CVE-2026-31583",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31583"
        },
        {
          "name": "CVE-2026-53064",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53064"
        },
        {
          "name": "CVE-2026-31605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31605"
        },
        {
          "name": "CVE-2026-52995",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52995"
        },
        {
          "name": "CVE-2026-46209",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46209"
        },
        {
          "name": "CVE-2026-52931",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52931"
        },
        {
          "name": "CVE-2026-46031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46031"
        },
        {
          "name": "CVE-2026-53047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53047"
        },
        {
          "name": "CVE-2026-53296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53296"
        },
        {
          "name": "CVE-2026-31732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31732"
        },
        {
          "name": "CVE-2025-38584",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38584"
        },
        {
          "name": "CVE-2023-54322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-54322"
        },
        {
          "name": "CVE-2026-31681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31681"
        },
        {
          "name": "CVE-2026-31598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31598"
        },
        {
          "name": "CVE-2026-46186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46186"
        },
        {
          "name": "CVE-2026-53101",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53101"
        },
        {
          "name": "CVE-2026-52919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52919"
        },
        {
          "name": "CVE-2026-46169",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46169"
        },
        {
          "name": "CVE-2026-53006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53006"
        },
        {
          "name": "CVE-2026-31622",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31622"
        },
        {
          "name": "CVE-2026-43079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43079"
        },
        {
          "name": "CVE-2026-46002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46002"
        },
        {
          "name": "CVE-2026-31595",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31595"
        },
        {
          "name": "CVE-2026-46101",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46101"
        },
        {
          "name": "CVE-2026-46099",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46099"
        },
        {
          "name": "CVE-2026-46091",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46091"
        },
        {
          "name": "CVE-2026-43103",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43103"
        },
        {
          "name": "CVE-2026-31642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31642"
        },
        {
          "name": "CVE-2026-46024",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46024"
        },
        {
          "name": "CVE-2026-23399",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23399"
        },
        {
          "name": "CVE-2026-43350",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43350"
        },
        {
          "name": "CVE-2026-31701",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31701"
        },
        {
          "name": "CVE-2026-53339",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53339"
        },
        {
          "name": "CVE-2026-53266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53266"
        },
        {
          "name": "CVE-2026-53149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53149"
        },
        {
          "name": "CVE-2026-46037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46037"
        },
        {
          "name": "CVE-2026-46116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46116"
        },
        {
          "name": "CVE-2026-53048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53048"
        },
        {
          "name": "CVE-2026-43117",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43117"
        },
        {
          "name": "CVE-2026-53176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53176"
        },
        {
          "name": "CVE-2026-46083",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46083"
        },
        {
          "name": "CVE-2026-46151",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46151"
        },
        {
          "name": "CVE-2026-43493",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43493"
        },
        {
          "name": "CVE-2021-47211",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-47211"
        },
        {
          "name": "CVE-2025-38250",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38250"
        },
        {
          "name": "CVE-2026-46220",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46220"
        },
        {
          "name": "CVE-2026-52975",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52975"
        },
        {
          "name": "CVE-2026-31588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31588"
        },
        {
          "name": "CVE-2026-46127",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46127"
        },
        {
          "name": "CVE-2026-53046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53046"
        },
        {
          "name": "CVE-2026-53050",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53050"
        },
        {
          "name": "CVE-2026-43080",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43080"
        },
        {
          "name": "CVE-2026-46146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46146"
        },
        {
          "name": "CVE-2026-45836",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45836"
        },
        {
          "name": "CVE-2026-46178",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46178"
        },
        {
          "name": "CVE-2026-45846",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45846"
        },
        {
          "name": "CVE-2026-43499",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43499"
        },
        {
          "name": "CVE-2026-43495",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43495"
        },
        {
          "name": "CVE-2026-53021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53021"
        },
        {
          "name": "CVE-2022-49135",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49135"
        },
        {
          "name": "CVE-2026-46133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46133"
        },
        {
          "name": "CVE-2026-46005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46005"
        },
        {
          "name": "CVE-2026-31697",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31697"
        },
        {
          "name": "CVE-2026-46069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46069"
        },
        {
          "name": "CVE-2026-43216",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43216"
        },
        {
          "name": "CVE-2026-31616",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31616"
        },
        {
          "name": "CVE-2026-46122",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46122"
        },
        {
          "name": "CVE-2026-53131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53131"
        },
        {
          "name": "CVE-2026-46022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46022"
        },
        {
          "name": "CVE-2026-46323",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46323"
        },
        {
          "name": "CVE-2026-31615",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31615"
        },
        {
          "name": "CVE-2026-46103",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46103"
        },
        {
          "name": "CVE-2026-53219",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53219"
        },
        {
          "name": "CVE-2026-31449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31449"
        },
        {
          "name": "CVE-2026-46043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46043"
        },
        {
          "name": "CVE-2026-46120",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46120"
        },
        {
          "name": "CVE-2026-46198",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46198"
        },
        {
          "name": "CVE-2026-43104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43104"
        },
        {
          "name": "CVE-2026-52954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52954"
        },
        {
          "name": "CVE-2026-53249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53249"
        },
        {
          "name": "CVE-2026-53329",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53329"
        },
        {
          "name": "CVE-2025-68201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68201"
        },
        {
          "name": "CVE-2026-46189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46189"
        },
        {
          "name": "CVE-2026-53139",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53139"
        },
        {
          "name": "CVE-2026-53217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53217"
        },
        {
          "name": "CVE-2026-46296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46296"
        },
        {
          "name": "CVE-2026-53130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53130"
        },
        {
          "name": "CVE-2026-46128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46128"
        },
        {
          "name": "CVE-2026-53070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53070"
        },
        {
          "name": "CVE-2026-52984",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52984"
        },
        {
          "name": "CVE-2026-53088",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53088"
        },
        {
          "name": "CVE-2026-31594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31594"
        },
        {
          "name": "CVE-2022-50073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-50073"
        },
        {
          "name": "CVE-2026-31580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31580"
        },
        {
          "name": "CVE-2026-43099",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43099"
        },
        {
          "name": "CVE-2026-46242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46242"
        },
        {
          "name": "CVE-2026-53065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53065"
        },
        {
          "name": "CVE-2025-38627",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38627"
        },
        {
          "name": "CVE-2026-46197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46197"
        },
        {
          "name": "CVE-2026-53361",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53361"
        },
        {
          "name": "CVE-2026-46301",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46301"
        },
        {
          "name": "CVE-2026-52914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52914"
        },
        {
          "name": "CVE-2026-52916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52916"
        },
        {
          "name": "CVE-2026-45999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45999"
        },
        {
          "name": "CVE-2026-53236",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53236"
        },
        {
          "name": "CVE-2026-53225",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53225"
        },
        {
          "name": "CVE-2026-53034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53034"
        },
        {
          "name": "CVE-2026-53294",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53294"
        },
        {
          "name": "CVE-2026-31705",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31705"
        },
        {
          "name": "CVE-2026-53111",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53111"
        },
        {
          "name": "CVE-2026-53362",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53362"
        },
        {
          "name": "CVE-2026-31684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31684"
        },
        {
          "name": "CVE-2026-53168",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53168"
        },
        {
          "name": "CVE-2026-52922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52922"
        },
        {
          "name": "CVE-2026-46180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46180"
        },
        {
          "name": "CVE-2026-46038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46038"
        },
        {
          "name": "CVE-2026-31625",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31625"
        },
        {
          "name": "CVE-2026-53209",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53209"
        },
        {
          "name": "CVE-2026-52992",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52992"
        },
        {
          "name": "CVE-2026-53112",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53112"
        },
        {
          "name": "CVE-2026-46206",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46206"
        },
        {
          "name": "CVE-2026-53086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53086"
        },
        {
          "name": "CVE-2026-53157",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53157"
        },
        {
          "name": "CVE-2025-10263",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-10263"
        },
        {
          "name": "CVE-2026-53135",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53135"
        },
        {
          "name": "CVE-2026-46234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46234"
        },
        {
          "name": "CVE-2026-46109",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46109"
        },
        {
          "name": "CVE-2026-46062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46062"
        },
        {
          "name": "CVE-2026-53279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53279"
        },
        {
          "name": "CVE-2026-46276",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46276"
        },
        {
          "name": "CVE-2026-52981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52981"
        },
        {
          "name": "CVE-2026-46108",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46108"
        },
        {
          "name": "CVE-2026-53167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53167"
        },
        {
          "name": "CVE-2026-52927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52927"
        },
        {
          "name": "CVE-2026-53060",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53060"
        },
        {
          "name": "CVE-2026-53096",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53096"
        },
        {
          "name": "CVE-2026-46321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46321"
        },
        {
          "name": "CVE-2026-31699",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31699"
        },
        {
          "name": "CVE-2026-46049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46049"
        },
        {
          "name": "CVE-2026-46285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46285"
        },
        {
          "name": "CVE-2026-53035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53035"
        },
        {
          "name": "CVE-2026-53186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53186"
        },
        {
          "name": "CVE-2024-36922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
        },
        {
          "name": "CVE-2026-53182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53182"
        },
        {
          "name": "CVE-2026-45997",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45997"
        },
        {
          "name": "CVE-2026-53177",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53177"
        },
        {
          "name": "CVE-2026-53208",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53208"
        },
        {
          "name": "CVE-2026-53255",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53255"
        },
        {
          "name": "CVE-2026-46070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46070"
        },
        {
          "name": "CVE-2026-53207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53207"
        },
        {
          "name": "CVE-2026-46150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46150"
        },
        {
          "name": "CVE-2026-53314",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53314"
        },
        {
          "name": "CVE-2026-46090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46090"
        },
        {
          "name": "CVE-2026-45840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45840"
        },
        {
          "name": "CVE-2026-46044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46044"
        },
        {
          "name": "CVE-2026-53160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53160"
        },
        {
          "name": "CVE-2026-23255",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23255"
        },
        {
          "name": "CVE-2026-53245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53245"
        },
        {
          "name": "CVE-2026-53195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53195"
        },
        {
          "name": "CVE-2026-53043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53043"
        },
        {
          "name": "CVE-2026-43075",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43075"
        },
        {
          "name": "CVE-2026-46172",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46172"
        },
        {
          "name": "CVE-2026-31627",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31627"
        },
        {
          "name": "CVE-2024-56657",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56657"
        },
        {
          "name": "CVE-2026-46161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46161"
        },
        {
          "name": "CVE-2026-46026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46026"
        },
        {
          "name": "CVE-2025-37864",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37864"
        },
        {
          "name": "CVE-2026-23444",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23444"
        },
        {
          "name": "CVE-2026-53148",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53148"
        },
        {
          "name": "CVE-2022-49183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49183"
        },
        {
          "name": "CVE-2026-53189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53189"
        },
        {
          "name": "CVE-2026-45844",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45844"
        },
        {
          "name": "CVE-2026-52985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52985"
        },
        {
          "name": "CVE-2026-46110",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46110"
        },
        {
          "name": "CVE-2026-52946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52946"
        },
        {
          "name": "CVE-2026-43501",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43501"
        },
        {
          "name": "CVE-2026-53059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53059"
        },
        {
          "name": "CVE-2026-53133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53133"
        },
        {
          "name": "CVE-2026-43093",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43093"
        },
        {
          "name": "CVE-2025-38129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
        },
        {
          "name": "CVE-2026-31626",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31626"
        },
        {
          "name": "CVE-2026-53263",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53263"
        },
        {
          "name": "CVE-2026-31634",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31634"
        },
        {
          "name": "CVE-2026-46018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46018"
        },
        {
          "name": "CVE-2026-53012",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53012"
        },
        {
          "name": "CVE-2026-46179",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46179"
        },
        {
          "name": "CVE-2026-45991",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45991"
        },
        {
          "name": "CVE-2026-53356",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53356"
        },
        {
          "name": "CVE-2026-43076",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43076"
        },
        {
          "name": "CVE-2026-46291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46291"
        },
        {
          "name": "CVE-2026-53069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53069"
        },
        {
          "name": "CVE-2026-53228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53228"
        },
        {
          "name": "CVE-2026-53073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53073"
        },
        {
          "name": "CVE-2022-50552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-50552"
        },
        {
          "name": "CVE-2026-31712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31712"
        },
        {
          "name": "CVE-2026-46046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46046"
        },
        {
          "name": "CVE-2026-31686",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31686"
        },
        {
          "name": "CVE-2026-46294",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46294"
        },
        {
          "name": "CVE-2026-46125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46125"
        },
        {
          "name": "CVE-2026-53194",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53194"
        },
        {
          "name": "CVE-2026-43094",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43094"
        },
        {
          "name": "CVE-2026-53242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53242"
        },
        {
          "name": "CVE-2026-53341",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53341"
        },
        {
          "name": "CVE-2026-52910",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52910"
        },
        {
          "name": "CVE-2026-46075",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46075"
        },
        {
          "name": "CVE-2026-46167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46167"
        },
        {
          "name": "CVE-2026-31607",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31607"
        },
        {
          "name": "CVE-2026-53212",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53212"
        },
        {
          "name": "CVE-2026-53137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53137"
        },
        {
          "name": "CVE-2026-46054",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46054"
        },
        {
          "name": "CVE-2026-45930",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45930"
        },
        {
          "name": "CVE-2026-46191",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46191"
        },
        {
          "name": "CVE-2023-53596",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53596"
        },
        {
          "name": "CVE-2026-53337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53337"
        },
        {
          "name": "CVE-2026-31716",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31716"
        },
        {
          "name": "CVE-2026-53199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53199"
        },
        {
          "name": "CVE-2026-43085",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43085"
        },
        {
          "name": "CVE-2026-31637",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31637"
        },
        {
          "name": "CVE-2026-31612",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31612"
        },
        {
          "name": "CVE-2026-31590",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31590"
        },
        {
          "name": "CVE-2026-53289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53289"
        },
        {
          "name": "CVE-2026-53304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53304"
        },
        {
          "name": "CVE-2026-43111",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43111"
        },
        {
          "name": "CVE-2026-53268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53268"
        },
        {
          "name": "CVE-2026-53223",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53223"
        },
        {
          "name": "CVE-2026-53159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53159"
        },
        {
          "name": "CVE-2026-31419",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31419"
        },
        {
          "name": "CVE-2026-53039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53039"
        },
        {
          "name": "CVE-2026-53080",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53080"
        },
        {
          "name": "CVE-2026-53004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53004"
        },
        {
          "name": "CVE-2026-52912",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52912"
        },
        {
          "name": "CVE-2026-46129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46129"
        },
        {
          "name": "CVE-2025-40164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40164"
        },
        {
          "name": "CVE-2023-54125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-54125"
        },
        {
          "name": "CVE-2026-46292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46292"
        },
        {
          "name": "CVE-2026-46006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46006"
        },
        {
          "name": "CVE-2026-53221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53221"
        },
        {
          "name": "CVE-2026-31715",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31715"
        },
        {
          "name": "CVE-2026-52998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52998"
        },
        {
          "name": "CVE-2026-53011",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53011"
        },
        {
          "name": "CVE-2026-31488",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31488"
        },
        {
          "name": "CVE-2026-53275",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53275"
        },
        {
          "name": "CVE-2022-49158",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49158"
        },
        {
          "name": "CVE-2026-52920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52920"
        },
        {
          "name": "CVE-2026-31532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31532"
        },
        {
          "name": "CVE-2026-53001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53001"
        },
        {
          "name": "CVE-2026-52911",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52911"
        },
        {
          "name": "CVE-2026-53295",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53295"
        },
        {
          "name": "CVE-2026-53269",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53269"
        },
        {
          "name": "CVE-2026-45843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45843"
        },
        {
          "name": "CVE-2026-43355",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43355"
        },
        {
          "name": "CVE-2026-46015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46015"
        },
        {
          "name": "CVE-2026-46136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46136"
        },
        {
          "name": "CVE-2026-53357",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53357"
        },
        {
          "name": "CVE-2026-53052",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53052"
        },
        {
          "name": "CVE-2026-53136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53136"
        },
        {
          "name": "CVE-2026-53215",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53215"
        },
        {
          "name": "CVE-2026-46056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46056"
        },
        {
          "name": "CVE-2026-46230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46230"
        },
        {
          "name": "CVE-2026-53216",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53216"
        },
        {
          "name": "CVE-2025-21739",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21739"
        },
        {
          "name": "CVE-2026-31709",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31709"
        },
        {
          "name": "CVE-2026-53253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53253"
        },
        {
          "name": "CVE-2026-31489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31489"
        },
        {
          "name": "CVE-2026-53003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53003"
        },
        {
          "name": "CVE-2026-52948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52948"
        },
        {
          "name": "CVE-2026-46004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46004"
        },
        {
          "name": "CVE-2026-46086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46086"
        },
        {
          "name": "CVE-2026-53252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53252"
        },
        {
          "name": "CVE-2026-53355",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53355"
        },
        {
          "name": "CVE-2026-46314",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46314"
        },
        {
          "name": "CVE-2026-46149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46149"
        },
        {
          "name": "CVE-2026-46208",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46208"
        },
        {
          "name": "CVE-2026-53134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53134"
        },
        {
          "name": "CVE-2026-46205",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46205"
        },
        {
          "name": "CVE-2023-53133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53133"
        },
        {
          "name": "CVE-2026-53359",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53359"
        },
        {
          "name": "CVE-2026-53016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53016"
        },
        {
          "name": "CVE-2026-46218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46218"
        },
        {
          "name": "CVE-2026-52986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52986"
        },
        {
          "name": "CVE-2026-53077",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53077"
        },
        {
          "name": "CVE-2026-46132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46132"
        },
        {
          "name": "CVE-2026-46160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46160"
        },
        {
          "name": "CVE-2026-46177",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46177"
        },
        {
          "name": "CVE-2026-43110",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43110"
        },
        {
          "name": "CVE-2026-46079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46079"
        },
        {
          "name": "CVE-2026-53256",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53256"
        },
        {
          "name": "CVE-2025-68315",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68315"
        },
        {
          "name": "CVE-2026-53306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53306"
        },
        {
          "name": "CVE-2026-23389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23389"
        },
        {
          "name": "CVE-2022-50472",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-50472"
        },
        {
          "name": "CVE-2026-43071",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43071"
        },
        {
          "name": "CVE-2026-43303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43303"
        },
        {
          "name": "CVE-2026-53045",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53045"
        },
        {
          "name": "CVE-2026-43098",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43098"
        },
        {
          "name": "CVE-2026-46306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46306"
        },
        {
          "name": "CVE-2026-43089",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43089"
        },
        {
          "name": "CVE-2026-53033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53033"
        },
        {
          "name": "CVE-2026-46021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46021"
        },
        {
          "name": "CVE-2026-31596",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31596"
        },
        {
          "name": "CVE-2026-31676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31676"
        },
        {
          "name": "CVE-2026-43112",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43112"
        },
        {
          "name": "CVE-2026-23442",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23442"
        },
        {
          "name": "CVE-2026-31603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31603"
        },
        {
          "name": "CVE-2026-46107",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46107"
        },
        {
          "name": "CVE-2026-46047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46047"
        },
        {
          "name": "CVE-2026-46273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46273"
        },
        {
          "name": "CVE-2026-43502",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43502"
        },
        {
          "name": "CVE-2026-53270",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53270"
        },
        {
          "name": "CVE-2022-48703",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48703"
        },
        {
          "name": "CVE-2026-23310",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23310"
        },
        {
          "name": "CVE-2026-53198",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53198"
        },
        {
          "name": "CVE-2026-53056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53056"
        },
        {
          "name": "CVE-2026-45994",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45994"
        },
        {
          "name": "CVE-2025-68823",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68823"
        },
        {
          "name": "CVE-2026-31577",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31577"
        },
        {
          "name": "CVE-2026-52909",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52909"
        },
        {
          "name": "CVE-2026-46163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46163"
        },
        {
          "name": "CVE-2026-31576",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31576"
        },
        {
          "name": "CVE-2026-46164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46164"
        },
        {
          "name": "CVE-2026-46235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46235"
        },
        {
          "name": "CVE-2026-45838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45838"
        },
        {
          "name": "CVE-2026-53264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53264"
        },
        {
          "name": "CVE-2026-53023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53023"
        },
        {
          "name": "CVE-2026-53142",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53142"
        },
        {
          "name": "CVE-2026-43497",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43497"
        },
        {
          "name": "CVE-2026-53063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53063"
        },
        {
          "name": "CVE-2026-46077",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46077"
        },
        {
          "name": "CVE-2026-53273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53273"
        },
        {
          "name": "CVE-2026-53184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53184"
        },
        {
          "name": "CVE-2026-52962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52962"
        },
        {
          "name": "CVE-2026-53093",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53093"
        },
        {
          "name": "CVE-2026-43114",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43114"
        },
        {
          "name": "CVE-2026-31702",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31702"
        },
        {
          "name": "CVE-2026-46187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46187"
        },
        {
          "name": "CVE-2026-43281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43281"
        },
        {
          "name": "CVE-2026-31587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31587"
        },
        {
          "name": "CVE-2026-46168",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46168"
        },
        {
          "name": "CVE-2026-53075",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53075"
        },
        {
          "name": "CVE-2026-45986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45986"
        },
        {
          "name": "CVE-2026-53325",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53325"
        },
        {
          "name": "CVE-2026-45987",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45987"
        },
        {
          "name": "CVE-2026-31708",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31708"
        },
        {
          "name": "CVE-2026-46299",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46299"
        },
        {
          "name": "CVE-2026-53303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53303"
        },
        {
          "name": "CVE-2025-21863",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
        },
        {
          "name": "CVE-2021-47188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-47188"
        },
        {
          "name": "CVE-2026-31657",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31657"
        },
        {
          "name": "CVE-2026-31624",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31624"
        },
        {
          "name": "CVE-2026-46050",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46050"
        },
        {
          "name": "CVE-2026-46003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46003"
        },
        {
          "name": "CVE-2026-46009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46009"
        },
        {
          "name": "CVE-2026-31585",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31585"
        },
        {
          "name": "CVE-2026-53352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53352"
        },
        {
          "name": "CVE-2026-53151",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53151"
        },
        {
          "name": "CVE-2026-53254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53254"
        },
        {
          "name": "CVE-2026-53037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53037"
        },
        {
          "name": "CVE-2026-53238",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53238"
        },
        {
          "name": "CVE-2026-53072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53072"
        },
        {
          "name": "CVE-2025-68340",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68340"
        },
        {
          "name": "CVE-2026-52921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52921"
        },
        {
          "name": "CVE-2026-46023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46023"
        },
        {
          "name": "CVE-2026-53068",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53068"
        },
        {
          "name": "CVE-2026-52967",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52967"
        },
        {
          "name": "CVE-2026-46304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46304"
        },
        {
          "name": "CVE-2026-53213",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53213"
        },
        {
          "name": "CVE-2026-52930",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52930"
        },
        {
          "name": "CVE-2026-46275",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46275"
        },
        {
          "name": "CVE-2026-46193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46193"
        },
        {
          "name": "CVE-2026-52974",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52974"
        },
        {
          "name": "CVE-2026-46033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46033"
        },
        {
          "name": "CVE-2026-46143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46143"
        },
        {
          "name": "CVE-2026-52923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52923"
        },
        {
          "name": "CVE-2026-31500",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31500"
        },
        {
          "name": "CVE-2026-46212",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46212"
        },
        {
          "name": "CVE-2026-45850",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45850"
        },
        {
          "name": "CVE-2026-45834",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45834"
        },
        {
          "name": "CVE-2026-31700",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31700"
        },
        {
          "name": "CVE-2026-31630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31630"
        },
        {
          "name": "CVE-2026-52933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52933"
        },
        {
          "name": "CVE-2026-46199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46199"
        },
        {
          "name": "CVE-2026-43105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43105"
        },
        {
          "name": "CVE-2026-43116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43116"
        },
        {
          "name": "CVE-2026-53196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53196"
        },
        {
          "name": "CVE-2026-46123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46123"
        },
        {
          "name": "CVE-2026-52969",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52969"
        },
        {
          "name": "CVE-2026-46098",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46098"
        },
        {
          "name": "CVE-2026-53062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53062"
        },
        {
          "name": "CVE-2024-43902",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
        },
        {
          "name": "CVE-2026-43072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43072"
        },
        {
          "name": "CVE-2023-53292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53292"
        },
        {
          "name": "CVE-2026-46165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46165"
        },
        {
          "name": "CVE-2026-46052",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46052"
        },
        {
          "name": "CVE-2026-46053",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46053"
        },
        {
          "name": "CVE-2026-31407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31407"
        },
        {
          "name": "CVE-2026-53343",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53343"
        },
        {
          "name": "CVE-2026-53082",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53082"
        },
        {
          "name": "CVE-2026-52926",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52926"
        },
        {
          "name": "CVE-2026-31602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31602"
        },
        {
          "name": "CVE-2022-49822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49822"
        },
        {
          "name": "CVE-2026-46238",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46238"
        },
        {
          "name": "CVE-2026-46051",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46051"
        },
        {
          "name": "CVE-2026-52977",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52977"
        },
        {
          "name": "CVE-2026-52917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52917"
        },
        {
          "name": "CVE-2026-52972",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52972"
        },
        {
          "name": "CVE-2026-53074",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53074"
        },
        {
          "name": "CVE-2026-46322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46322"
        },
        {
          "name": "CVE-2026-53036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53036"
        },
        {
          "name": "CVE-2026-45839",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45839"
        },
        {
          "name": "CVE-2026-46088",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46088"
        },
        {
          "name": "CVE-2026-52982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52982"
        },
        {
          "name": "CVE-2026-31629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31629"
        },
        {
          "name": "CVE-2026-46102",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46102"
        },
        {
          "name": "CVE-2026-43219",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43219"
        },
        {
          "name": "CVE-2026-53022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53022"
        },
        {
          "name": "CVE-2026-46078",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46078"
        },
        {
          "name": "CVE-2026-46058",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46058"
        },
        {
          "name": "CVE-2026-43494",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43494"
        },
        {
          "name": "CVE-2026-31673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31673"
        }
      ],
      "initial_release_date": "2026-07-10T00:00:00",
      "last_revision_date": "2026-07-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0862",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-07-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
      "vendor_advisories": [
        {
          "published_at": "2026-07-03",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00006",
          "url": "https://lists.debian.org/debian-lts-announce/2026/07/msg00006.html"
        },
        {
          "published_at": "2026-07-05",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg00292",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00292.html"
        },
        {
          "published_at": "2026-07-05",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00012",
          "url": "https://lists.debian.org/debian-lts-announce/2026/07/msg00012.html"
        },
        {
          "published_at": "2026-07-03",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00005",
          "url": "https://lists.debian.org/debian-lts-announce/2026/07/msg00005.html"
        }
      ]
    }

    CERTFR-2026-AVI-0809

    Vulnerability from certfr_avis - Published: 2026-06-26 - Updated: 2026-06-26

    De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Debian Debian Debian
    References
    Bulletin de sécurité Debian msg00266 2026-06-21 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Debian",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-45842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45842"
        },
        {
          "name": "CVE-2026-45845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45845"
        },
        {
          "name": "CVE-2025-22069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22069"
        },
        {
          "name": "CVE-2026-46319",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46319"
        },
        {
          "name": "CVE-2026-31486",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31486"
        },
        {
          "name": "CVE-2026-23346",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23346"
        },
        {
          "name": "CVE-2026-23247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23247"
        },
        {
          "name": "CVE-2026-46170",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46170"
        },
        {
          "name": "CVE-2026-46117",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46117"
        },
        {
          "name": "CVE-2025-71289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71289"
        },
        {
          "name": "CVE-2026-31613",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31613"
        },
        {
          "name": "CVE-2026-43331",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43331"
        },
        {
          "name": "CVE-2026-46158",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46158"
        },
        {
          "name": "CVE-2026-46320",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46320"
        },
        {
          "name": "CVE-2026-46137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46137"
        },
        {
          "name": "CVE-2026-45841",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45841"
        },
        {
          "name": "CVE-2026-46331",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46331"
        },
        {
          "name": "CVE-2026-23469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23469"
        },
        {
          "name": "CVE-2026-31420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31420"
        },
        {
          "name": "CVE-2026-46203",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46203"
        },
        {
          "name": "CVE-2026-31663",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31663"
        },
        {
          "name": "CVE-2026-45846",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45846"
        },
        {
          "name": "CVE-2026-46323",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46323"
        },
        {
          "name": "CVE-2025-68768",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68768"
        },
        {
          "name": "CVE-2026-46315",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46315"
        },
        {
          "name": "CVE-2025-68251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68251"
        },
        {
          "name": "CVE-2026-46321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46321"
        },
        {
          "name": "CVE-2026-52908",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52908"
        },
        {
          "name": "CVE-2026-45840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45840"
        },
        {
          "name": "CVE-2026-45844",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45844"
        },
        {
          "name": "CVE-2026-52910",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52910"
        },
        {
          "name": "CVE-2026-45930",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45930"
        },
        {
          "name": "CVE-2026-46274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46274"
        },
        {
          "name": "CVE-2026-46244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46244"
        },
        {
          "name": "CVE-2026-31717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31717"
        },
        {
          "name": "CVE-2026-52911",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52911"
        },
        {
          "name": "CVE-2026-45843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45843"
        },
        {
          "name": "CVE-2026-46316",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46316"
        },
        {
          "name": "CVE-2026-46160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46160"
        },
        {
          "name": "CVE-2026-43303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43303"
        },
        {
          "name": "CVE-2026-43245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43245"
        },
        {
          "name": "CVE-2026-52909",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-52909"
        },
        {
          "name": "CVE-2026-23394",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23394"
        },
        {
          "name": "CVE-2026-45838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45838"
        },
        {
          "name": "CVE-2026-23272",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23272"
        },
        {
          "name": "CVE-2026-31560",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31560"
        },
        {
          "name": "CVE-2026-46216",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46216"
        },
        {
          "name": "CVE-2026-46275",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46275"
        },
        {
          "name": "CVE-2026-45850",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45850"
        },
        {
          "name": "CVE-2026-43116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43116"
        },
        {
          "name": "CVE-2026-46322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46322"
        },
        {
          "name": "CVE-2026-45839",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45839"
        },
        {
          "name": "CVE-2026-43219",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43219"
        }
      ],
      "initial_release_date": "2026-06-26T00:00:00",
      "last_revision_date": "2026-06-26T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0809",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-26T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
      "vendor_advisories": [
        {
          "published_at": "2026-06-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg00266",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00266.html"
        }
      ]
    }

    CERTFR-2026-AVI-0784

    Vulnerability from certfr_avis - Published: 2026-06-19 - Updated: 2026-06-19

    De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Debian Debian noyaux Debian 12 bookworm antérieures à 4.12.1~deb12u1
    References
    Bulletin de sécurité Debian LTS msg00017 2026-06-12 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "noyaux Debian 12 bookworm ant\u00e9rieures \u00e0 4.12.1~deb12u1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [],
      "initial_release_date": "2026-06-19T00:00:00",
      "last_revision_date": "2026-06-19T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0784",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
      "vendor_advisories": [
        {
          "published_at": "2026-06-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00017",
          "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00017.html"
        }
      ]
    }

    CERTFR-2026-AVI-0696

    Vulnerability from certfr_avis - Published: 2026-06-05 - Updated: 2026-06-05

    De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Debian Debian Debian bullseye versions antérieures 6.1.174-1~deb11u1
    Debian Debian Debian bullseye versions antérieures 5.10.257-1
    References
    Bulletin de sécurité Debian LTS msg00051 2026-05-29 vendor-advisory
    Bulletin de sécurité Debian LTS msg00052 2026-05-29 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Debian bullseye versions ant\u00e9rieures 6.1.174-1~deb11u1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian bullseye versions ant\u00e9rieures 5.10.257-1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-43135",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43135"
        },
        {
          "name": "CVE-2026-43078",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43078"
        },
        {
          "name": "CVE-2026-43068",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43068"
        },
        {
          "name": "CVE-2026-31770",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31770"
        },
        {
          "name": "CVE-2026-31658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31658"
        },
        {
          "name": "CVE-2026-23318",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23318"
        },
        {
          "name": "CVE-2026-23368",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23368"
        },
        {
          "name": "CVE-2026-43270",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43270"
        },
        {
          "name": "CVE-2026-43227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43227"
        },
        {
          "name": "CVE-2026-31485",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31485"
        },
        {
          "name": "CVE-2026-43314",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43314"
        },
        {
          "name": "CVE-2026-43373",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43373"
        },
        {
          "name": "CVE-2026-43251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43251"
        },
        {
          "name": "CVE-2026-43211",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43211"
        },
        {
          "name": "CVE-2026-31402",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31402"
        },
        {
          "name": "CVE-2025-40219",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
        },
        {
          "name": "CVE-2026-45852",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45852"
        },
        {
          "name": "CVE-2026-31758",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31758"
        },
        {
          "name": "CVE-2026-45856",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45856"
        },
        {
          "name": "CVE-2026-23281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23281"
        },
        {
          "name": "CVE-2026-43168",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43168"
        },
        {
          "name": "CVE-2026-43060",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43060"
        },
        {
          "name": "CVE-2026-31416",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31416"
        },
        {
          "name": "CVE-2025-39764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39764"
        },
        {
          "name": "CVE-2026-43241",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43241"
        },
        {
          "name": "CVE-2026-43062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43062"
        },
        {
          "name": "CVE-2026-23293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23293"
        },
        {
          "name": "CVE-2026-23463",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23463"
        },
        {
          "name": "CVE-2026-23227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23227"
        },
        {
          "name": "CVE-2026-45923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45923"
        },
        {
          "name": "CVE-2026-31405",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31405"
        },
        {
          "name": "CVE-2026-43136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43136"
        },
        {
          "name": "CVE-2026-43339",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43339"
        },
        {
          "name": "CVE-2026-45868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45868"
        },
        {
          "name": "CVE-2026-31473",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31473"
        },
        {
          "name": "CVE-2026-31550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31550"
        },
        {
          "name": "CVE-2026-23290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23290"
        },
        {
          "name": "CVE-2026-31752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31752"
        },
        {
          "name": "CVE-2026-31787",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31787"
        },
        {
          "name": "CVE-2026-43202",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43202"
        },
        {
          "name": "CVE-2026-23303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23303"
        },
        {
          "name": "CVE-2026-43011",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43011"
        },
        {
          "name": "CVE-2026-43132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43132"
        },
        {
          "name": "CVE-2026-31396",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31396"
        },
        {
          "name": "CVE-2026-31680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31680"
        },
        {
          "name": "CVE-2026-43163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43163"
        },
        {
          "name": "CVE-2026-31738",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31738"
        },
        {
          "name": "CVE-2026-43411",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43411"
        },
        {
          "name": "CVE-2026-31751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31751"
        },
        {
          "name": "CVE-2026-43429",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43429"
        },
        {
          "name": "CVE-2026-43382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43382"
        },
        {
          "name": "CVE-2026-23439",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23439"
        },
        {
          "name": "CVE-2026-23253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23253"
        },
        {
          "name": "CVE-2026-31721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31721"
        },
        {
          "name": "CVE-2026-23434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23434"
        },
        {
          "name": "CVE-2026-43014",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43014"
        },
        {
          "name": "CVE-2026-43139",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43139"
        },
        {
          "name": "CVE-2026-45873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45873"
        },
        {
          "name": "CVE-2026-31447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31447"
        },
        {
          "name": "CVE-2026-45870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45870"
        },
        {
          "name": "CVE-2026-43445",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43445"
        },
        {
          "name": "CVE-2026-43387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43387"
        },
        {
          "name": "CVE-2026-43028",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43028"
        },
        {
          "name": "CVE-2026-45871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45871"
        },
        {
          "name": "CVE-2026-43475",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43475"
        },
        {
          "name": "CVE-2026-23304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23304"
        },
        {
          "name": "CVE-2026-31683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31683"
        },
        {
          "name": "CVE-2026-23357",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23357"
        },
        {
          "name": "CVE-2026-45860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45860"
        },
        {
          "name": "CVE-2026-31524",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31524"
        },
        {
          "name": "CVE-2026-43231",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43231"
        },
        {
          "name": "CVE-2026-31668",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31668"
        },
        {
          "name": "CVE-2026-31546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31546"
        },
        {
          "name": "CVE-2026-45956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45956"
        },
        {
          "name": "CVE-2026-43047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43047"
        },
        {
          "name": "CVE-2026-43432",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43432"
        },
        {
          "name": "CVE-2026-45866",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45866"
        },
        {
          "name": "CVE-2026-31786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31786"
        },
        {
          "name": "CVE-2026-31545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31545"
        },
        {
          "name": "CVE-2026-23456",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23456"
        },
        {
          "name": "CVE-2026-43458",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43458"
        },
        {
          "name": "CVE-2026-43450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43450"
        },
        {
          "name": "CVE-2026-31510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31510"
        },
        {
          "name": "CVE-2026-23457",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23457"
        },
        {
          "name": "CVE-2026-43503",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43503"
        },
        {
          "name": "CVE-2026-43069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43069"
        },
        {
          "name": "CVE-2026-43425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43425"
        },
        {
          "name": "CVE-2026-31659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31659"
        },
        {
          "name": "CVE-2026-43480",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43480"
        },
        {
          "name": "CVE-2026-43268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43268"
        },
        {
          "name": "CVE-2026-43426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43426"
        },
        {
          "name": "CVE-2026-43030",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43030"
        },
        {
          "name": "CVE-2026-45914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45914"
        },
        {
          "name": "CVE-2026-45912",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45912"
        },
        {
          "name": "CVE-2026-43383",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43383"
        },
        {
          "name": "CVE-2026-43334",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43334"
        },
        {
          "name": "CVE-2026-23391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23391"
        },
        {
          "name": "CVE-2026-31415",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31415"
        },
        {
          "name": "CVE-2026-45869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45869"
        },
        {
          "name": "CVE-2026-23462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23462"
        },
        {
          "name": "CVE-2026-23273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23273"
        },
        {
          "name": "CVE-2026-23372",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23372"
        },
        {
          "name": "CVE-2026-45919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45919"
        },
        {
          "name": "CVE-2026-45862",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45862"
        },
        {
          "name": "CVE-2026-46174",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46174"
        },
        {
          "name": "CVE-2026-45857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45857"
        },
        {
          "name": "CVE-2026-45848",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45848"
        },
        {
          "name": "CVE-2026-43327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43327"
        },
        {
          "name": "CVE-2026-31494",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31494"
        },
        {
          "name": "CVE-2026-43381",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43381"
        },
        {
          "name": "CVE-2026-31763",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31763"
        },
        {
          "name": "CVE-2026-23279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23279"
        },
        {
          "name": "CVE-2026-31670",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31670"
        },
        {
          "name": "CVE-2026-31422",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31422"
        },
        {
          "name": "CVE-2025-71304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71304"
        },
        {
          "name": "CVE-2026-23286",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23286"
        },
        {
          "name": "CVE-2026-43232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43232"
        },
        {
          "name": "CVE-2026-23298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23298"
        },
        {
          "name": "CVE-2026-31469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31469"
        },
        {
          "name": "CVE-2026-45867",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45867"
        },
        {
          "name": "CVE-2026-43264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43264"
        },
        {
          "name": "CVE-2026-31498",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31498"
        },
        {
          "name": "CVE-2026-45879",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45879"
        },
        {
          "name": "CVE-2026-45883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45883"
        },
        {
          "name": "CVE-2026-43336",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43336"
        },
        {
          "name": "CVE-2026-43269",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43269"
        },
        {
          "name": "CVE-2026-31418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31418"
        },
        {
          "name": "CVE-2026-45981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45981"
        },
        {
          "name": "CVE-2026-43466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43466"
        },
        {
          "name": "CVE-2026-31427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31427"
        },
        {
          "name": "CVE-2026-31555",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31555"
        },
        {
          "name": "CVE-2026-43439",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43439"
        },
        {
          "name": "CVE-2026-43183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43183"
        },
        {
          "name": "CVE-2026-31515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31515"
        },
        {
          "name": "CVE-2026-31661",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31661"
        },
        {
          "name": "CVE-2026-43452",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43452"
        },
        {
          "name": "CVE-2026-31737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31737"
        },
        {
          "name": "CVE-2026-45960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45960"
        },
        {
          "name": "CVE-2026-43043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43043"
        },
        {
          "name": "CVE-2026-43140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43140"
        },
        {
          "name": "CVE-2026-43223",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43223"
        },
        {
          "name": "CVE-2026-23396",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23396"
        },
        {
          "name": "CVE-2026-31423",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31423"
        },
        {
          "name": "CVE-2026-43051",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43051"
        },
        {
          "name": "CVE-2026-31759",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31759"
        },
        {
          "name": "CVE-2026-43246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43246"
        },
        {
          "name": "CVE-2026-31781",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31781"
        },
        {
          "name": "CVE-2026-43449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43449"
        },
        {
          "name": "CVE-2026-45948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45948"
        },
        {
          "name": "CVE-2026-43147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43147"
        },
        {
          "name": "CVE-2026-31523",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31523"
        },
        {
          "name": "CVE-2026-43459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43459"
        },
        {
          "name": "CVE-2026-31450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31450"
        },
        {
          "name": "CVE-2026-31671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31671"
        },
        {
          "name": "CVE-2026-31749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31749"
        },
        {
          "name": "CVE-2026-43328",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43328"
        },
        {
          "name": "CVE-2026-43024",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43024"
        },
        {
          "name": "CVE-2026-45985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45985"
        },
        {
          "name": "CVE-2026-43207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43207"
        },
        {
          "name": "CVE-2026-23352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23352"
        },
        {
          "name": "CVE-2026-31720",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31720"
        },
        {
          "name": "CVE-2026-31748",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31748"
        },
        {
          "name": "CVE-2026-43077",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43077"
        },
        {
          "name": "CVE-2026-43472",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43472"
        },
        {
          "name": "CVE-2026-23367",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23367"
        },
        {
          "name": "CVE-2026-31628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31628"
        },
        {
          "name": "CVE-2026-43407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43407"
        },
        {
          "name": "CVE-2026-45899",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45899"
        },
        {
          "name": "CVE-2026-31662",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31662"
        },
        {
          "name": "CVE-2026-43026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43026"
        },
        {
          "name": "CVE-2026-43430",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43430"
        },
        {
          "name": "CVE-2026-43437",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43437"
        },
        {
          "name": "CVE-2026-45920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45920"
        },
        {
          "name": "CVE-2026-43184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43184"
        },
        {
          "name": "CVE-2026-23446",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23446"
        },
        {
          "name": "CVE-2026-46300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46300"
        },
        {
          "name": "CVE-2026-43035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43035"
        },
        {
          "name": "CVE-2026-31665",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31665"
        },
        {
          "name": "CVE-2026-23300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23300"
        },
        {
          "name": "CVE-2026-45941",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45941"
        },
        {
          "name": "CVE-2026-43261",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43261"
        },
        {
          "name": "CVE-2026-31391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31391"
        },
        {
          "name": "CVE-2026-43158",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43158"
        },
        {
          "name": "CVE-2026-31672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31672"
        },
        {
          "name": "CVE-2026-31780",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31780"
        },
        {
          "name": "CVE-2026-43342",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43342"
        },
        {
          "name": "CVE-2026-23243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23243"
        },
        {
          "name": "CVE-2026-43357",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43357"
        },
        {
          "name": "CVE-2026-43061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43061"
        },
        {
          "name": "CVE-2026-43453",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43453"
        },
        {
          "name": "CVE-2026-43032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43032"
        },
        {
          "name": "CVE-2026-45954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45954"
        },
        {
          "name": "CVE-2026-23362",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23362"
        },
        {
          "name": "CVE-2026-23379",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23379"
        },
        {
          "name": "CVE-2026-45984",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45984"
        },
        {
          "name": "CVE-2026-43427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43427"
        },
        {
          "name": "CVE-2026-31421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31421"
        },
        {
          "name": "CVE-2026-23381",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23381"
        },
        {
          "name": "CVE-2026-31518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31518"
        },
        {
          "name": "CVE-2026-43296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43296"
        },
        {
          "name": "CVE-2026-31660",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31660"
        },
        {
          "name": "CVE-2026-23245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23245"
        },
        {
          "name": "CVE-2026-45916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45916"
        },
        {
          "name": "CVE-2026-31728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31728"
        },
        {
          "name": "CVE-2026-31403",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31403"
        },
        {
          "name": "CVE-2026-31400",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31400"
        },
        {
          "name": "CVE-2026-31512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31512"
        },
        {
          "name": "CVE-2026-43124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43124"
        },
        {
          "name": "CVE-2026-43141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43141"
        },
        {
          "name": "CVE-2026-31726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31726"
        },
        {
          "name": "CVE-2026-31504",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31504"
        },
        {
          "name": "CVE-2026-43370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43370"
        },
        {
          "name": "CVE-2026-31773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31773"
        },
        {
          "name": "CVE-2026-43134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43134"
        },
        {
          "name": "CVE-2026-23242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23242"
        },
        {
          "name": "CVE-2026-43015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43015"
        },
        {
          "name": "CVE-2026-31509",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31509"
        },
        {
          "name": "CVE-2025-71292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71292"
        },
        {
          "name": "CVE-2026-43066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43066"
        },
        {
          "name": "CVE-2026-43242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43242"
        },
        {
          "name": "CVE-2026-31679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31679"
        },
        {
          "name": "CVE-2026-45970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45970"
        },
        {
          "name": "CVE-2026-23274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23274"
        },
        {
          "name": "CVE-2026-43020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43020"
        },
        {
          "name": "CVE-2026-31417",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31417"
        },
        {
          "name": "CVE-2026-43041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43041"
        },
        {
          "name": "CVE-2026-31761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31761"
        },
        {
          "name": "CVE-2026-31466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31466"
        },
        {
          "name": "CVE-2024-56584",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
        },
        {
          "name": "CVE-2026-45958",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45958"
        },
        {
          "name": "CVE-2026-43257",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43257"
        },
        {
          "name": "CVE-2026-31778",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31778"
        },
        {
          "name": "CVE-2026-43180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43180"
        },
        {
          "name": "CVE-2026-43196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43196"
        },
        {
          "name": "CVE-2026-45968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45968"
        },
        {
          "name": "CVE-2026-43040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43040"
        },
        {
          "name": "CVE-2026-43152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43152"
        },
        {
          "name": "CVE-2026-43287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43287"
        },
        {
          "name": "CVE-2026-31552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31552"
        },
        {
          "name": "CVE-2026-43428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43428"
        },
        {
          "name": "CVE-2026-23397",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23397"
        },
        {
          "name": "CVE-2026-43206",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43206"
        },
        {
          "name": "CVE-2026-23452",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23452"
        },
        {
          "name": "CVE-2026-43273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43273"
        },
        {
          "name": "CVE-2026-23474",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23474"
        },
        {
          "name": "CVE-2026-43190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43190"
        },
        {
          "name": "CVE-2026-45885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45885"
        },
        {
          "name": "CVE-2026-43226",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43226"
        },
        {
          "name": "CVE-2026-23336",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23336"
        },
        {
          "name": "CVE-2026-43355",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43355"
        },
        {
          "name": "CVE-2026-31497",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31497"
        },
        {
          "name": "CVE-2026-43451",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43451"
        },
        {
          "name": "CVE-2026-31682",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31682"
        },
        {
          "name": "CVE-2026-31570",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31570"
        },
        {
          "name": "CVE-2026-23289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23289"
        },
        {
          "name": "CVE-2026-23277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23277"
        },
        {
          "name": "CVE-2026-31399",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31399"
        },
        {
          "name": "CVE-2026-45964",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45964"
        },
        {
          "name": "CVE-2026-43343",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43343"
        },
        {
          "name": "CVE-2026-43289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43289"
        },
        {
          "name": "CVE-2026-43187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43187"
        },
        {
          "name": "CVE-2026-23455",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23455"
        },
        {
          "name": "CVE-2026-45936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45936"
        },
        {
          "name": "CVE-2026-45978",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45978"
        },
        {
          "name": "CVE-2026-43159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43159"
        },
        {
          "name": "CVE-2026-31495",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31495"
        },
        {
          "name": "CVE-2026-31507",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31507"
        },
        {
          "name": "CVE-2026-43149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43149"
        },
        {
          "name": "CVE-2026-31762",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31762"
        },
        {
          "name": "CVE-2026-43236",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43236"
        },
        {
          "name": "CVE-2026-31788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31788"
        },
        {
          "name": "CVE-2026-31411",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31411"
        },
        {
          "name": "CVE-2026-31428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31428"
        },
        {
          "name": "CVE-2026-23420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23420"
        },
        {
          "name": "CVE-2026-23388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23388"
        },
        {
          "name": "CVE-2025-39748",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39748"
        },
        {
          "name": "CVE-2026-43277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43277"
        },
        {
          "name": "CVE-2026-43386",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43386"
        },
        {
          "name": "CVE-2026-43037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43037"
        },
        {
          "name": "CVE-2026-43266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43266"
        },
        {
          "name": "CVE-2026-23458",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23458"
        },
        {
          "name": "CVE-2026-31649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31649"
        },
        {
          "name": "CVE-2026-31674",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31674"
        },
        {
          "name": "CVE-2026-31393",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31393"
        },
        {
          "name": "CVE-2026-43420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43420"
        },
        {
          "name": "CVE-2026-43233",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43233"
        },
        {
          "name": "CVE-2026-43027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43027"
        },
        {
          "name": "CVE-2026-45904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45904"
        },
        {
          "name": "CVE-2025-68206",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68206"
        },
        {
          "name": "CVE-2026-43295",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43295"
        },
        {
          "name": "CVE-2026-23339",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23339"
        },
        {
          "name": "CVE-2026-23112",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23112"
        },
        {
          "name": "CVE-2026-23460",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23460"
        },
        {
          "name": "CVE-2026-23395",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23395"
        },
        {
          "name": "CVE-2026-31651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31651"
        },
        {
          "name": "CVE-2026-23100",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23100"
        },
        {
          "name": "CVE-2026-31747",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31747"
        },
        {
          "name": "CVE-2026-31455",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31455"
        },
        {
          "name": "CVE-2026-43316",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43316"
        },
        {
          "name": "CVE-2026-43340",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43340"
        },
        {
          "name": "CVE-2026-23291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23291"
        },
        {
          "name": "CVE-2026-43156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43156"
        },
        {
          "name": "CVE-2026-43194",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43194"
        },
        {
          "name": "CVE-2026-23382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23382"
        },
        {
          "name": "CVE-2026-43230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43230"
        },
        {
          "name": "CVE-2026-43209",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43209"
        },
        {
          "name": "CVE-2025-71274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71274"
        },
        {
          "name": "CVE-2026-43171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43171"
        },
        {
          "name": "CVE-2026-43424",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43424"
        },
        {
          "name": "CVE-2025-40261",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
        },
        {
          "name": "CVE-2026-23312",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23312"
        },
        {
          "name": "CVE-2026-31508",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31508"
        },
        {
          "name": "CVE-2026-23365",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23365"
        },
        {
          "name": "CVE-2026-45983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45983"
        },
        {
          "name": "CVE-2026-31424",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31424"
        },
        {
          "name": "CVE-2026-46028",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46028"
        },
        {
          "name": "CVE-2026-23356",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23356"
        },
        {
          "name": "CVE-2026-45875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45875"
        },
        {
          "name": "CVE-2026-23307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23307"
        },
        {
          "name": "CVE-2026-43038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43038"
        },
        {
          "name": "CVE-2026-45974",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45974"
        },
        {
          "name": "CVE-2026-45965",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45965"
        },
        {
          "name": "CVE-2026-43218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43218"
        },
        {
          "name": "CVE-2026-43363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43363"
        },
        {
          "name": "CVE-2026-45915",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45915"
        },
        {
          "name": "CVE-2026-31454",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31454"
        },
        {
          "name": "CVE-2026-43130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43130"
        },
        {
          "name": "CVE-2026-31452",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31452"
        },
        {
          "name": "CVE-2026-23398",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23398"
        },
        {
          "name": "CVE-2026-31425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31425"
        },
        {
          "name": "CVE-2026-45890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45890"
        },
        {
          "name": "CVE-2026-43255",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43255"
        },
        {
          "name": "CVE-2026-43283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43283"
        },
        {
          "name": "CVE-2026-23351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23351"
        },
        {
          "name": "CVE-2026-43050",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43050"
        },
        {
          "name": "CVE-2026-43203",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43203"
        },
        {
          "name": "CVE-2026-31667",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31667"
        }
      ],
      "initial_release_date": "2026-06-05T00:00:00",
      "last_revision_date": "2026-06-05T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0696",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-05T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
      "vendor_advisories": [
        {
          "published_at": "2026-05-29",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00051",
          "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00051.html"
        },
        {
          "published_at": "2026-05-29",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00052",
          "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00052.html"
        }
      ]
    }

    CERTFR-2026-AVI-0666

    Vulnerability from certfr_avis - Published: 2026-05-29 - Updated: 2026-05-29

    De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Debian Debian Debian trixie versions antérieures à 6.12.90-2
    Debian Debian Debian bookworm versions antérieures à 6.1.174-1
    References
    Bulletin de sécurité Debian msg00216 2026-05-28 vendor-advisory
    Bulletin de sécurité Debian msg00206 2026-05-23 vendor-advisory
    Bulletin de sécurité Debian msg00217 2026-05-28 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.90-2",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.174-1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-43503",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43503"
        },
        {
          "name": "CVE-2026-46174",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46174"
        },
        {
          "name": "CVE-2026-46300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46300"
        },
        {
          "name": "CVE-2026-23171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23171"
        },
        {
          "name": "CVE-2026-43494",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43494"
        }
      ],
      "initial_release_date": "2026-05-29T00:00:00",
      "last_revision_date": "2026-05-29T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0666",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-29T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
      "vendor_advisories": [
        {
          "published_at": "2026-05-28",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg00216",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00216.html"
        },
        {
          "published_at": "2026-05-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg00206",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00206.html"
        },
        {
          "published_at": "2026-05-28",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg00217",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00217.html"
        }
      ]
    }

    CERTFR-2026-AVI-0636

    Vulnerability from certfr_avis - Published: 2026-05-22 - Updated: 2026-05-22

    Une vulnérabilité a été découverte dans le noyau Linux de Debian LTS. Elle permet à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Debian Debian Debian 11 bullseye versions antérieures à 6.1.172-1~deb11u1
    Debian Debian Debian 11 bullseye versions antérieures à 5.10.251-5
    References
    Bulletin de sécurité Debian LTS msg00032 2026-05-16 vendor-advisory
    Bulletin de sécurité Debian LTS msg00035 2026-05-19 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Debian 11 bullseye versions ant\u00e9rieures \u00e0 6.1.172-1~deb11u1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian 11 bullseye versions ant\u00e9rieures \u00e0 5.10.251-5",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-46333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46333"
        }
      ],
      "initial_release_date": "2026-05-22T00:00:00",
      "last_revision_date": "2026-05-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0636",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le noyau Linux de Debian LTS. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Vuln\u00e9rabilit\u00e9 dans le noyau Linux de Debian LTS",
      "vendor_advisories": [
        {
          "published_at": "2026-05-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00032",
          "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00032.html"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00035",
          "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00035.html"
        }
      ]
    }

    CERTFR-2026-AVI-0637

    Vulnerability from certfr_avis - Published: 2026-05-22 - Updated: 2026-05-22

    De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Debian Debian Debian trixie versions antérieures à 6.12.88-1.
    Debian Debian Debian bookworm versions antérieures à 6.1.172-1.
    References
    Bulletin de sécurité Debian msg00185 2026-05-15 vendor-advisory
    Bulletin de sécurité Debian msg00186 2026-05-15 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.88-1.\n",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.172-1.\n",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-43220",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43220"
        },
        {
          "name": "CVE-2026-43490",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43490"
        },
        {
          "name": "CVE-2026-46333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46333"
        },
        {
          "name": "CVE-2026-43109",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43109"
        },
        {
          "name": "CVE-2026-31499",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31499"
        },
        {
          "name": "CVE-2026-43088",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43088"
        }
      ],
      "initial_release_date": "2026-05-22T00:00:00",
      "last_revision_date": "2026-05-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0637",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
      "vendor_advisories": [
        {
          "published_at": "2026-05-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg00185",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00185.html"
        },
        {
          "published_at": "2026-05-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg00186",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00186.html"
        }
      ]
    }

    CERTFR-2026-AVI-0605

    Vulnerability from certfr_avis - Published: 2026-05-15 - Updated: 2026-05-15

    De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Debian Debian Debian bullsey versions antérieures 5.10.251-4
    Debian Debian Debian trixie versions antérieures à 6.12.86-1
    Debian Debian Debian bullsey versions antérieures à 6.1.170-3~deb11u1
    Debian Debian Debian bookworm versions antérieures à 6.1.170-3
    References
    Bulletin de sécurité Debian LTS msg00016 2026-05-08 vendor-advisory
    Bulletin de sécurité Debian msg0016 2026-05-08 vendor-advisory
    Bulletin de sécurité Debian msg00169 2026-05-09 vendor-advisory
    Bulletin de sécurité Debian LTS msg00018 2026-05-09 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Debian bullsey versions ant\u00e9rieures 5.10.251-4",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.86-1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian bullsey versions ant\u00e9rieures \u00e0 6.1.170-3~deb11u1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.170-3",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-23468",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23468"
        },
        {
          "name": "CVE-2026-43284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43284"
        },
        {
          "name": "CVE-2025-38584",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38584"
        },
        {
          "name": "CVE-2026-43500",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43500"
        },
        {
          "name": "CVE-2026-31419",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31419"
        },
        {
          "name": "CVE-2026-31715",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31715"
        },
        {
          "name": "CVE-2026-31709",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31709"
        }
      ],
      "initial_release_date": "2026-05-15T00:00:00",
      "last_revision_date": "2026-05-15T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0605",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian ",
      "vendor_advisories": [
        {
          "published_at": "2026-05-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00016",
          "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00016.html"
        },
        {
          "published_at": "2026-05-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg0016",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00164.html"
        },
        {
          "published_at": "2026-05-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg00169",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00169.html"
        },
        {
          "published_at": "2026-05-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00018",
          "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00018.html"
        }
      ]
    }

    CERTFR-2026-AVI-0547

    Vulnerability from certfr_avis - Published: 2026-05-07 - Updated: 2026-05-07

    De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Debian Debian Debian 11 bullseye versions antérieures à 6.1.170-1~deb11u1
    Debian Debian Debian 11 bullseye versions antérieures à 5.10.251-3
    References
    Bulletin de sécurité Debian LTS msg00004 2026-05-02 vendor-advisory
    Bulletin de sécurité Debian LTS msg00005 2026-05-02 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Debian 11 bullseye versions ant\u00e9rieures \u00e0 6.1.170-1~deb11u1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian 11 bullseye versions ant\u00e9rieures \u00e0 5.10.251-3",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-31483",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31483"
        },
        {
          "name": "CVE-2026-31409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31409"
        },
        {
          "name": "CVE-2026-31522",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31522"
        },
        {
          "name": "CVE-2026-31770",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31770"
        },
        {
          "name": "CVE-2026-31658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31658"
        },
        {
          "name": "CVE-2025-21682",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
        },
        {
          "name": "CVE-2026-31756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31756"
        },
        {
          "name": "CVE-2026-31467",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31467"
        },
        {
          "name": "CVE-2026-23318",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23318"
        },
        {
          "name": "CVE-2026-23368",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23368"
        },
        {
          "name": "CVE-2026-31485",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31485"
        },
        {
          "name": "CVE-2026-23475",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23475"
        },
        {
          "name": "CVE-2026-31754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31754"
        },
        {
          "name": "CVE-2026-31402",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31402"
        },
        {
          "name": "CVE-2025-40219",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
        },
        {
          "name": "CVE-2026-23426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23426"
        },
        {
          "name": "CVE-2026-31758",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31758"
        },
        {
          "name": "CVE-2025-71265",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71265"
        },
        {
          "name": "CVE-2026-23450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23450"
        },
        {
          "name": "CVE-2026-23281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23281"
        },
        {
          "name": "CVE-2025-71221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71221"
        },
        {
          "name": "CVE-2026-31416",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31416"
        },
        {
          "name": "CVE-2026-31656",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31656"
        },
        {
          "name": "CVE-2025-39764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39764"
        },
        {
          "name": "CVE-2026-31453",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31453"
        },
        {
          "name": "CVE-2026-23438",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23438"
        },
        {
          "name": "CVE-2026-23293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23293"
        },
        {
          "name": "CVE-2026-23463",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23463"
        },
        {
          "name": "CVE-2026-23227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23227"
        },
        {
          "name": "CVE-2026-23454",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23454"
        },
        {
          "name": "CVE-2026-31405",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31405"
        },
        {
          "name": "CVE-2026-43054",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43054"
        },
        {
          "name": "CVE-2026-31664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31664"
        },
        {
          "name": "CVE-2026-31473",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31473"
        },
        {
          "name": "CVE-2026-31448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31448"
        },
        {
          "name": "CVE-2026-31550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31550"
        },
        {
          "name": "CVE-2026-23290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23290"
        },
        {
          "name": "CVE-2026-31549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31549"
        },
        {
          "name": "CVE-2026-31752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31752"
        },
        {
          "name": "CVE-2025-40016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40016"
        },
        {
          "name": "CVE-2026-31787",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31787"
        },
        {
          "name": "CVE-2025-38626",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38626"
        },
        {
          "name": "CVE-2026-23303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23303"
        },
        {
          "name": "CVE-2026-43011",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43011"
        },
        {
          "name": "CVE-2026-31396",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31396"
        },
        {
          "name": "CVE-2026-31680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31680"
        },
        {
          "name": "CVE-2026-23340",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23340"
        },
        {
          "name": "CVE-2026-43046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43046"
        },
        {
          "name": "CVE-2026-31738",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31738"
        },
        {
          "name": "CVE-2025-40005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40005"
        },
        {
          "name": "CVE-2026-31751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31751"
        },
        {
          "name": "CVE-2026-23439",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23439"
        },
        {
          "name": "CVE-2026-23253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23253"
        },
        {
          "name": "CVE-2026-43025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43025"
        },
        {
          "name": "CVE-2026-31721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31721"
        },
        {
          "name": "CVE-2026-23271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23271"
        },
        {
          "name": "CVE-2025-68265",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68265"
        },
        {
          "name": "CVE-2026-23434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23434"
        },
        {
          "name": "CVE-2026-43018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43018"
        },
        {
          "name": "CVE-2026-43014",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43014"
        },
        {
          "name": "CVE-2026-31447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31447"
        },
        {
          "name": "CVE-2026-31431",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"
        },
        {
          "name": "CVE-2026-43028",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43028"
        },
        {
          "name": "CVE-2026-23422",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23422"
        },
        {
          "name": "CVE-2026-31548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31548"
        },
        {
          "name": "CVE-2026-23304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23304"
        },
        {
          "name": "CVE-2026-31683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31683"
        },
        {
          "name": "CVE-2026-23357",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23357"
        },
        {
          "name": "CVE-2026-31408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31408"
        },
        {
          "name": "CVE-2025-38105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38105"
        },
        {
          "name": "CVE-2026-31524",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31524"
        },
        {
          "name": "CVE-2026-31668",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31668"
        },
        {
          "name": "CVE-2026-31478",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31478"
        },
        {
          "name": "CVE-2026-31546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31546"
        },
        {
          "name": "CVE-2025-38436",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38436"
        },
        {
          "name": "CVE-2026-23324",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23324"
        },
        {
          "name": "CVE-2024-50298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
        },
        {
          "name": "CVE-2026-23317",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23317"
        },
        {
          "name": "CVE-2026-43047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43047"
        },
        {
          "name": "CVE-2026-31389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31389"
        },
        {
          "name": "CVE-2026-31786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31786"
        },
        {
          "name": "CVE-2026-31545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31545"
        },
        {
          "name": "CVE-2026-23456",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23456"
        },
        {
          "name": "CVE-2026-43033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43033"
        },
        {
          "name": "CVE-2026-43023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43023"
        },
        {
          "name": "CVE-2026-23287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23287"
        },
        {
          "name": "CVE-2026-31510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31510"
        },
        {
          "name": "CVE-2026-23457",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23457"
        },
        {
          "name": "CVE-2026-31496",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31496"
        },
        {
          "name": "CVE-2025-40242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40242"
        },
        {
          "name": "CVE-2026-31659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31659"
        },
        {
          "name": "CVE-2026-23401",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23401"
        },
        {
          "name": "CVE-2026-43057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43057"
        },
        {
          "name": "CVE-2026-43030",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43030"
        },
        {
          "name": "CVE-2025-38250",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38250"
        },
        {
          "name": "CVE-2026-23391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23391"
        },
        {
          "name": "CVE-2026-31415",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31415"
        },
        {
          "name": "CVE-2024-47809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
        },
        {
          "name": "CVE-2026-23204",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
        },
        {
          "name": "CVE-2026-23462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23462"
        },
        {
          "name": "CVE-2026-31563",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31563"
        },
        {
          "name": "CVE-2026-23273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23273"
        },
        {
          "name": "CVE-2026-23372",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23372"
        },
        {
          "name": "CVE-2026-31689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31689"
        },
        {
          "name": "CVE-2026-23319",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23319"
        },
        {
          "name": "CVE-2024-56719",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56719"
        },
        {
          "name": "CVE-2026-31566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31566"
        },
        {
          "name": "CVE-2026-31494",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31494"
        },
        {
          "name": "CVE-2026-31565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31565"
        },
        {
          "name": "CVE-2026-23270",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23270"
        },
        {
          "name": "CVE-2026-31763",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31763"
        },
        {
          "name": "CVE-2026-23279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23279"
        },
        {
          "name": "CVE-2026-31670",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31670"
        },
        {
          "name": "CVE-2026-31422",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31422"
        },
        {
          "name": "CVE-2026-23286",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23286"
        },
        {
          "name": "CVE-2026-23359",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23359"
        },
        {
          "name": "CVE-2026-31533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31533"
        },
        {
          "name": "CVE-2026-23298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23298"
        },
        {
          "name": "CVE-2026-31469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31469"
        },
        {
          "name": "CVE-2026-31498",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31498"
        },
        {
          "name": "CVE-2026-31520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31520"
        },
        {
          "name": "CVE-2026-31418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31418"
        },
        {
          "name": "CVE-2026-23296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23296"
        },
        {
          "name": "CVE-2026-31427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31427"
        },
        {
          "name": "CVE-2026-31555",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31555"
        },
        {
          "name": "CVE-2026-31392",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31392"
        },
        {
          "name": "CVE-2026-31515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31515"
        },
        {
          "name": "CVE-2026-31661",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31661"
        },
        {
          "name": "CVE-2026-31737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31737"
        },
        {
          "name": "CVE-2026-43017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43017"
        },
        {
          "name": "CVE-2025-71267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71267"
        },
        {
          "name": "CVE-2026-43043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43043"
        },
        {
          "name": "CVE-2025-37945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37945"
        },
        {
          "name": "CVE-2026-23396",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23396"
        },
        {
          "name": "CVE-2026-31423",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31423"
        },
        {
          "name": "CVE-2026-43051",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43051"
        },
        {
          "name": "CVE-2026-31759",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31759"
        },
        {
          "name": "CVE-2026-23370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23370"
        },
        {
          "name": "CVE-2025-38303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38303"
        },
        {
          "name": "CVE-2026-23414",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23414"
        },
        {
          "name": "CVE-2026-31781",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31781"
        },
        {
          "name": "CVE-2026-23315",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23315"
        },
        {
          "name": "CVE-2026-31523",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31523"
        },
        {
          "name": "CVE-2026-31669",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31669"
        },
        {
          "name": "CVE-2026-31450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31450"
        },
        {
          "name": "CVE-2026-31671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31671"
        },
        {
          "name": "CVE-2026-31749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31749"
        },
        {
          "name": "CVE-2026-43024",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43024"
        },
        {
          "name": "CVE-2026-23352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23352"
        },
        {
          "name": "CVE-2026-31720",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31720"
        },
        {
          "name": "CVE-2026-31748",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31748"
        },
        {
          "name": "CVE-2026-23367",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23367"
        },
        {
          "name": "CVE-2026-31628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31628"
        },
        {
          "name": "CVE-2026-31662",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31662"
        },
        {
          "name": "CVE-2025-71067",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71067"
        },
        {
          "name": "CVE-2026-31768",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31768"
        },
        {
          "name": "CVE-2026-43026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43026"
        },
        {
          "name": "CVE-2026-31480",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31480"
        },
        {
          "name": "CVE-2026-23446",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23446"
        },
        {
          "name": "CVE-2026-43035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43035"
        },
        {
          "name": "CVE-2025-71269",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71269"
        },
        {
          "name": "CVE-2026-31665",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31665"
        },
        {
          "name": "CVE-2025-40358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40358"
        },
        {
          "name": "CVE-2026-23300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23300"
        },
        {
          "name": "CVE-2026-31391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31391"
        },
        {
          "name": "CVE-2026-31672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31672"
        },
        {
          "name": "CVE-2026-31780",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31780"
        },
        {
          "name": "CVE-2026-23243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23243"
        },
        {
          "name": "CVE-2023-53510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53510"
        },
        {
          "name": "CVE-2026-31521",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31521"
        },
        {
          "name": "CVE-2026-31634",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31634"
        },
        {
          "name": "CVE-2024-47736",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47736"
        },
        {
          "name": "CVE-2026-31412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31412"
        },
        {
          "name": "CVE-2026-43032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43032"
        },
        {
          "name": "CVE-2026-23362",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23362"
        },
        {
          "name": "CVE-2026-23379",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23379"
        },
        {
          "name": "CVE-2026-31421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31421"
        },
        {
          "name": "CVE-2023-53545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53545"
        },
        {
          "name": "CVE-2026-23381",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23381"
        },
        {
          "name": "CVE-2026-31518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31518"
        },
        {
          "name": "CVE-2026-31660",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31660"
        },
        {
          "name": "CVE-2026-23392",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23392"
        },
        {
          "name": "CVE-2026-23245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23245"
        },
        {
          "name": "CVE-2026-31728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31728"
        },
        {
          "name": "CVE-2024-49998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
        },
        {
          "name": "CVE-2026-31403",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31403"
        },
        {
          "name": "CVE-2026-31400",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31400"
        },
        {
          "name": "CVE-2026-31512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31512"
        },
        {
          "name": "CVE-2026-31726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31726"
        },
        {
          "name": "CVE-2026-31504",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31504"
        },
        {
          "name": "CVE-2026-31773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31773"
        },
        {
          "name": "CVE-2026-23364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23364"
        },
        {
          "name": "CVE-2026-23242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23242"
        },
        {
          "name": "CVE-2026-43015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43015"
        },
        {
          "name": "CVE-2026-31509",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31509"
        },
        {
          "name": "CVE-2026-31679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31679"
        },
        {
          "name": "CVE-2025-40135",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40135"
        },
        {
          "name": "CVE-2026-31779",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31779"
        },
        {
          "name": "CVE-2026-23428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23428"
        },
        {
          "name": "CVE-2026-23274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23274"
        },
        {
          "name": "CVE-2025-38192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38192"
        },
        {
          "name": "CVE-2026-43020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43020"
        },
        {
          "name": "CVE-2026-31417",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31417"
        },
        {
          "name": "CVE-2026-43041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43041"
        },
        {
          "name": "CVE-2026-31761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31761"
        },
        {
          "name": "CVE-2026-31466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31466"
        },
        {
          "name": "CVE-2026-31414",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31414"
        },
        {
          "name": "CVE-2026-31778",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31778"
        },
        {
          "name": "CVE-2025-38704",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38704"
        },
        {
          "name": "CVE-2026-31426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31426"
        },
        {
          "name": "CVE-2025-21676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
        },
        {
          "name": "CVE-2026-43040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43040"
        },
        {
          "name": "CVE-2026-31552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31552"
        },
        {
          "name": "CVE-2026-23284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23284"
        },
        {
          "name": "CVE-2026-23397",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23397"
        },
        {
          "name": "CVE-2026-23452",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23452"
        },
        {
          "name": "CVE-2026-23474",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23474"
        },
        {
          "name": "CVE-2026-31434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31434"
        },
        {
          "name": "CVE-2026-23343",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23343"
        },
        {
          "name": "CVE-2026-23336",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23336"
        },
        {
          "name": "CVE-2026-31497",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31497"
        },
        {
          "name": "CVE-2026-31682",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31682"
        },
        {
          "name": "CVE-2026-31570",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31570"
        },
        {
          "name": "CVE-2026-23289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23289"
        },
        {
          "name": "CVE-2026-31755",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31755"
        },
        {
          "name": "CVE-2026-23292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23292"
        },
        {
          "name": "CVE-2026-23141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23141"
        },
        {
          "name": "CVE-2026-23277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23277"
        },
        {
          "name": "CVE-2026-31399",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31399"
        },
        {
          "name": "CVE-2026-31441",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31441"
        },
        {
          "name": "CVE-2026-23455",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23455"
        },
        {
          "name": "CVE-2026-23335",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23335"
        },
        {
          "name": "CVE-2026-31551",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31551"
        },
        {
          "name": "CVE-2026-31495",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31495"
        },
        {
          "name": "CVE-2026-31507",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31507"
        },
        {
          "name": "CVE-2026-31762",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31762"
        },
        {
          "name": "CVE-2026-31788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31788"
        },
        {
          "name": "CVE-2026-31411",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31411"
        },
        {
          "name": "CVE-2026-31428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31428"
        },
        {
          "name": "CVE-2026-23420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23420"
        },
        {
          "name": "CVE-2026-23388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23388"
        },
        {
          "name": "CVE-2025-39748",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39748"
        },
        {
          "name": "CVE-2026-23449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23449"
        },
        {
          "name": "CVE-2025-39863",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39863"
        },
        {
          "name": "CVE-2025-71266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71266"
        },
        {
          "name": "CVE-2026-31492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31492"
        },
        {
          "name": "CVE-2026-43037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43037"
        },
        {
          "name": "CVE-2026-31476",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31476"
        },
        {
          "name": "CVE-2026-23458",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23458"
        },
        {
          "name": "CVE-2026-31649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31649"
        },
        {
          "name": "CVE-2026-31674",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31674"
        },
        {
          "name": "CVE-2026-31393",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31393"
        },
        {
          "name": "CVE-2026-43027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43027"
        },
        {
          "name": "CVE-2025-68206",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68206"
        },
        {
          "name": "CVE-2026-23339",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23339"
        },
        {
          "name": "CVE-2026-31433",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31433"
        },
        {
          "name": "CVE-2026-31776",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31776"
        },
        {
          "name": "CVE-2026-23321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23321"
        },
        {
          "name": "CVE-2026-23460",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23460"
        },
        {
          "name": "CVE-2026-31678",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31678"
        },
        {
          "name": "CVE-2025-71161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71161"
        },
        {
          "name": "CVE-2026-31540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31540"
        },
        {
          "name": "CVE-2026-23395",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23395"
        },
        {
          "name": "CVE-2026-31651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31651"
        },
        {
          "name": "CVE-2023-53228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53228"
        },
        {
          "name": "CVE-2026-23100",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23100"
        },
        {
          "name": "CVE-2026-31503",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31503"
        },
        {
          "name": "CVE-2026-31657",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31657"
        },
        {
          "name": "CVE-2026-31747",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31747"
        },
        {
          "name": "CVE-2026-31455",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31455"
        },
        {
          "name": "CVE-2026-23306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23306"
        },
        {
          "name": "CVE-2026-23378",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23378"
        },
        {
          "name": "CVE-2026-31519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31519"
        },
        {
          "name": "CVE-2026-23291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23291"
        },
        {
          "name": "CVE-2025-68239",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68239"
        },
        {
          "name": "CVE-2026-23382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23382"
        },
        {
          "name": "CVE-2026-31446",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31446"
        },
        {
          "name": "CVE-2026-23113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23113"
        },
        {
          "name": "CVE-2026-23157",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23157"
        },
        {
          "name": "CVE-2026-31464",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31464"
        },
        {
          "name": "CVE-2026-31695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31695"
        },
        {
          "name": "CVE-2025-37980",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37980"
        },
        {
          "name": "CVE-2026-23231",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23231"
        },
        {
          "name": "CVE-2025-40261",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
        },
        {
          "name": "CVE-2026-23312",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23312"
        },
        {
          "name": "CVE-2026-31508",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31508"
        },
        {
          "name": "CVE-2026-23365",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23365"
        },
        {
          "name": "CVE-2026-31424",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31424"
        },
        {
          "name": "CVE-2026-23356",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23356"
        },
        {
          "name": "CVE-2026-23307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23307"
        },
        {
          "name": "CVE-2025-38162",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38162"
        },
        {
          "name": "CVE-2026-31477",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31477"
        },
        {
          "name": "CVE-2026-43038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43038"
        },
        {
          "name": "CVE-2026-43013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43013"
        },
        {
          "name": "CVE-2026-31454",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31454"
        },
        {
          "name": "CVE-2025-38659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38659"
        },
        {
          "name": "CVE-2026-31452",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31452"
        },
        {
          "name": "CVE-2026-23398",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23398"
        },
        {
          "name": "CVE-2026-31425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31425"
        },
        {
          "name": "CVE-2026-23351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23351"
        },
        {
          "name": "CVE-2026-43050",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43050"
        },
        {
          "name": "CVE-2026-23154",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23154"
        },
        {
          "name": "CVE-2026-31667",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31667"
        }
      ],
      "initial_release_date": "2026-05-07T00:00:00",
      "last_revision_date": "2026-05-07T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0547",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-07T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
      "vendor_advisories": [
        {
          "published_at": "2026-05-02",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00004",
          "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00004.html"
        },
        {
          "published_at": "2026-05-02",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS msg00005",
          "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00005.html"
        }
      ]
    }

    CERTFR-2026-AVI-0548

    Vulnerability from certfr_avis - Published: 2026-05-07 - Updated: 2026-05-07

    De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Debian Debian Debian trixie versions antérieures à 6.12.85-1
    Debian Debian Debian trixie versions antérieures à version 6.1.170-1
    References
    Bulletin de sécurité Debian msg00154 2026-05-01 vendor-advisory
    Bulletin de sécurité Debian msg00148 2026-04-30 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.85-1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        },
        {
          "description": "Debian trixie versions ant\u00e9rieures \u00e0 version 6.1.170-1",
          "product": {
            "name": "Debian",
            "vendor": {
              "name": "Debian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-31559",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31559"
        },
        {
          "name": "CVE-2026-31623",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31623"
        },
        {
          "name": "CVE-2026-31483",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31483"
        },
        {
          "name": "CVE-2026-31409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31409"
        },
        {
          "name": "CVE-2026-31522",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31522"
        },
        {
          "name": "CVE-2026-31770",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31770"
        },
        {
          "name": "CVE-2026-23447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23447"
        },
        {
          "name": "CVE-2026-31582",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31582"
        },
        {
          "name": "CVE-2026-23387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23387"
        },
        {
          "name": "CVE-2026-31619",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31619"
        },
        {
          "name": "CVE-2026-31658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31658"
        },
        {
          "name": "CVE-2026-31618",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31618"
        },
        {
          "name": "CVE-2025-21682",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
        },
        {
          "name": "CVE-2026-31756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31756"
        },
        {
          "name": "CVE-2026-31467",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31467"
        },
        {
          "name": "CVE-2026-23318",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23318"
        },
        {
          "name": "CVE-2026-23368",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23368"
        },
        {
          "name": "CVE-2026-31485",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31485"
        },
        {
          "name": "CVE-2026-23475",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23475"
        },
        {
          "name": "CVE-2026-31578",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31578"
        },
        {
          "name": "CVE-2025-40147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40147"
        },
        {
          "name": "CVE-2026-31754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31754"
        },
        {
          "name": "CVE-2026-31402",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31402"
        },
        {
          "name": "CVE-2025-40219",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
        },
        {
          "name": "CVE-2026-23426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23426"
        },
        {
          "name": "CVE-2026-31758",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31758"
        },
        {
          "name": "CVE-2025-68736",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68736"
        },
        {
          "name": "CVE-2025-71265",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71265"
        },
        {
          "name": "CVE-2026-23450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23450"
        },
        {
          "name": "CVE-2026-23281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23281"
        },
        {
          "name": "CVE-2026-31530",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31530"
        },
        {
          "name": "CVE-2025-71221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71221"
        },
        {
          "name": "CVE-2026-31685",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31685"
        },
        {
          "name": "CVE-2026-31416",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31416"
        },
        {
          "name": "CVE-2026-31656",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31656"
        },
        {
          "name": "CVE-2025-39764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39764"
        },
        {
          "name": "CVE-2026-31453",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31453"
        },
        {
          "name": "CVE-2026-23004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23004"
        },
        {
          "name": "CVE-2026-31593",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31593"
        },
        {
          "name": "CVE-2026-23438",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23438"
        },
        {
          "name": "CVE-2026-23293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23293"
        },
        {
          "name": "CVE-2026-23463",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23463"
        },
        {
          "name": "CVE-2026-23227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23227"
        },
        {
          "name": "CVE-2026-23454",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23454"
        },
        {
          "name": "CVE-2026-31405",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31405"
        },
        {
          "name": "CVE-2026-43054",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43054"
        },
        {
          "name": "CVE-2026-23465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23465"
        },
        {
          "name": "CVE-2026-31664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31664"
        },
        {
          "name": "CVE-2026-31542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31542"
        },
        {
          "name": "CVE-2026-31473",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31473"
        },
        {
          "name": "CVE-2026-23297",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23297"
        },
        {
          "name": "CVE-2026-31556",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31556"
        },
        {
          "name": "CVE-2026-31528",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31528"
        },
        {
          "name": "CVE-2026-31448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31448"
        },
        {
          "name": "CVE-2026-31597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31597"
        },
        {
          "name": "CVE-2025-21709",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21709"
        },
        {
          "name": "CVE-2026-22981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22981"
        },
        {
          "name": "CVE-2026-31550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31550"
        },
        {
          "name": "CVE-2026-31487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31487"
        },
        {
          "name": "CVE-2026-23290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23290"
        },
        {
          "name": "CVE-2026-31549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31549"
        },
        {
          "name": "CVE-2026-31752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31752"
        },
        {
          "name": "CVE-2025-40016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40016"
        },
        {
          "name": "CVE-2026-31787",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31787"
        },
        {
          "name": "CVE-2025-38626",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38626"
        },
        {
          "name": "CVE-2026-23303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23303"
        },
        {
          "name": "CVE-2026-43011",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43011"
        },
        {
          "name": "CVE-2025-68175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68175"
        },
        {
          "name": "CVE-2026-31396",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31396"
        },
        {
          "name": "CVE-2026-23461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23461"
        },
        {
          "name": "CVE-2026-31680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31680"
        },
        {
          "name": "CVE-2026-31586",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31586"
        },
        {
          "name": "CVE-2026-23340",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23340"
        },
        {
          "name": "CVE-2026-43046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43046"
        },
        {
          "name": "CVE-2025-68334",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68334"
        },
        {
          "name": "CVE-2026-31738",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31738"
        },
        {
          "name": "CVE-2026-23441",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23441"
        },
        {
          "name": "CVE-2026-23210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23210"
        },
        {
          "name": "CVE-2025-40005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40005"
        },
        {
          "name": "CVE-2026-31751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31751"
        },
        {
          "name": "CVE-2026-23380",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23380"
        },
        {
          "name": "CVE-2026-23383",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23383"
        },
        {
          "name": "CVE-2026-31462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31462"
        },
        {
          "name": "CVE-2026-23412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23412"
        },
        {
          "name": "CVE-2026-23439",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23439"
        },
        {
          "name": "CVE-2026-23253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23253"
        },
        {
          "name": "CVE-2026-43025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43025"
        },
        {
          "name": "CVE-2026-31581",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31581"
        },
        {
          "name": "CVE-2026-31721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31721"
        },
        {
          "name": "CVE-2026-31617",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31617"
        },
        {
          "name": "CVE-2026-23271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23271"
        },
        {
          "name": "CVE-2025-68265",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68265"
        },
        {
          "name": "CVE-2026-23434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23434"
        },
        {
          "name": "CVE-2026-31655",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31655"
        },
        {
          "name": "CVE-2026-31611",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31611"
        },
        {
          "name": "CVE-2026-31502",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31502"
        },
        {
          "name": "CVE-2026-31531",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31531"
        },
        {
          "name": "CVE-2026-43018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43018"
        },
        {
          "name": "CVE-2026-43014",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43014"
        },
        {
          "name": "CVE-2026-31447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31447"
        },
        {
          "name": "CVE-2025-22116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22116"
        },
        {
          "name": "CVE-2026-23226",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23226"
        },
        {
          "name": "CVE-2026-23285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23285"
        },
        {
          "name": "CVE-2026-31431",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"
        },
        {
          "name": "CVE-2026-31645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31645"
        },
        {
          "name": "CVE-2026-23470",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23470"
        },
        {
          "name": "CVE-2026-31599",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31599"
        },
        {
          "name": "CVE-2026-43028",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43028"
        },
        {
          "name": "CVE-2026-31511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31511"
        },
        {
          "name": "CVE-2026-31614",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31614"
        },
        {
          "name": "CVE-2026-23422",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23422"
        },
        {
          "name": "CVE-2026-31482",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31482"
        },
        {
          "name": "CVE-2026-31548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31548"
        },
        {
          "name": "CVE-2026-23304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23304"
        },
        {
          "name": "CVE-2026-31683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31683"
        },
        {
          "name": "CVE-2026-23357",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23357"
        },
        {
          "name": "CVE-2026-31408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31408"
        },
        {
          "name": "CVE-2025-38105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38105"
        },
        {
          "name": "CVE-2026-31524",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31524"
        },
        {
          "name": "CVE-2026-31505",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31505"
        },
        {
          "name": "CVE-2026-31668",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31668"
        },
        {
          "name": "CVE-2026-23250",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23250"
        },
        {
          "name": "CVE-2026-23066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23066"
        },
        {
          "name": "CVE-2026-31478",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31478"
        },
        {
          "name": "CVE-2026-31546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31546"
        },
        {
          "name": "CVE-2025-38426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38426"
        },
        {
          "name": "CVE-2025-38436",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38436"
        },
        {
          "name": "CVE-2026-31583",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31583"
        },
        {
          "name": "CVE-2025-22117",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22117"
        },
        {
          "name": "CVE-2026-31605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31605"
        },
        {
          "name": "CVE-2026-23324",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23324"
        },
        {
          "name": "CVE-2026-23347",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23347"
        },
        {
          "name": "CVE-2026-23373",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23373"
        },
        {
          "name": "CVE-2026-31516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31516"
        },
        {
          "name": "CVE-2024-50298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
        },
        {
          "name": "CVE-2026-23317",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23317"
        },
        {
          "name": "CVE-2026-43047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43047"
        },
        {
          "name": "CVE-2026-31389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31389"
        },
        {
          "name": "CVE-2026-31394",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31394"
        },
        {
          "name": "CVE-2026-31786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31786"
        },
        {
          "name": "CVE-2026-31545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31545"
        },
        {
          "name": "CVE-2026-31681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31681"
        },
        {
          "name": "CVE-2026-31598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31598"
        },
        {
          "name": "CVE-2026-23456",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23456"
        },
        {
          "name": "CVE-2026-43033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43033"
        },
        {
          "name": "CVE-2026-43023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43023"
        },
        {
          "name": "CVE-2026-23287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23287"
        },
        {
          "name": "CVE-2026-31510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31510"
        },
        {
          "name": "CVE-2026-31622",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31622"
        },
        {
          "name": "CVE-2026-23457",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23457"
        },
        {
          "name": "CVE-2026-31595",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31595"
        },
        {
          "name": "CVE-2026-31496",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31496"
        },
        {
          "name": "CVE-2026-31642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31642"
        },
        {
          "name": "CVE-2026-23399",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23399"
        },
        {
          "name": "CVE-2026-23334",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23334"
        },
        {
          "name": "CVE-2025-40242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40242"
        },
        {
          "name": "CVE-2026-31659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31659"
        },
        {
          "name": "CVE-2026-23401",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23401"
        },
        {
          "name": "CVE-2025-71239",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71239"
        },
        {
          "name": "CVE-2026-23207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23207"
        },
        {
          "name": "CVE-2026-43057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43057"
        },
        {
          "name": "CVE-2026-43030",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43030"
        },
        {
          "name": "CVE-2026-23138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23138"
        },
        {
          "name": "CVE-2025-38250",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38250"
        },
        {
          "name": "CVE-2026-31525",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31525"
        },
        {
          "name": "CVE-2026-31638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31638"
        },
        {
          "name": "CVE-2026-31588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31588"
        },
        {
          "name": "CVE-2026-23391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23391"
        },
        {
          "name": "CVE-2026-31415",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31415"
        },
        {
          "name": "CVE-2026-31647",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31647"
        },
        {
          "name": "CVE-2024-47809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
        },
        {
          "name": "CVE-2026-23204",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
        },
        {
          "name": "CVE-2026-23462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23462"
        },
        {
          "name": "CVE-2026-31563",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31563"
        },
        {
          "name": "CVE-2026-23273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23273"
        },
        {
          "name": "CVE-2026-23372",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23372"
        },
        {
          "name": "CVE-2026-31693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31693"
        },
        {
          "name": "CVE-2026-31689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31689"
        },
        {
          "name": "CVE-2026-23319",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23319"
        },
        {
          "name": "CVE-2024-56719",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56719"
        },
        {
          "name": "CVE-2026-31566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31566"
        },
        {
          "name": "CVE-2026-31494",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31494"
        },
        {
          "name": "CVE-2026-31565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31565"
        },
        {
          "name": "CVE-2026-23270",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23270"
        },
        {
          "name": "CVE-2026-31763",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31763"
        },
        {
          "name": "CVE-2026-23279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23279"
        },
        {
          "name": "CVE-2026-23466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23466"
        },
        {
          "name": "CVE-2026-31616",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31616"
        },
        {
          "name": "CVE-2026-31670",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31670"
        },
        {
          "name": "CVE-2026-23240",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23240"
        },
        {
          "name": "CVE-2026-23244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23244"
        },
        {
          "name": "CVE-2026-23246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23246"
        },
        {
          "name": "CVE-2026-31422",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31422"
        },
        {
          "name": "CVE-2026-23286",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23286"
        },
        {
          "name": "CVE-2026-23359",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23359"
        },
        {
          "name": "CVE-2026-31533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31533"
        },
        {
          "name": "CVE-2026-23298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23298"
        },
        {
          "name": "CVE-2026-31469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31469"
        },
        {
          "name": "CVE-2026-31498",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31498"
        },
        {
          "name": "CVE-2026-31615",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31615"
        },
        {
          "name": "CVE-2026-31520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31520"
        },
        {
          "name": "CVE-2026-31449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31449"
        },
        {
          "name": "CVE-2026-31418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31418"
        },
        {
          "name": "CVE-2026-23296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23296"
        },
        {
          "name": "CVE-2026-31427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31427"
        },
        {
          "name": "CVE-2026-31555",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31555"
        },
        {
          "name": "CVE-2026-31594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31594"
        },
        {
          "name": "CVE-2026-31392",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31392"
        },
        {
          "name": "CVE-2026-23360",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23360"
        },
        {
          "name": "CVE-2025-40150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40150"
        },
        {
          "name": "CVE-2026-31580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31580"
        },
        {
          "name": "CVE-2026-31515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31515"
        },
        {
          "name": "CVE-2026-31661",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31661"
        },
        {
          "name": "CVE-2026-31737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31737"
        },
        {
          "name": "CVE-2025-38627",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38627"
        },
        {
          "name": "CVE-2026-31606",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31606"
        },
        {
          "name": "CVE-2026-43017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43017"
        },
        {
          "name": "CVE-2024-14027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-14027"
        },
        {
          "name": "CVE-2025-71267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71267"
        },
        {
          "name": "CVE-2026-43043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43043"
        },
        {
          "name": "CVE-2025-37945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37945"
        },
        {
          "name": "CVE-2026-23308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23308"
        },
        {
          "name": "CVE-2026-31684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31684"
        },
        {
          "name": "CVE-2026-23396",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23396"
        },
        {
          "name": "CVE-2026-31423",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31423"
        },
        {
          "name": "CVE-2026-31625",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31625"
        },
        {
          "name": "CVE-2026-43051",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43051"
        },
        {
          "name": "CVE-2026-31759",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31759"
        },
        {
          "name": "CVE-2026-31432",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31432"
        },
        {
          "name": "CVE-2026-23370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23370"
        },
        {
          "name": "CVE-2025-38303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38303"
        },
        {
          "name": "CVE-2026-23302",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23302"
        },
        {
          "name": "CVE-2026-23414",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23414"
        },
        {
          "name": "CVE-2026-31781",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31781"
        },
        {
          "name": "CVE-2026-23315",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23315"
        },
        {
          "name": "CVE-2026-31523",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31523"
        },
        {
          "name": "CVE-2026-31669",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31669"
        },
        {
          "name": "CVE-2026-31450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31450"
        },
        {
          "name": "CVE-2026-31671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31671"
        },
        {
          "name": "CVE-2026-31749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31749"
        },
        {
          "name": "CVE-2026-43024",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43024"
        },
        {
          "name": "CVE-2026-23239",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23239"
        },
        {
          "name": "CVE-2026-23352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23352"
        },
        {
          "name": "CVE-2026-31720",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31720"
        },
        {
          "name": "CVE-2026-31554",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31554"
        },
        {
          "name": "CVE-2026-31748",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31748"
        },
        {
          "name": "CVE-2026-23367",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23367"
        },
        {
          "name": "CVE-2026-31628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31628"
        },
        {
          "name": "CVE-2026-23427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23427"
        },
        {
          "name": "CVE-2026-31662",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31662"
        },
        {
          "name": "CVE-2025-71067",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71067"
        },
        {
          "name": "CVE-2026-31768",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31768"
        },
        {
          "name": "CVE-2026-43026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43026"
        },
        {
          "name": "CVE-2026-31480",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31480"
        },
        {
          "name": "CVE-2026-23255",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23255"
        },
        {
          "name": "CVE-2026-23446",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23446"
        },
        {
          "name": "CVE-2026-23417",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23417"
        },
        {
          "name": "CVE-2026-43035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43035"
        },
        {
          "name": "CVE-2026-31561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31561"
        },
        {
          "name": "CVE-2026-31627",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31627"
        },
        {
          "name": "CVE-2025-71269",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71269"
        },
        {
          "name": "CVE-2026-31429",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31429"
        },
        {
          "name": "CVE-2026-31665",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31665"
        },
        {
          "name": "CVE-2025-40358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40358"
        },
        {
          "name": "CVE-2026-23300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23300"
        },
        {
          "name": "CVE-2026-23444",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23444"
        },
        {
          "name": "CVE-2026-31391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31391"
        },
        {
          "name": "CVE-2026-31406",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31406"
        },
        {
          "name": "CVE-2026-31672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31672"
        },
        {
          "name": "CVE-2026-31401",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31401"
        },
        {
          "name": "CVE-2026-31780",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31780"
        },
        {
          "name": "CVE-2026-23243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23243"
        },
        {
          "name": "CVE-2026-31479",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31479"
        },
        {
          "name": "CVE-2023-53510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53510"
        },
        {
          "name": "CVE-2026-31675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31675"
        },
        {
          "name": "CVE-2026-31521",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31521"
        },
        {
          "name": "CVE-2026-23363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23363"
        },
        {
          "name": "CVE-2026-31626",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31626"
        },
        {
          "name": "CVE-2026-23445",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23445"
        },
        {
          "name": "CVE-2026-31634",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31634"
        },
        {
          "name": "CVE-2026-31610",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31610"
        },
        {
          "name": "CVE-2024-47736",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47736"
        },
        {
          "name": "CVE-2026-31412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31412"
        },
        {
          "name": "CVE-2026-43032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43032"
        },
        {
          "name": "CVE-2026-23362",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23362"
        },
        {
          "name": "CVE-2026-23379",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23379"
        },
        {
          "name": "CVE-2026-31648",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31648"
        },
        {
          "name": "CVE-2026-31421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31421"
        },
        {
          "name": "CVE-2026-31677",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31677"
        },
        {
          "name": "CVE-2023-53545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53545"
        },
        {
          "name": "CVE-2026-23381",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23381"
        },
        {
          "name": "CVE-2026-31518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31518"
        },
        {
          "name": "CVE-2026-31470",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31470"
        },
        {
          "name": "CVE-2026-31686",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31686"
        },
        {
          "name": "CVE-2026-31660",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31660"
        },
        {
          "name": "CVE-2026-23392",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23392"
        },
        {
          "name": "CVE-2026-23245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23245"
        },
        {
          "name": "CVE-2026-31728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31728"
        },
        {
          "name": "CVE-2024-49998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
        },
        {
          "name": "CVE-2026-31403",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31403"
        },
        {
          "name": "CVE-2026-31400",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31400"
        },
        {
          "name": "CVE-2026-31512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31512"
        },
        {
          "name": "CVE-2026-23330",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23330"
        },
        {
          "name": "CVE-2026-31726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31726"
        },
        {
          "name": "CVE-2026-31504",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31504"
        },
        {
          "name": "CVE-2026-31773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31773"
        },
        {
          "name": "CVE-2026-23364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23364"
        },
        {
          "name": "CVE-2026-31607",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31607"
        },
        {
          "name": "CVE-2026-23242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23242"
        },
        {
          "name": "CVE-2026-43015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43015"
        },
        {
          "name": "CVE-2026-31509",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31509"
        },
        {
          "name": "CVE-2026-31679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31679"
        },
        {
          "name": "CVE-2025-40135",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40135"
        },
        {
          "name": "CVE-2026-31637",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31637"
        },
        {
          "name": "CVE-2026-31779",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31779"
        },
        {
          "name": "CVE-2026-31612",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31612"
        },
        {
          "name": "CVE-2026-23428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23428"
        },
        {
          "name": "CVE-2026-23274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23274"
        },
        {
          "name": "CVE-2026-31590",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31590"
        },
        {
          "name": "CVE-2026-22993",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22993"
        },
        {
          "name": "CVE-2026-23361",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23361"
        },
        {
          "name": "CVE-2025-38192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38192"
        },
        {
          "name": "CVE-2026-43020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43020"
        },
        {
          "name": "CVE-2026-31417",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31417"
        },
        {
          "name": "CVE-2026-43041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43041"
        },
        {
          "name": "CVE-2026-31761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31761"
        },
        {
          "name": "CVE-2026-31466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31466"
        },
        {
          "name": "CVE-2026-31527",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31527"
        },
        {
          "name": "CVE-2026-31604",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31604"
        },
        {
          "name": "CVE-2026-23448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23448"
        },
        {
          "name": "CVE-2026-22985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22985"
        },
        {
          "name": "CVE-2025-71152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71152"
        },
        {
          "name": "CVE-2026-31414",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31414"
        },
        {
          "name": "CVE-2026-31584",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31584"
        },
        {
          "name": "CVE-2026-31778",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31778"
        },
        {
          "name": "CVE-2025-38704",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38704"
        },
        {
          "name": "CVE-2026-31557",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31557"
        },
        {
          "name": "CVE-2026-31426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31426"
        },
        {
          "name": "CVE-2026-23354",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23354"
        },
        {
          "name": "CVE-2026-23325",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23325"
        },
        {
          "name": "CVE-2025-21676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
        },
        {
          "name": "CVE-2026-43040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43040"
        },
        {
          "name": "CVE-2026-23440",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23440"
        },
        {
          "name": "CVE-2026-31552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31552"
        },
        {
          "name": "CVE-2026-23284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23284"
        },
        {
          "name": "CVE-2026-31488",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31488"
        },
        {
          "name": "CVE-2026-23278",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23278"
        },
        {
          "name": "CVE-2026-31532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31532"
        },
        {
          "name": "CVE-2026-23397",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23397"
        },
        {
          "name": "CVE-2026-23452",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23452"
        },
        {
          "name": "CVE-2026-23474",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23474"
        },
        {
          "name": "CVE-2026-31434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31434"
        },
        {
          "name": "CVE-2026-23343",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23343"
        },
        {
          "name": "CVE-2026-31430",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31430"
        },
        {
          "name": "CVE-2026-23336",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23336"
        },
        {
          "name": "CVE-2026-31497",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31497"
        },
        {
          "name": "CVE-2026-31682",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31682"
        },
        {
          "name": "CVE-2026-31570",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31570"
        },
        {
          "name": "CVE-2026-23289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23289"
        },
        {
          "name": "CVE-2026-31755",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31755"
        },
        {
          "name": "CVE-2026-23292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23292"
        },
        {
          "name": "CVE-2026-23141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23141"
        },
        {
          "name": "CVE-2026-31451",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31451"
        },
        {
          "name": "CVE-2026-23277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23277"
        },
        {
          "name": "CVE-2026-31399",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31399"
        },
        {
          "name": "CVE-2026-22986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22986"
        },
        {
          "name": "CVE-2026-31489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31489"
        },
        {
          "name": "CVE-2026-31441",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31441"
        },
        {
          "name": "CVE-2026-23455",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23455"
        },
        {
          "name": "CVE-2026-23316",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23316"
        },
        {
          "name": "CVE-2026-23251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23251"
        },
        {
          "name": "CVE-2026-23335",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23335"
        },
        {
          "name": "CVE-2026-31551",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31551"
        },
        {
          "name": "CVE-2026-31495",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31495"
        },
        {
          "name": "CVE-2026-23252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23252"
        },
        {
          "name": "CVE-2026-23369",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23369"
        },
        {
          "name": "CVE-2026-31507",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31507"
        },
        {
          "name": "CVE-2026-23389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23389"
        },
        {
          "name": "CVE-2026-31762",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31762"
        },
        {
          "name": "CVE-2026-31788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31788"
        },
        {
          "name": "CVE-2026-31411",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31411"
        },
        {
          "name": "CVE-2026-31428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31428"
        },
        {
          "name": "CVE-2026-23420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23420"
        },
        {
          "name": "CVE-2026-23388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23388"
        },
        {
          "name": "CVE-2025-39748",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39748"
        },
        {
          "name": "CVE-2026-23449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23449"
        },
        {
          "name": "CVE-2025-39863",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39863"
        },
        {
          "name": "CVE-2025-71266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71266"
        },
        {
          "name": "CVE-2026-31492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31492"
        },
        {
          "name": "CVE-2026-43037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43037"
        },
        {
          "name": "CVE-2026-23070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23070"
        },
        {
          "name": "CVE-2026-31596",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31596"
        },
        {
          "name": "CVE-2026-31666",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31666"
        },
        {
          "name": "CVE-2026-31676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31676"
        },
        {
          "name": "CVE-2026-23442",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23442"
        },
        {
          "name": "CVE-2026-31476",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31476"
        },
        {
          "name": "CVE-2026-31603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31603"
        },
        {
          "name": "CVE-2026-23104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23104"
        },
        {
          "name": "CVE-2026-23393",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23393"
        },
        {
          "name": "CVE-2026-23458",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23458"
        },
        {
          "name": "CVE-2026-23313",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23313"
        },
        {
          "name": "CVE-2026-31649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31649"
        },
        {
          "name": "CVE-2026-31674",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31674"
        },
        {
          "name": "CVE-2026-31393",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31393"
        },
        {
          "name": "CVE-2026-23310",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23310"
        },
        {
          "name": "CVE-2026-31577",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31577"
        },
        {
          "name": "CVE-2026-43027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43027"
        },
        {
          "name": "CVE-2025-68206",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68206"
        },
        {
          "name": "CVE-2026-31576",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31576"
        },
        {
          "name": "CVE-2026-31506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31506"
        },
        {
          "name": "CVE-2026-23339",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23339"
        },
        {
          "name": "CVE-2026-31433",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31433"
        },
        {
          "name": "CVE-2026-31458",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31458"
        },
        {
          "name": "CVE-2026-31776",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31776"
        },
        {
          "name": "CVE-2026-31575",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31575"
        },
        {
          "name": "CVE-2026-23321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23321"
        },
        {
          "name": "CVE-2026-23460",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23460"
        },
        {
          "name": "CVE-2026-31678",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31678"
        },
        {
          "name": "CVE-2026-31587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31587"
        },
        {
          "name": "CVE-2025-71161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71161"
        },
        {
          "name": "CVE-2026-31540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31540"
        },
        {
          "name": "CVE-2026-23395",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23395"
        },
        {
          "name": "CVE-2026-31651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31651"
        },
        {
          "name": "CVE-2023-53228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53228"
        },
        {
          "name": "CVE-2026-23100",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23100"
        },
        {
          "name": "CVE-2026-31503",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31503"
        },
        {
          "name": "CVE-2026-31657",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31657"
        },
        {
          "name": "CVE-2026-31747",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31747"
        },
        {
          "name": "CVE-2026-31455",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31455"
        },
        {
          "name": "CVE-2026-31624",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31624"
        },
        {
          "name": "CVE-2026-23306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23306"
        },
        {
          "name": "CVE-2026-31585",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31585"
        },
        {
          "name": "CVE-2026-31474",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31474"
        },
        {
          "name": "CVE-2026-23374",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23374"
        },
        {
          "name": "CVE-2026-23378",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23378"
        },
        {
          "name": "CVE-2026-31646",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31646"
        },
        {
          "name": "CVE-2026-31519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31519"
        },
        {
          "name": "CVE-2026-23464",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23464"
        },
        {
          "name": "CVE-2026-31439",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31439"
        },
        {
          "name": "CVE-2026-23291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23291"
        },
        {
          "name": "CVE-2026-23413",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23413"
        },
        {
          "name": "CVE-2026-31436",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31436"
        },
        {
          "name": "CVE-2025-68239",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68239"
        },
        {
          "name": "CVE-2026-23382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23382"
        },
        {
          "name": "CVE-2026-31410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31410"
        },
        {
          "name": "CVE-2026-31446",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31446"
        },
        {
          "name": "CVE-2026-31644",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31644"
        },
        {
          "name": "CVE-2026-23113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23113"
        },
        {
          "name": "CVE-2026-23157",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23157"
        },
        {
          "name": "CVE-2026-31464",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31464"
        },
        {
          "name": "CVE-2026-31500",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31500"
        },
        {
          "name": "CVE-2026-31695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31695"
        },
        {
          "name": "CVE-2025-37980",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37980"
        },
        {
          "name": "CVE-2026-23231",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23231"
        },
        {
          "name": "CVE-2025-40261",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
        },
        {
          "name": "CVE-2026-31558",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31558"
        },
        {
          "name": "CVE-2026-23312",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23312"
        },
        {
          "name": "CVE-2026-31639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31639"
        },
        {
          "name": "CVE-2026-31508",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31508"
        },
        {
          "name": "CVE-2026-23365",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23365"
        },
        {
          "name": "CVE-2026-23419",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23419"
        },
        {
          "name": "CVE-2026-31424",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31424"
        },
        {
          "name": "CVE-2026-23375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23375"
        },
        {
          "name": "CVE-2026-23356",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23356"
        },
        {
          "name": "CVE-2026-23307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23307"
        },
        {
          "name": "CVE-2025-38162",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38162"
        },
        {
          "name": "CVE-2026-31477",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31477"
        },
        {
          "name": "CVE-2026-23249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23249"
        },
        {
          "name": "CVE-2026-43038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43038"
        },
        {
          "name": "CVE-2026-43013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43013"
        },
        {
          "name": "CVE-2026-31454",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31454"
        },
        {
          "name": "CVE-2025-38659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38659"
        },
        {
          "name": "CVE-2026-23386",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23386"
        },
        {
          "name": "CVE-2026-31452",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31452"
        },
        {
          "name": "CVE-2026-31407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31407"
        },
        {
          "name": "CVE-2026-23398",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23398"
        },
        {
          "name": "CVE-2026-31602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31602"
        },
        {
          "name": "CVE-2026-31425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31425"
        },
        {
          "name": "CVE-2026-31440",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31440"
        },
        {
          "name": "CVE-2026-23276",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23276"
        },
        {
          "name": "CVE-2026-31629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31629"
        },
        {
          "name": "CVE-2026-23351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23351"
        },
        {
          "name": "CVE-2026-43050",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43050"
        },
        {
          "name": "CVE-2026-31438",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31438"
        },
        {
          "name": "CVE-2026-23154",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23154"
        },
        {
          "name": "CVE-2026-31673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31673"
        },
        {
          "name": "CVE-2026-31667",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31667"
        }
      ],
      "initial_release_date": "2026-05-07T00:00:00",
      "last_revision_date": "2026-05-07T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0548",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-07T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
      "vendor_advisories": [
        {
          "published_at": "2026-05-01",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg00154",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00154.html"
        },
        {
          "published_at": "2026-04-30",
          "title": "Bulletin de s\u00e9curit\u00e9 Debian msg00148",
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00148.html"
        }
      ]
    }

    CVE-2026-14355 (GCVE-0-2026-14355)

    Vulnerability from nvd – Published: 2026-07-03 20:57 – Updated: 2026-07-06 13:57
    VLAI
    Title
    ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD
    Summary
    In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based buffer overflow
    Assigner
    php
    Impacted products
    Vendor Product Version
    php php Affected: 8.2.0 , < 8.2.32 (semver)
    Affected: 8.3.0 , < 8.3.32 (semver)
    Affected: 8.4.0 , < 8.4.23 (semver)
    Affected: 8.5.0 , < 8.5.8 (semver)
    Create a notification for this product.
    Credits
    Oleg Baturin David CARLIER
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-04T15:25:16.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/07/msg00010.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14355",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:57:51.767008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:57:58.387Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.php.net/",
              "defaultStatus": "affected",
              "modules": [
                "ext/openssl"
              ],
              "packageName": "openssl",
              "product": "php",
              "vendor": "php",
              "versions": [
                {
                  "lessThan": "8.2.32",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.3.32",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.4.23",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.5.8",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Oleg Baturin"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "David CARLIER"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort.\u003c/p\u003e"
                }
              ],
              "value": "In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T20:59:02.604Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "name": "GitHub Security Advisory GHSA-7jrw-539f-x6vr",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/php/php-src/security/advisories/GHSA-7jrw-539f-x6vr"
            }
          ],
          "source": {
            "advisory": "GHSA-7jrw-539f-x6vr",
            "defenseOmission": false,
            "discovery": "EXTERNAL"
          },
          "title": "ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2026-14355",
        "datePublished": "2026-07-03T20:57:31.958Z",
        "dateReserved": "2026-07-01T17:52:41.706Z",
        "dateUpdated": "2026-07-06T13:57:58.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56968 (GCVE-0-2026-56968)

    Vulnerability from nvd – Published: 2026-06-23 16:18 – Updated: 2026-06-23 17:31
    VLAI
    Summary
    GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-839 - Numeric Range Comparison Without Minimum Check
    Assigner
    Impacted products
    Vendor Product Version
    GNU GNU SASL Affected: 0 , < 2.2.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T17:31:41.785915Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T17:31:49.772Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GNU SASL",
              "vendor": "GNU",
              "versions": [
                {
                  "lessThan": "2.2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnu:gnu_sasl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.2.4",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-839",
                  "description": "CWE-839 Numeric Range Comparison Without Minimum Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T16:18:29.150Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html"
            },
            {
              "url": "https://lists.debian.org/debian-security-announce/2026/msg00259.html"
            },
            {
              "url": "https://ftp.gnu.org/gnu/gsasl/"
            },
            {
              "url": "https://www.gnu.org/software/gsasl/"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-56968",
        "datePublished": "2026-06-23T16:18:29.150Z",
        "dateReserved": "2026-06-23T16:18:28.745Z",
        "dateUpdated": "2026-06-23T17:31:49.772Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11853 (GCVE-0-2026-11853)

    Vulnerability from nvd – Published: 2026-06-10 09:10 – Updated: 2026-06-10 18:50
    VLAI
    Summary
    Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Debian debusine Affected: 0.12.0 , < 0.14.9 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11853",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:49:26.303190Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:50:09.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "debusine",
              "vendor": "Debian",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.14.9",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.14.9",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to."
                }
              ],
              "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T09:12:23.194Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1484"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3103"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/commit/c24cdc49fb258714767546bdec5b09f8065d414e"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2026-11853",
        "datePublished": "2026-06-10T09:10:30.301Z",
        "dateReserved": "2026-06-10T08:25:48.992Z",
        "dateUpdated": "2026-06-10T18:50:09.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11852 (GCVE-0-2026-11852)

    Vulnerability from nvd – Published: 2026-06-10 09:10 – Updated: 2026-06-10 18:51
    VLAI
    Summary
    Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Debian debusine Affected: 0.2.0 , < 0.14.6 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:51:52.457963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:51:58.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "debusine",
              "vendor": "Debian",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.14.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.14.6",
                  "status": "affected",
                  "version": "0.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question."
                }
              ],
              "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T09:12:30.625Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1499"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2026-11852",
        "datePublished": "2026-06-10T09:10:21.401Z",
        "dateReserved": "2026-06-10T08:25:35.480Z",
        "dateUpdated": "2026-06-10T18:51:58.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49975 (GCVE-0-2026-49975)

    Vulnerability from nvd – Published: 2026-06-08 15:26 – Updated: 2026-07-10 12:05
    VLAI
    Title
    Apache HTTP Server: mod_http2 denial of service
    Summary
    Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache HTTP Server Affected: 2.4.17 , ≤ 2.4.67 (semver)
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services on RHEL 7 Server     cpe:/a:redhat:jboss_core_services:1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services on RHEL 8     cpe:/a:redhat:jboss_core_services:1::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)     cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services 2.4.62.SP4     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 2.6     cpe:/a:redhat:service_mesh:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Web Server 5     cpe:/a:redhat:jboss_enterprise_web_server:5
    Create a notification for this product.
    Credits
    Quang Luong of Calif.IO in collaboration with OpenAI Codex
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-08T22:32:35.729Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/03/3"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00009.html"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/08/16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49975",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T10:27:36.270403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T10:29:04.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/EQSTLab/CVE-2026-49975"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Core Services on RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Core Services on RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Core Services 2.4.62.SP4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_web_server:5"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Web Server 5",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-03T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-409",
                    "description": "Improper Handling of Highly Compressed Data (Data Amplification)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:05:19.027Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-49975"
              },
              {
                "name": "RHBZ#2485371",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485371"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49975.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27200"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25090"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36846"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36831"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36373"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25057"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25042"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27201"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27114"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:27200: Red Hat JBoss Core Services on RHEL 7 Server, Red Hat JBoss Core Services on RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25225: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25090: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36846: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36831: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36373: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25057: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25042: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27201: Red Hat JBoss Core Services 2.4.62.SP4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27114: Red Hat OpenShift Service Mesh 2.6"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-05T06:04:44.009Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-03T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache HTTP Server",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.67",
                  "status": "affected",
                  "version": "2.4.17",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Quang Luong of Calif.IO in collaboration with OpenAI Codex"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMemory Allocation with Excessive Size Value vulnerability in Apache HTTP Server\u0027s mod_http leads to denial of service via malicious HTTP requests.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server\u0027s mod_http leads to denial of service via malicious HTTP requests.\n\nThis issue affects Apache HTTP Server: from 2.4.17 through 2.4.67."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T15:26:04.674Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-26T12:00:00.000Z",
              "value": "reported"
            },
            {
              "lang": "en",
              "time": "2026-05-27T12:00:00.000Z",
              "value": "fixed upstream in mod_h2 https://github.com/icing/mod_h2/commit/35c6e405390ed361189a82acd96675401ea5947c"
            },
            {
              "lang": "en",
              "time": "2026-06-02T12:00:00.000Z",
              "value": "fixed in 2.4.x by r1934882"
            },
            {
              "lang": "eng",
              "time": "2026-06-08T12:00:00.000Z",
              "value": "2.4.68 released"
            }
          ],
          "title": "Apache HTTP Server: mod_http2 denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2026-49975",
        "datePublished": "2026-06-08T15:26:04.674Z",
        "dateReserved": "2026-06-02T17:20:37.983Z",
        "dateUpdated": "2026-07-10T12:05:19.027Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-46333 (GCVE-0-2026-46333)

    Vulnerability from nvd – Published: 2026-05-15 12:58 – Updated: 2026-07-01 12:05
    VLAI
    Title
    ptrace: slightly saner 'get_dumpable()' logic
    Summary
    In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    URL Tags
    https://git.kernel.org/stable/c/93d4ba49d18e3d7fb…
    https://git.kernel.org/stable/c/15b828a46f305ae9f…
    https://git.kernel.org/stable/c/4709234fd1b95136c…
    https://git.kernel.org/stable/c/8f907d345bae8f4b3…
    https://git.kernel.org/stable/c/6e5b51e74a40d377b…
    https://git.kernel.org/stable/c/2a93a4fac7b6051d3…
    https://git.kernel.org/stable/c/01363cb3fbd0238ff…
    https://git.kernel.org/stable/c/31e62c2ebbfdc3fe3…
    http://www.openwall.com/lists/oss-security/2026/05/15/9
    https://lists.debian.org/debian-lts-announce/2026…
    https://lists.debian.org/debian-lts-announce/2026…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/ exploit
    https://access.redhat.com/security/cve/CVE-2026-46333 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2477802 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:19540 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33486 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21701 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21702 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20299 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19569 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19705 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20593 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20054 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20129 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19666 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23470 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20130 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20051 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19521 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23471 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23469 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24814 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19664 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19711 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19875 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Linux Linux Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6 (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 15b828a46f305ae9f05a7c16914b3ce273474205 (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 4709234fd1b95136ceb789f639b1e7ea5de1b181 (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 8f907d345bae8f4b3f004c5abc56bf2dfb851ea7 (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 2a93a4fac7b6051d3be7cd1b015fe7320cd0404d (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 01363cb3fbd0238ffdeb09f53e9039c9edf8a730 (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a (git)
    Affected: d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12 (git)
    Affected: 03eed7afbc09e061f66b448daf7863174c3dc3f3 (git)
    Affected: e45692fa1aea06676449b63ef3c2b6e1e72b7578 (git)
    Affected: 694a95fa6dae4991f16cda333d897ea063021fed (git)
    Affected: 3.16.52 , < 3.17 (semver)
    Affected: 4.4.40 , < 4.5 (semver)
    Affected: 4.8.16 , < 4.9 (semver)
    Affected: 4.9.1 , < 4.10 (semver)
    Create a notification for this product.
    Linux Linux Affected: 4.10
    Unaffected: 0 , < 4.10 (semver)
    Unaffected: 5.10.256 , ≤ 5.10.* (semver)
    Unaffected: 5.15.207 , ≤ 5.15.* (semver)
    Unaffected: 6.1.173 , ≤ 6.1.* (semver)
    Unaffected: 6.6.139 , ≤ 6.6.* (semver)
    Unaffected: 6.12.89 , ≤ 6.12.* (semver)
    Unaffected: 6.18.31 , ≤ 6.18.* (semver)
    Unaffected: 7.0.8 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Red Hat NVIDIA for RHEL 10     cpe:/a:redhat:enterprise_linux_nvidia:10::el10
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el8
        cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.4)     cpe:/o:redhat:rhel_e4s:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV (v. 8)     cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 9)     cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux RT (v. 8)     cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 9)     cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-20T18:47:13.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/15/9"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00032.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00035.html"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/20/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/20/16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-46333",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-22T03:55:24.391Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
                ],
                "defaultStatus": "affected",
                "product": "NVIDIA for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el8",
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux RT (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-15T05:55:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully terminates. Successful exploitation may lead to the disclosure of sensitive data such as SSH host private keys or /etc/shadow contents."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:05:06.860Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-46333"
              },
              {
                "name": "RHBZ#2477802",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477802"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46333.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19540"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33486"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21701"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21702"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20299"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19569"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19705"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20593"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20054"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20129"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19568"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19666"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23470"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20130"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20051"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19521"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23471"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23469"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24814"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23468"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19664"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19711"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19875"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:19540: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33486: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21701: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21702: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20299: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19569: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19705: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20593: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20054: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20129: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19568: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19666: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23470: Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20130: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20051: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19521: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23471: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23469: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24814: Red Hat Enterprise Linux BaseOS E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23468: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19664: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19711: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19875: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-15T08:27:21.590Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-15T05:55:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "kernel: Read root-owned files as an unprivileged user",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "include/linux/sched.h",
                "kernel/exit.c",
                "kernel/ptrace.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "15b828a46f305ae9f05a7c16914b3ce273474205",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "4709234fd1b95136ceb789f639b1e7ea5de1b181",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "8f907d345bae8f4b3f004c5abc56bf2dfb851ea7",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "2a93a4fac7b6051d3be7cd1b015fe7320cd0404d",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "01363cb3fbd0238ffdeb09f53e9039c9edf8a730",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "03eed7afbc09e061f66b448daf7863174c3dc3f3",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "e45692fa1aea06676449b63ef3c2b6e1e72b7578",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "694a95fa6dae4991f16cda333d897ea063021fed",
                  "versionType": "git"
                },
                {
                  "lessThan": "3.17",
                  "status": "affected",
                  "version": "3.16.52",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.5",
                  "status": "affected",
                  "version": "4.4.40",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9",
                  "status": "affected",
                  "version": "4.8.16",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.10",
                  "status": "affected",
                  "version": "4.9.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "include/linux/sched.h",
                "kernel/exit.c",
                "kernel/ptrace.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.10"
                },
                {
                  "lessThan": "4.10",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.256",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.207",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.173",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.139",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.89",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.31",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.256",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.207",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.173",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.139",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.89",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.31",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.8",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.16.52",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "4.4.40",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "4.8.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "4.9.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS).  Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-14T18:09:28.322Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6"
            },
            {
              "url": "https://git.kernel.org/stable/c/15b828a46f305ae9f05a7c16914b3ce273474205"
            },
            {
              "url": "https://git.kernel.org/stable/c/4709234fd1b95136ceb789f639b1e7ea5de1b181"
            },
            {
              "url": "https://git.kernel.org/stable/c/8f907d345bae8f4b3f004c5abc56bf2dfb851ea7"
            },
            {
              "url": "https://git.kernel.org/stable/c/6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d"
            },
            {
              "url": "https://git.kernel.org/stable/c/2a93a4fac7b6051d3be7cd1b015fe7320cd0404d"
            },
            {
              "url": "https://git.kernel.org/stable/c/01363cb3fbd0238ffdeb09f53e9039c9edf8a730"
            },
            {
              "url": "https://git.kernel.org/stable/c/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a"
            }
          ],
          "title": "ptrace: slightly saner \u0027get_dumpable()\u0027 logic",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-46333",
        "datePublished": "2026-05-15T12:58:44.599Z",
        "dateReserved": "2026-05-13T15:03:33.113Z",
        "dateUpdated": "2026-07-01T12:05:06.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-31431 (GCVE-0-2026-31431)

    Vulnerability from nvd – Published: 2026-04-22 08:15 – Updated: 2026-07-01 12:05
    VLAI CISA CIRCL KEVIntel
    Title
    crypto: algif_aead - Revert to operating out-of-place
    Summary
    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://git.kernel.org/stable/c/893d22e0135fa394d…
    https://git.kernel.org/stable/c/19d43105a97be0810…
    https://git.kernel.org/stable/c/961cfa271a918ad4a…
    https://git.kernel.org/stable/c/3115af9644c342b35…
    https://git.kernel.org/stable/c/8b88d99341f139e23…
    https://git.kernel.org/stable/c/fafe0fa2995a0f707…
    https://git.kernel.org/stable/c/ce42ee423e58dffa5…
    https://git.kernel.org/stable/c/a664bf3d603dc3bdc…
    https://github.com/theori-io/copy-fail-CVE-2026-31431 exploit
    https://xint.io/blog/copy-fail-linux-distribution… mitigation
    https://lore.kernel.org/linux-cve-announce/202604… mitigation
    https://access.redhat.com/security/cve/cve-2026-3… mitigation
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    http://www.openwall.com/lists/oss-security/2026/0…
    https://copy.fail
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/04/30/2
    http://www.openwall.com/lists/oss-security/2026/04/30/5
    http://www.openwall.com/lists/oss-security/2026/04/30/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://websec.net/blog/cve-2026-31431-linux-algi…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/01/2
    http://www.openwall.com/lists/oss-security/2026/05/01/3
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/02/4
    http://www.openwall.com/lists/oss-security/2026/05/02/5
    http://www.openwall.com/lists/oss-security/2026/05/02/6
    http://www.openwall.com/lists/oss-security/2026/05/02/7
    http://www.openwall.com/lists/oss-security/2026/05/02/8
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/3
    http://www.openwall.com/lists/oss-security/2026/05/03/4
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/5
    http://www.openwall.com/lists/oss-security/2026/05/03/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/1
    http://www.openwall.com/lists/oss-security/2026/05/04/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/8
    http://www.openwall.com/lists/oss-security/2026/05/04/9
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/06/5
    http://www.openwall.com/lists/oss-security/2026/05/07/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://www.kb.cert.org/vuls/id/260001
    http://www.openwall.com/lists/oss-security/2026/05/18/3
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://access.redhat.com/security/cve/CVE-2026-31431 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460538 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:14926 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33486 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14112 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13727 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13811 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13887 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19074 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13936 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13734 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13932 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14339 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19225 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13577 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15976 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14230 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16210 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16208 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16018 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15978 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13578 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14301 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 893d22e0135fa394db81df88697fba6032747667 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 19d43105a97be0810edbda875f2cd03f30dc130c (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 961cfa271a918ad4ae452420e7c303149002875b (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.14
    Unaffected: 0 , < 4.14 (semver)
    Unaffected: 5.10.254 , ≤ 5.10.* (semver)
    Unaffected: 5.15.204 , ≤ 5.15.* (semver)
    Unaffected: 6.1.170 , ≤ 6.1.* (semver)
    Unaffected: 6.6.137 , ≤ 6.6.* (semver)
    Unaffected: 6.12.85 , ≤ 6.12.* (semver)
    Unaffected: 6.18.22 , ≤ 6.18.* (semver)
    Unaffected: 6.19.12 , ≤ 6.19.* (semver)
    Unaffected: 7.0 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Red Hat NVIDIA for RHEL 10     cpe:/a:redhat:enterprise_linux_nvidia:10::el10
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV (v. 8)     cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 9)     cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux RT (v. 8)     cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 9)     cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31431",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-05-01",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-669",
                    "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-02T03:55:23.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-01T00:00:00.000Z",
                "value": "CVE-2026-31431 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-18T17:44:54.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
              },
              {
                "url": "https://copy.fail"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
              },
              {
                "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/260001"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/18/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:09:03.910Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
                ],
                "defaultStatus": "affected",
                "product": "NVIDIA for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux RT (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-22T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Linux kernel\u0027s algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive system files and escalate to root privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1288",
                    "description": "Improper Validation of Consistency within Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:05:08.344Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31431"
              },
              {
                "name": "RHBZ#2460538",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14926"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33486"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14097"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14112"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13729"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13885"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13727"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13690"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13862"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13811"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13887"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13566"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19074"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13936"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13734"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13932"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14339"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13577"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15976"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14165"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14230"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13681"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16210"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16209"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16208"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16063"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16018"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15978"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13578"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14137"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14301"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:14926: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33486: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14097: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14112: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13729: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13885: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13727: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13690: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13862: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13811: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13887: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13566: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19074: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13936: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13734: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13932: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14339: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13565: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19225: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13577: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15976: Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14165: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14230: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16111: Red Hat Enterprise Linux BaseOS E4S (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13681: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16210: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16209: Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16208: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16063: Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16018: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15978: Red Hat Enterprise Linux BaseOS (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13578: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14137: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14301: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "kernel: crypto: algif_aead - Revert to operating out-of-place",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "893d22e0135fa394db81df88697fba6032747667",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "19d43105a97be0810edbda875f2cd03f30dc130c",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "961cfa271a918ad4ae452420e7c303149002875b",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "3115af9644c342b356f3f07a4dd1c8905cd9a6fc",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "8b88d99341f139e23bdeb1027a2a3ae10d341d82",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.14"
                },
                {
                  "lessThan": "4.14",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.254",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.204",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.170",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.137",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.85",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.22",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.19.*",
                  "status": "unaffected",
                  "version": "6.19.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.0",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.254",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.204",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.170",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.137",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.85",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.22",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.19.12",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T22:08:34.612Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
            },
            {
              "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
            },
            {
              "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
            },
            {
              "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
            },
            {
              "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
            },
            {
              "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
            },
            {
              "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
            },
            {
              "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
            }
          ],
          "title": "crypto: algif_aead - Revert to operating out-of-place",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-31431",
        "datePublished": "2026-04-22T08:15:10.123Z",
        "dateReserved": "2026-03-09T15:48:24.089Z",
        "dateUpdated": "2026-07-01T12:05:08.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41082 (GCVE-0-2026-41082)

    Vulnerability from nvd – Published: 2026-04-16 17:32 – Updated: 2026-07-08 12:05
    VLAI
    Summary
    In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-24 - Path Traversal: '../filedir'
    Assigner
    Impacted products
    Vendor Product Version
    OCaml opam Affected: 0 , < 2.5.1 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41082",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T16:10:19.452755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T16:10:25.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://osv.dev/vulnerability/OSEC-2026-03"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-21T09:32:52.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-16T17:32:40.068Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in OCaml opam. A malicious package containing a crafted .install field with directory traversal sequences allows an attacker to write files to arbitrary locations, potentially overwriting system files and causing arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-24",
                    "description": "Path Traversal: \u0027../filedir\u0027",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:05:53.163Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-41082"
              },
              {
                "name": "RHBZ#2459003",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459003"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41082.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-16T18:00:56.999Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-16T17:32:40.068Z",
                "value": "Made public."
              }
            ],
            "title": "ocaml-opam: path traversal via the .install field",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, do not install packages from untrusted sources and manually inspect the .install field in the package source to make sure it does not contain malicious paths."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:opam/opam-format",
              "product": "opam",
              "vendor": "OCaml",
              "versions": [
                {
                  "lessThan": "2.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-24",
                  "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T18:52:20.182Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/ocaml/opam/releases/tag/2.5.1"
            },
            {
              "url": "https://github.com/ocaml/opam/pull/6897"
            },
            {
              "url": "https://osv.dev/vulnerability/OSEC-2026-03"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-41082",
        "datePublished": "2026-04-16T17:32:40.068Z",
        "dateReserved": "2026-04-16T17:32:39.584Z",
        "dateUpdated": "2026-07-08T12:05:53.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14355 (GCVE-0-2026-14355)

    Vulnerability from cvelistv5 – Published: 2026-07-03 20:57 – Updated: 2026-07-06 13:57
    VLAI
    Title
    ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD
    Summary
    In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based buffer overflow
    Assigner
    php
    Impacted products
    Vendor Product Version
    php php Affected: 8.2.0 , < 8.2.32 (semver)
    Affected: 8.3.0 , < 8.3.32 (semver)
    Affected: 8.4.0 , < 8.4.23 (semver)
    Affected: 8.5.0 , < 8.5.8 (semver)
    Create a notification for this product.
    Credits
    Oleg Baturin David CARLIER
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-04T15:25:16.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/07/msg00010.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14355",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:57:51.767008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:57:58.387Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.php.net/",
              "defaultStatus": "affected",
              "modules": [
                "ext/openssl"
              ],
              "packageName": "openssl",
              "product": "php",
              "vendor": "php",
              "versions": [
                {
                  "lessThan": "8.2.32",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.3.32",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.4.23",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.5.8",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Oleg Baturin"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "David CARLIER"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort.\u003c/p\u003e"
                }
              ],
              "value": "In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T20:59:02.604Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "name": "GitHub Security Advisory GHSA-7jrw-539f-x6vr",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/php/php-src/security/advisories/GHSA-7jrw-539f-x6vr"
            }
          ],
          "source": {
            "advisory": "GHSA-7jrw-539f-x6vr",
            "defenseOmission": false,
            "discovery": "EXTERNAL"
          },
          "title": "ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2026-14355",
        "datePublished": "2026-07-03T20:57:31.958Z",
        "dateReserved": "2026-07-01T17:52:41.706Z",
        "dateUpdated": "2026-07-06T13:57:58.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56968 (GCVE-0-2026-56968)

    Vulnerability from cvelistv5 – Published: 2026-06-23 16:18 – Updated: 2026-06-23 17:31
    VLAI
    Summary
    GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-839 - Numeric Range Comparison Without Minimum Check
    Assigner
    Impacted products
    Vendor Product Version
    GNU GNU SASL Affected: 0 , < 2.2.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T17:31:41.785915Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T17:31:49.772Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GNU SASL",
              "vendor": "GNU",
              "versions": [
                {
                  "lessThan": "2.2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnu:gnu_sasl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.2.4",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-839",
                  "description": "CWE-839 Numeric Range Comparison Without Minimum Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T16:18:29.150Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html"
            },
            {
              "url": "https://lists.debian.org/debian-security-announce/2026/msg00259.html"
            },
            {
              "url": "https://ftp.gnu.org/gnu/gsasl/"
            },
            {
              "url": "https://www.gnu.org/software/gsasl/"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-56968",
        "datePublished": "2026-06-23T16:18:29.150Z",
        "dateReserved": "2026-06-23T16:18:28.745Z",
        "dateUpdated": "2026-06-23T17:31:49.772Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11853 (GCVE-0-2026-11853)

    Vulnerability from cvelistv5 – Published: 2026-06-10 09:10 – Updated: 2026-06-10 18:50
    VLAI
    Summary
    Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Debian debusine Affected: 0.12.0 , < 0.14.9 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11853",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:49:26.303190Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:50:09.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "debusine",
              "vendor": "Debian",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.14.9",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.14.9",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to."
                }
              ],
              "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T09:12:23.194Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1484"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3103"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/commit/c24cdc49fb258714767546bdec5b09f8065d414e"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2026-11853",
        "datePublished": "2026-06-10T09:10:30.301Z",
        "dateReserved": "2026-06-10T08:25:48.992Z",
        "dateUpdated": "2026-06-10T18:50:09.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11852 (GCVE-0-2026-11852)

    Vulnerability from cvelistv5 – Published: 2026-06-10 09:10 – Updated: 2026-06-10 18:51
    VLAI
    Summary
    Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Debian debusine Affected: 0.2.0 , < 0.14.6 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:51:52.457963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:51:58.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "debusine",
              "vendor": "Debian",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.14.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.14.6",
                  "status": "affected",
                  "version": "0.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question."
                }
              ],
              "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T09:12:30.625Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1499"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2026-11852",
        "datePublished": "2026-06-10T09:10:21.401Z",
        "dateReserved": "2026-06-10T08:25:35.480Z",
        "dateUpdated": "2026-06-10T18:51:58.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49975 (GCVE-0-2026-49975)

    Vulnerability from cvelistv5 – Published: 2026-06-08 15:26 – Updated: 2026-07-10 12:05
    VLAI
    Title
    Apache HTTP Server: mod_http2 denial of service
    Summary
    Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache HTTP Server Affected: 2.4.17 , ≤ 2.4.67 (semver)
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services on RHEL 7 Server     cpe:/a:redhat:jboss_core_services:1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services on RHEL 8     cpe:/a:redhat:jboss_core_services:1::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)     cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services 2.4.62.SP4     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 2.6     cpe:/a:redhat:service_mesh:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Web Server 5     cpe:/a:redhat:jboss_enterprise_web_server:5
    Create a notification for this product.
    Credits
    Quang Luong of Calif.IO in collaboration with OpenAI Codex
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-08T22:32:35.729Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/03/3"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00009.html"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/08/16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49975",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T10:27:36.270403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T10:29:04.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/EQSTLab/CVE-2026-49975"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Core Services on RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Core Services on RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Core Services 2.4.62.SP4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_web_server:5"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Web Server 5",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-03T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-409",
                    "description": "Improper Handling of Highly Compressed Data (Data Amplification)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:05:19.027Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-49975"
              },
              {
                "name": "RHBZ#2485371",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485371"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49975.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27200"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25090"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36846"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36831"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36373"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25057"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25042"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27201"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27114"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:27200: Red Hat JBoss Core Services on RHEL 7 Server, Red Hat JBoss Core Services on RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25225: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25090: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36846: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36831: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36373: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25057: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25042: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27201: Red Hat JBoss Core Services 2.4.62.SP4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27114: Red Hat OpenShift Service Mesh 2.6"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-05T06:04:44.009Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-03T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache HTTP Server",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.67",
                  "status": "affected",
                  "version": "2.4.17",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Quang Luong of Calif.IO in collaboration with OpenAI Codex"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMemory Allocation with Excessive Size Value vulnerability in Apache HTTP Server\u0027s mod_http leads to denial of service via malicious HTTP requests.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server\u0027s mod_http leads to denial of service via malicious HTTP requests.\n\nThis issue affects Apache HTTP Server: from 2.4.17 through 2.4.67."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T15:26:04.674Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-26T12:00:00.000Z",
              "value": "reported"
            },
            {
              "lang": "en",
              "time": "2026-05-27T12:00:00.000Z",
              "value": "fixed upstream in mod_h2 https://github.com/icing/mod_h2/commit/35c6e405390ed361189a82acd96675401ea5947c"
            },
            {
              "lang": "en",
              "time": "2026-06-02T12:00:00.000Z",
              "value": "fixed in 2.4.x by r1934882"
            },
            {
              "lang": "eng",
              "time": "2026-06-08T12:00:00.000Z",
              "value": "2.4.68 released"
            }
          ],
          "title": "Apache HTTP Server: mod_http2 denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2026-49975",
        "datePublished": "2026-06-08T15:26:04.674Z",
        "dateReserved": "2026-06-02T17:20:37.983Z",
        "dateUpdated": "2026-07-10T12:05:19.027Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-46333 (GCVE-0-2026-46333)

    Vulnerability from cvelistv5 – Published: 2026-05-15 12:58 – Updated: 2026-07-01 12:05
    VLAI
    Title
    ptrace: slightly saner 'get_dumpable()' logic
    Summary
    In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    URL Tags
    https://git.kernel.org/stable/c/93d4ba49d18e3d7fb…
    https://git.kernel.org/stable/c/15b828a46f305ae9f…
    https://git.kernel.org/stable/c/4709234fd1b95136c…
    https://git.kernel.org/stable/c/8f907d345bae8f4b3…
    https://git.kernel.org/stable/c/6e5b51e74a40d377b…
    https://git.kernel.org/stable/c/2a93a4fac7b6051d3…
    https://git.kernel.org/stable/c/01363cb3fbd0238ff…
    https://git.kernel.org/stable/c/31e62c2ebbfdc3fe3…
    http://www.openwall.com/lists/oss-security/2026/05/15/9
    https://lists.debian.org/debian-lts-announce/2026…
    https://lists.debian.org/debian-lts-announce/2026…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/ exploit
    https://access.redhat.com/security/cve/CVE-2026-46333 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2477802 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:19540 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33486 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21701 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21702 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20299 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19569 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19705 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20593 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20054 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20129 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19666 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23470 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20130 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20051 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19521 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23471 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23469 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24814 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19664 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19711 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19875 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Linux Linux Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6 (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 15b828a46f305ae9f05a7c16914b3ce273474205 (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 4709234fd1b95136ceb789f639b1e7ea5de1b181 (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 8f907d345bae8f4b3f004c5abc56bf2dfb851ea7 (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 2a93a4fac7b6051d3be7cd1b015fe7320cd0404d (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 01363cb3fbd0238ffdeb09f53e9039c9edf8a730 (git)
    Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a (git)
    Affected: d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12 (git)
    Affected: 03eed7afbc09e061f66b448daf7863174c3dc3f3 (git)
    Affected: e45692fa1aea06676449b63ef3c2b6e1e72b7578 (git)
    Affected: 694a95fa6dae4991f16cda333d897ea063021fed (git)
    Affected: 3.16.52 , < 3.17 (semver)
    Affected: 4.4.40 , < 4.5 (semver)
    Affected: 4.8.16 , < 4.9 (semver)
    Affected: 4.9.1 , < 4.10 (semver)
    Create a notification for this product.
    Linux Linux Affected: 4.10
    Unaffected: 0 , < 4.10 (semver)
    Unaffected: 5.10.256 , ≤ 5.10.* (semver)
    Unaffected: 5.15.207 , ≤ 5.15.* (semver)
    Unaffected: 6.1.173 , ≤ 6.1.* (semver)
    Unaffected: 6.6.139 , ≤ 6.6.* (semver)
    Unaffected: 6.12.89 , ≤ 6.12.* (semver)
    Unaffected: 6.18.31 , ≤ 6.18.* (semver)
    Unaffected: 7.0.8 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Red Hat NVIDIA for RHEL 10     cpe:/a:redhat:enterprise_linux_nvidia:10::el10
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el8
        cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.4)     cpe:/o:redhat:rhel_e4s:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV (v. 8)     cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 9)     cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux RT (v. 8)     cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 9)     cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-20T18:47:13.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/15/9"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00032.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00035.html"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/20/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/20/16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-46333",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-22T03:55:24.391Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
                ],
                "defaultStatus": "affected",
                "product": "NVIDIA for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el8",
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux RT (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-15T05:55:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully terminates. Successful exploitation may lead to the disclosure of sensitive data such as SSH host private keys or /etc/shadow contents."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:05:06.860Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-46333"
              },
              {
                "name": "RHBZ#2477802",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477802"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46333.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19540"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33486"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21701"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21702"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20299"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19569"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19705"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20593"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20054"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20129"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19568"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19666"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23470"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20130"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20051"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19521"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23471"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23469"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24814"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23468"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19664"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19711"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19875"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:19540: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33486: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21701: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21702: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20299: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19569: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19705: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20593: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20054: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20129: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19568: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19666: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23470: Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20130: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20051: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19521: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23471: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23469: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24814: Red Hat Enterprise Linux BaseOS E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23468: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19664: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19711: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19875: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-15T08:27:21.590Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-15T05:55:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "kernel: Read root-owned files as an unprivileged user",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "include/linux/sched.h",
                "kernel/exit.c",
                "kernel/ptrace.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "15b828a46f305ae9f05a7c16914b3ce273474205",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "4709234fd1b95136ceb789f639b1e7ea5de1b181",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "8f907d345bae8f4b3f004c5abc56bf2dfb851ea7",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "2a93a4fac7b6051d3be7cd1b015fe7320cd0404d",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "01363cb3fbd0238ffdeb09f53e9039c9edf8a730",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "lessThan": "31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a",
                  "status": "affected",
                  "version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "03eed7afbc09e061f66b448daf7863174c3dc3f3",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "e45692fa1aea06676449b63ef3c2b6e1e72b7578",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "694a95fa6dae4991f16cda333d897ea063021fed",
                  "versionType": "git"
                },
                {
                  "lessThan": "3.17",
                  "status": "affected",
                  "version": "3.16.52",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.5",
                  "status": "affected",
                  "version": "4.4.40",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9",
                  "status": "affected",
                  "version": "4.8.16",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.10",
                  "status": "affected",
                  "version": "4.9.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "include/linux/sched.h",
                "kernel/exit.c",
                "kernel/ptrace.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.10"
                },
                {
                  "lessThan": "4.10",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.256",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.207",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.173",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.139",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.89",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.31",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.256",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.207",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.173",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.139",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.89",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.31",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.8",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.16.52",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "4.4.40",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "4.8.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "4.9.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS).  Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-14T18:09:28.322Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6"
            },
            {
              "url": "https://git.kernel.org/stable/c/15b828a46f305ae9f05a7c16914b3ce273474205"
            },
            {
              "url": "https://git.kernel.org/stable/c/4709234fd1b95136ceb789f639b1e7ea5de1b181"
            },
            {
              "url": "https://git.kernel.org/stable/c/8f907d345bae8f4b3f004c5abc56bf2dfb851ea7"
            },
            {
              "url": "https://git.kernel.org/stable/c/6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d"
            },
            {
              "url": "https://git.kernel.org/stable/c/2a93a4fac7b6051d3be7cd1b015fe7320cd0404d"
            },
            {
              "url": "https://git.kernel.org/stable/c/01363cb3fbd0238ffdeb09f53e9039c9edf8a730"
            },
            {
              "url": "https://git.kernel.org/stable/c/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a"
            }
          ],
          "title": "ptrace: slightly saner \u0027get_dumpable()\u0027 logic",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-46333",
        "datePublished": "2026-05-15T12:58:44.599Z",
        "dateReserved": "2026-05-13T15:03:33.113Z",
        "dateUpdated": "2026-07-01T12:05:06.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-31431 (GCVE-0-2026-31431)

    Vulnerability from cvelistv5 – Published: 2026-04-22 08:15 – Updated: 2026-07-01 12:05
    VLAI CISA CIRCL KEVIntel
    Title
    crypto: algif_aead - Revert to operating out-of-place
    Summary
    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://git.kernel.org/stable/c/893d22e0135fa394d…
    https://git.kernel.org/stable/c/19d43105a97be0810…
    https://git.kernel.org/stable/c/961cfa271a918ad4a…
    https://git.kernel.org/stable/c/3115af9644c342b35…
    https://git.kernel.org/stable/c/8b88d99341f139e23…
    https://git.kernel.org/stable/c/fafe0fa2995a0f707…
    https://git.kernel.org/stable/c/ce42ee423e58dffa5…
    https://git.kernel.org/stable/c/a664bf3d603dc3bdc…
    https://github.com/theori-io/copy-fail-CVE-2026-31431 exploit
    https://xint.io/blog/copy-fail-linux-distribution… mitigation
    https://lore.kernel.org/linux-cve-announce/202604… mitigation
    https://access.redhat.com/security/cve/cve-2026-3… mitigation
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    http://www.openwall.com/lists/oss-security/2026/0…
    https://copy.fail
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/04/30/2
    http://www.openwall.com/lists/oss-security/2026/04/30/5
    http://www.openwall.com/lists/oss-security/2026/04/30/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://websec.net/blog/cve-2026-31431-linux-algi…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/01/2
    http://www.openwall.com/lists/oss-security/2026/05/01/3
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/02/4
    http://www.openwall.com/lists/oss-security/2026/05/02/5
    http://www.openwall.com/lists/oss-security/2026/05/02/6
    http://www.openwall.com/lists/oss-security/2026/05/02/7
    http://www.openwall.com/lists/oss-security/2026/05/02/8
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/3
    http://www.openwall.com/lists/oss-security/2026/05/03/4
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/5
    http://www.openwall.com/lists/oss-security/2026/05/03/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/1
    http://www.openwall.com/lists/oss-security/2026/05/04/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/8
    http://www.openwall.com/lists/oss-security/2026/05/04/9
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/06/5
    http://www.openwall.com/lists/oss-security/2026/05/07/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://www.kb.cert.org/vuls/id/260001
    http://www.openwall.com/lists/oss-security/2026/05/18/3
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://access.redhat.com/security/cve/CVE-2026-31431 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460538 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:14926 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33486 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14112 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13727 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13811 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13887 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19074 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13936 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13734 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13932 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14339 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19225 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13577 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15976 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14230 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16210 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16208 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16018 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15978 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13578 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14301 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 893d22e0135fa394db81df88697fba6032747667 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 19d43105a97be0810edbda875f2cd03f30dc130c (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 961cfa271a918ad4ae452420e7c303149002875b (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.14
    Unaffected: 0 , < 4.14 (semver)
    Unaffected: 5.10.254 , ≤ 5.10.* (semver)
    Unaffected: 5.15.204 , ≤ 5.15.* (semver)
    Unaffected: 6.1.170 , ≤ 6.1.* (semver)
    Unaffected: 6.6.137 , ≤ 6.6.* (semver)
    Unaffected: 6.12.85 , ≤ 6.12.* (semver)
    Unaffected: 6.18.22 , ≤ 6.18.* (semver)
    Unaffected: 6.19.12 , ≤ 6.19.* (semver)
    Unaffected: 7.0 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Red Hat NVIDIA for RHEL 10     cpe:/a:redhat:enterprise_linux_nvidia:10::el10
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV (v. 8)     cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 9)     cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux RT (v. 8)     cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 9)     cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31431",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-05-01",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-669",
                    "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-02T03:55:23.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-01T00:00:00.000Z",
                "value": "CVE-2026-31431 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-18T17:44:54.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
              },
              {
                "url": "https://copy.fail"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
              },
              {
                "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/260001"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/18/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:09:03.910Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
                ],
                "defaultStatus": "affected",
                "product": "NVIDIA for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux RT (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-22T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Linux kernel\u0027s algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive system files and escalate to root privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1288",
                    "description": "Improper Validation of Consistency within Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:05:08.344Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31431"
              },
              {
                "name": "RHBZ#2460538",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14926"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33486"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14097"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14112"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13729"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13885"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13727"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13690"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13862"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13811"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13887"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13566"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19074"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13936"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13734"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13932"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14339"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13577"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15976"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14165"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14230"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13681"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16210"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16209"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16208"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16063"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16018"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15978"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13578"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14137"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14301"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:14926: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33486: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14097: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14112: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13729: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13885: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13727: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13690: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13862: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13811: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13887: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13566: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19074: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13936: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13734: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13932: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14339: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13565: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19225: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13577: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15976: Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14165: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14230: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16111: Red Hat Enterprise Linux BaseOS E4S (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13681: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16210: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16209: Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16208: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16063: Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16018: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15978: Red Hat Enterprise Linux BaseOS (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13578: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14137: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14301: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "kernel: crypto: algif_aead - Revert to operating out-of-place",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "893d22e0135fa394db81df88697fba6032747667",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "19d43105a97be0810edbda875f2cd03f30dc130c",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "961cfa271a918ad4ae452420e7c303149002875b",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "3115af9644c342b356f3f07a4dd1c8905cd9a6fc",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "8b88d99341f139e23bdeb1027a2a3ae10d341d82",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.14"
                },
                {
                  "lessThan": "4.14",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.254",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.204",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.170",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.137",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.85",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.22",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.19.*",
                  "status": "unaffected",
                  "version": "6.19.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.0",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.254",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.204",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.170",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.137",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.85",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.22",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.19.12",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T22:08:34.612Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
            },
            {
              "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
            },
            {
              "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
            },
            {
              "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
            },
            {
              "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
            },
            {
              "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
            },
            {
              "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
            },
            {
              "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
            }
          ],
          "title": "crypto: algif_aead - Revert to operating out-of-place",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-31431",
        "datePublished": "2026-04-22T08:15:10.123Z",
        "dateReserved": "2026-03-09T15:48:24.089Z",
        "dateUpdated": "2026-07-01T12:05:08.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41082 (GCVE-0-2026-41082)

    Vulnerability from cvelistv5 – Published: 2026-04-16 17:32 – Updated: 2026-07-08 12:05
    VLAI
    Summary
    In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-24 - Path Traversal: '../filedir'
    Assigner
    Impacted products
    Vendor Product Version
    OCaml opam Affected: 0 , < 2.5.1 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41082",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T16:10:19.452755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T16:10:25.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://osv.dev/vulnerability/OSEC-2026-03"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-21T09:32:52.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-16T17:32:40.068Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in OCaml opam. A malicious package containing a crafted .install field with directory traversal sequences allows an attacker to write files to arbitrary locations, potentially overwriting system files and causing arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-24",
                    "description": "Path Traversal: \u0027../filedir\u0027",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:05:53.163Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-41082"
              },
              {
                "name": "RHBZ#2459003",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459003"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41082.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-16T18:00:56.999Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-16T17:32:40.068Z",
                "value": "Made public."
              }
            ],
            "title": "ocaml-opam: path traversal via the .install field",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, do not install packages from untrusted sources and manually inspect the .install field in the package source to make sure it does not contain malicious paths."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:opam/opam-format",
              "product": "opam",
              "vendor": "OCaml",
              "versions": [
                {
                  "lessThan": "2.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-24",
                  "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T18:52:20.182Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/ocaml/opam/releases/tag/2.5.1"
            },
            {
              "url": "https://github.com/ocaml/opam/pull/6897"
            },
            {
              "url": "https://osv.dev/vulnerability/OSEC-2026-03"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-41082",
        "datePublished": "2026-04-16T17:32:40.068Z",
        "dateReserved": "2026-04-16T17:32:39.584Z",
        "dateUpdated": "2026-07-08T12:05:53.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-201402-0028

    Vulnerability from variot - Updated: 2026-04-10 23:54

    The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. An input validation vulnerability exists in the 'process_rs' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011

    radvd vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 11.10
    • Ubuntu 11.04
    • Ubuntu 10.10
    • Ubuntu 10.04 LTS

    Summary:

    radvd could be made to crash or overwrite certain files if it received specially crafted network traffic.

    Software Description: - radvd: Router Advertisement Daemon

    Details:

    Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601)

    Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602)

    Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604)

    Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. (CVE-2011-3605)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1

    Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1

    Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1

    Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1

    In general, a standard system update will make all the necessary changes.

    References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605

    Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1

    . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08


                                            http://security.gentoo.org/
    

    Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08


    Synopsis

    Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service.

    Background

    radvd is an IPv6 router advertisement daemon for Linux and BSD.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/radvd < 1.8.2 >= 1.8.2

    Description

    Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All radvd users should upgrade to the latest stable version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2"

    References

    [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201111-08.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------

    Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.

    Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/


    TITLE: Debian update for radvd

    SECUNIA ADVISORY ID: SA46639

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46639/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46639

    RELEASE DATE: 2011-10-31

    DISCUSS ADVISORY: http://secunia.com/advisories/46639/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/46639/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=46639

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Debian has issued an update for radvd. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

    For more information: SA46200

    SOLUTION: Apply updated packages via the apt-get package manager.

    ORIGINAL ADVISORY: DSA-2323-1: http://www.debian.org/security/2011/dsa-2323

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


    Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq


    Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614

    Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon:

    CVE-2011-3602

    set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user.

    CVE-2011-3604

    process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon.

    CVE-2011-3605

    process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode.

    For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1.

    For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1.

    For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2.

    For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2.

    We recommend that you upgrade your radvd packages.

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

    iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "router advertisement daemon",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "litech",
            "version": "1.8.1"
          },
          {
            "_id": null,
            "model": "router advertisement daemon",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "litech design",
            "version": "1.8.2"
          },
          {
            "_id": null,
            "model": "router advertisement daemon",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "litech",
            "version": "1.8.1"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "radvd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "litech",
            "version": "1.8.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "radvd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "litech",
            "version": "1.8.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3605"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:litech:router_advertisement_daemon",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Vasiliy Kulikov",
        "sources": [
          {
            "db": "BID",
            "id": "50395"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-3605",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2011-3605",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-51550",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-3605",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-3605",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201402-222",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-51550",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51550"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3605"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests. radvd is prone to the follow security vulnerabilities:\n1. Multiple local privilege-escalation vulnerability. \n2. A local arbitrary file-overwrite vulnerability. \n3. Multiple remote denial-of-service vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. An input validation vulnerability exists in the \u0027process_rs\u0027 function in radvd 1.8.1 and earlier. ==========================================================================\nUbuntu Security Notice USN-1257-1\nNovember 10, 2011\n\nradvd vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nradvd could be made to crash or overwrite certain files if it received\nspecially crafted network traffic. \n\nSoftware Description:\n- radvd: Router Advertisement Daemon\n\nDetails:\n\nVasiliy Kulikov discovered that radvd incorrectly parsed the\nND_OPT_DNSSL_INFORMATION option. The default compiler options for affected\nreleases should reduce the vulnerability to a denial of service. This issue\nonly affected Ubuntu 11.04 and 11.10. (CVE-2011-3601)\n\nVasiliy Kulikov discovered that radvd incorrectly filtered interface names\nwhen creating certain files. \n(CVE-2011-3602)\n\nVasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604)\n\nVasiliy Kulikov discovered that radvd incorrectly handled delays when used\nin unicast mode, which is not the default in Ubuntu. (CVE-2011-3605)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n  radvd                           1:1.8-1ubuntu0.1\n\nUbuntu 11.04:\n  radvd                           1:1.7-1ubuntu0.1\n\nUbuntu 10.10:\n  radvd                           1:1.6-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n  radvd                           1:1.3-1.1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-1257-1\n  CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201111-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: radvd: Multiple vulnerabilities\n     Date: November 20, 2011\n     Bugs: #385967\n       ID: 201111-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in radvd which could\npotentially lead to privilege escalation, data loss, or a Denial of\nService. \n\nBackground\n==========\n\nradvd is an IPv6 router advertisement daemon for Linux and BSD. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/radvd               \u003c 1.8.2                    \u003e= 1.8.2 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in radvd. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll radvd users should upgrade to the latest stable version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/radvd-1.8.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-3601\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601\n[ 2 ] CVE-2011-3602\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602\n[ 3 ] CVE-2011-3603\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603\n[ 4 ] CVE-2011-3604\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604\n[ 5 ] CVE-2011-3605\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nDebian update for radvd\n\nSECUNIA ADVISORY ID:\nSA46639\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46639/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46639\n\nRELEASE DATE:\n2011-10-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46639/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46639/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46639\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nDebian has issued an update for radvd. This fixes a security issue\nand multiple vulnerabilities, which can be exploited by malicious\npeople to cause a DoS (Denial of Service). \n\nFor more information:\nSA46200\n\nSOLUTION:\nApply updated packages via the apt-get package manager. \n\nORIGINAL ADVISORY:\nDSA-2323-1:\nhttp://www.debian.org/security/2011/dsa-2323\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2323-1                   security@debian.org\nhttp://www.debian.org/security/                         Yves-Alexis Perez\nOctober 26, 2011                       http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : radvd\nVulnerability  : several\nProblem type   : remote\nDebian-specific: no\nCVE ID         : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605\nDebian Bug     : 644614\n\nMultiple security issues were discovered by Vasiliy Kulikov in radvd, an \nIPv6 Router Advertisement daemon:\n\nCVE-2011-3602\n\n   set_interface_var() function doesn\u0027t check the interface name, which is\n   chosen by an unprivileged user. \n\nCVE-2011-3604\n\n   process_ra() function lacks multiple buffer length checks which could\n   lead to memory reads outside the stack, causing a crash of the daemon. \n\nCVE-2011-3605\n\n   process_rs() function calls mdelay() (a function to wait for a defined\n   time) unconditionnally when running in unicast-only mode. As this call\n   is in the main thread, that means all request processing is delayed (for\n   a time up to MAX_RA_DELAY_TIME, 500 ms by default). \n   Note: upstream and Debian default is to use anycast mode. \n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1:1.1-3.1. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.6-1.1. \n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1:1.8-1.2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:1.8-1.2. \n\nWe recommend that you upgrade your radvd packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/\noEYAniJXFaff25pMtXzM6Ovu8zslZm7H\n=VfHu\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-3605"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289"
          },
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "VULHUB",
            "id": "VHN-51550"
          },
          {
            "db": "PACKETSTORM",
            "id": "106846"
          },
          {
            "db": "PACKETSTORM",
            "id": "107166"
          },
          {
            "db": "PACKETSTORM",
            "id": "106446"
          },
          {
            "db": "PACKETSTORM",
            "id": "106356"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-3605",
            "trust": 3.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2011/10/06/3",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-222",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "46639",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "46884",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46825",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46270",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46883",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46626",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46930",
            "trust": 0.6
          },
          {
            "db": "UBUNTU",
            "id": "USN-1257-1",
            "trust": 0.6
          },
          {
            "db": "MLIST",
            "id": "[OSS-SECURITY] 20111007 RADVD 1.8.2 RELEASED WITH SECURITY FIXES",
            "trust": 0.6
          },
          {
            "db": "DEBIAN",
            "id": "DSA-2323",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "50395",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-51550",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106846",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "107166",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106446",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106356",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51550"
          },
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "PACKETSTORM",
            "id": "106846"
          },
          {
            "db": "PACKETSTORM",
            "id": "107166"
          },
          {
            "db": "PACKETSTORM",
            "id": "106446"
          },
          {
            "db": "PACKETSTORM",
            "id": "106356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3605"
          }
        ]
      },
      "id": "VAR-201402-0028",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51550"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:54:21.837000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "CHANGES",
            "trust": 0.8,
            "url": "http://www.litech.org/radvd/CHANGES"
          },
          {
            "title": "radvd-1.8.2",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48103"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51550"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3605"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.debian.org/security/2011/dsa-2323"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-1257-1"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2011/10/06/3"
          },
          {
            "trust": 1.7,
            "url": "http://www.litech.org/radvd/changes"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3605"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3605"
          },
          {
            "trust": 0.6,
            "url": "http://www.litech.org/radvd/"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46270"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46626"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46639"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46825"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46883"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46884"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46930"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3604"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3602"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3605"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3601"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3605"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3602"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-201111-08.xml"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3603"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3601"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3603"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3604"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46639"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46639/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46639/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "http://www.debian.org/security/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51550"
          },
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "PACKETSTORM",
            "id": "106846"
          },
          {
            "db": "PACKETSTORM",
            "id": "107166"
          },
          {
            "db": "PACKETSTORM",
            "id": "106446"
          },
          {
            "db": "PACKETSTORM",
            "id": "106356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3605"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-51550",
            "ident": null
          },
          {
            "db": "BID",
            "id": "50395",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106846",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "107166",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106446",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106356",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-222",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3605",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-02-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-51550",
            "ident": null
          },
          {
            "date": "2011-10-27T00:00:00",
            "db": "BID",
            "id": "50395",
            "ident": null
          },
          {
            "date": "2011-11-11T03:09:09",
            "db": "PACKETSTORM",
            "id": "106846",
            "ident": null
          },
          {
            "date": "2011-11-21T01:10:29",
            "db": "PACKETSTORM",
            "id": "107166",
            "ident": null
          },
          {
            "date": "2011-10-31T03:45:06",
            "db": "PACKETSTORM",
            "id": "106446",
            "ident": null
          },
          {
            "date": "2011-10-28T21:47:49",
            "db": "PACKETSTORM",
            "id": "106356",
            "ident": null
          },
          {
            "date": "2014-02-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-222",
            "ident": null
          },
          {
            "date": "2014-02-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005289",
            "ident": null
          },
          {
            "date": "2014-02-17T16:55:07.100000",
            "db": "NVD",
            "id": "CVE-2011-3605",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-02-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-51550",
            "ident": null
          },
          {
            "date": "2015-05-07T17:12:00",
            "db": "BID",
            "id": "50395",
            "ident": null
          },
          {
            "date": "2014-02-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-222",
            "ident": null
          },
          {
            "date": "2014-02-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005289",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-3605",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-222"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "router advertisement daemon of  process_rs Service disruption in functions  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005289"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-222"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201402-0027

    Vulnerability from variot - Updated: 2026-04-10 23:54

    The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A security vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011

    radvd vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 11.10
    • Ubuntu 11.04
    • Ubuntu 10.10
    • Ubuntu 10.04 LTS

    Summary:

    radvd could be made to crash or overwrite certain files if it received specially crafted network traffic.

    Software Description: - radvd: Router Advertisement Daemon

    Details:

    Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601)

    Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602)

    Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604)

    Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1

    Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1

    Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1

    Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1

    In general, a standard system update will make all the necessary changes.

    References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605

    Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1

    . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08


                                            http://security.gentoo.org/
    

    Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08


    Synopsis

    Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service.

    Background

    radvd is an IPv6 router advertisement daemon for Linux and BSD.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/radvd < 1.8.2 >= 1.8.2

    Description

    Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All radvd users should upgrade to the latest stable version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2"

    References

    [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201111-08.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------

    Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.

    Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/


    TITLE: Debian update for radvd

    SECUNIA ADVISORY ID: SA46639

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46639/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46639

    RELEASE DATE: 2011-10-31

    DISCUSS ADVISORY: http://secunia.com/advisories/46639/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/46639/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=46639

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Debian has issued an update for radvd. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

    For more information: SA46200

    SOLUTION: Apply updated packages via the apt-get package manager.

    ORIGINAL ADVISORY: DSA-2323-1: http://www.debian.org/security/2011/dsa-2323

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


    Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq


    Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614

    Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon:

    CVE-2011-3602

    set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user.

    CVE-2011-3604

    process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon.

    CVE-2011-3605

    process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). Note: upstream and Debian default is to use anycast mode.

    For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1.

    For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1.

    For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2.

    For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2.

    We recommend that you upgrade your radvd packages.

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

    iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "router advertisement daemon",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "litech",
            "version": "1.8.1"
          },
          {
            "_id": null,
            "model": "router advertisement daemon",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "litech design",
            "version": "1.8.2"
          },
          {
            "_id": null,
            "model": "router advertisement daemon",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "litech",
            "version": "1.8.1"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "radvd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "litech",
            "version": "1.8.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "radvd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "litech",
            "version": "1.8.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-221"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3604"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:litech:router_advertisement_daemon",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Vasiliy Kulikov",
        "sources": [
          {
            "db": "BID",
            "id": "50395"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-3604",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2011-3604",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-51549",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-3604",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-3604",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201402-221",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-51549",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51549"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-221"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3604"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors. radvd is prone to the follow security vulnerabilities:\n1. Multiple local privilege-escalation vulnerability. \n2. A local arbitrary file-overwrite vulnerability. \n3. Multiple remote denial-of-service vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A security vulnerability exists in the \u0027process_ra\u0027 function in radvd 1.8.1 and earlier. ==========================================================================\nUbuntu Security Notice USN-1257-1\nNovember 10, 2011\n\nradvd vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nradvd could be made to crash or overwrite certain files if it received\nspecially crafted network traffic. \n\nSoftware Description:\n- radvd: Router Advertisement Daemon\n\nDetails:\n\nVasiliy Kulikov discovered that radvd incorrectly parsed the\nND_OPT_DNSSL_INFORMATION option. The default compiler options for affected\nreleases should reduce the vulnerability to a denial of service. This issue\nonly affected Ubuntu 11.04 and 11.10. (CVE-2011-3601)\n\nVasiliy Kulikov discovered that radvd incorrectly filtered interface names\nwhen creating certain files. \n(CVE-2011-3602)\n\nVasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604)\n\nVasiliy Kulikov discovered that radvd incorrectly handled delays when used\nin unicast mode, which is not the default in Ubuntu. If used in unicast\nmode, a remote attacker could cause radvd outages, resulting in a denial of\nservice. (CVE-2011-3605)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n  radvd                           1:1.8-1ubuntu0.1\n\nUbuntu 11.04:\n  radvd                           1:1.7-1ubuntu0.1\n\nUbuntu 10.10:\n  radvd                           1:1.6-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n  radvd                           1:1.3-1.1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-1257-1\n  CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201111-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: radvd: Multiple vulnerabilities\n     Date: November 20, 2011\n     Bugs: #385967\n       ID: 201111-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in radvd which could\npotentially lead to privilege escalation, data loss, or a Denial of\nService. \n\nBackground\n==========\n\nradvd is an IPv6 router advertisement daemon for Linux and BSD. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/radvd               \u003c 1.8.2                    \u003e= 1.8.2 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in radvd. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll radvd users should upgrade to the latest stable version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/radvd-1.8.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-3601\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601\n[ 2 ] CVE-2011-3602\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602\n[ 3 ] CVE-2011-3603\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603\n[ 4 ] CVE-2011-3604\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604\n[ 5 ] CVE-2011-3605\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nDebian update for radvd\n\nSECUNIA ADVISORY ID:\nSA46639\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46639/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46639\n\nRELEASE DATE:\n2011-10-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46639/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46639/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46639\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nDebian has issued an update for radvd. This fixes a security issue\nand multiple vulnerabilities, which can be exploited by malicious\npeople to cause a DoS (Denial of Service). \n\nFor more information:\nSA46200\n\nSOLUTION:\nApply updated packages via the apt-get package manager. \n\nORIGINAL ADVISORY:\nDSA-2323-1:\nhttp://www.debian.org/security/2011/dsa-2323\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2323-1                   security@debian.org\nhttp://www.debian.org/security/                         Yves-Alexis Perez\nOctober 26, 2011                       http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : radvd\nVulnerability  : several\nProblem type   : remote\nDebian-specific: no\nCVE ID         : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605\nDebian Bug     : 644614\n\nMultiple security issues were discovered by Vasiliy Kulikov in radvd, an \nIPv6 Router Advertisement daemon:\n\nCVE-2011-3602\n\n   set_interface_var() function doesn\u0027t check the interface name, which is\n   chosen by an unprivileged user. \n\nCVE-2011-3604\n\n   process_ra() function lacks multiple buffer length checks which could\n   lead to memory reads outside the stack, causing a crash of the daemon. \n\nCVE-2011-3605\n\n   process_rs() function calls mdelay() (a function to wait for a defined\n   time) unconditionnally when running in unicast-only mode. As this call\n   is in the main thread, that means all request processing is delayed (for\n   a time up to MAX_RA_DELAY_TIME, 500 ms by default). \n   Note: upstream and Debian default is to use anycast mode. \n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1:1.1-3.1. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.6-1.1. \n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1:1.8-1.2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:1.8-1.2. \n\nWe recommend that you upgrade your radvd packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/\noEYAniJXFaff25pMtXzM6Ovu8zslZm7H\n=VfHu\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-3604"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288"
          },
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "VULHUB",
            "id": "VHN-51549"
          },
          {
            "db": "PACKETSTORM",
            "id": "106846"
          },
          {
            "db": "PACKETSTORM",
            "id": "107166"
          },
          {
            "db": "PACKETSTORM",
            "id": "106446"
          },
          {
            "db": "PACKETSTORM",
            "id": "106356"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-3604",
            "trust": 3.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2011/10/06/3",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-221",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "46639",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "46884",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46825",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46270",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46883",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46626",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46930",
            "trust": 0.6
          },
          {
            "db": "UBUNTU",
            "id": "USN-1257-1",
            "trust": 0.6
          },
          {
            "db": "MLIST",
            "id": "[OSS-SECURITY] 20111007 RADVD 1.8.2 RELEASED WITH SECURITY FIXES",
            "trust": 0.6
          },
          {
            "db": "DEBIAN",
            "id": "DSA-2323",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "50395",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-51549",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106846",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "107166",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106446",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106356",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51549"
          },
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "PACKETSTORM",
            "id": "106846"
          },
          {
            "db": "PACKETSTORM",
            "id": "107166"
          },
          {
            "db": "PACKETSTORM",
            "id": "106446"
          },
          {
            "db": "PACKETSTORM",
            "id": "106356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-221"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3604"
          }
        ]
      },
      "id": "VAR-201402-0027",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51549"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:54:21.783000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "CHANGES",
            "trust": 0.8,
            "url": "http://www.litech.org/radvd/CHANGES"
          },
          {
            "title": "radvd-1.8.2",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48103"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-221"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3604"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.debian.org/security/2011/dsa-2323"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-1257-1"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2011/10/06/3"
          },
          {
            "trust": 1.7,
            "url": "http://www.litech.org/radvd/changes"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3604"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3604"
          },
          {
            "trust": 0.6,
            "url": "http://www.litech.org/radvd/"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46270"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46626"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46639"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46825"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46883"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46884"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46930"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3604"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3602"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3605"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3601"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3605"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3602"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-201111-08.xml"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3603"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3601"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3603"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3604"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46639"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46639/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46639/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "http://www.debian.org/security/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51549"
          },
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "PACKETSTORM",
            "id": "106846"
          },
          {
            "db": "PACKETSTORM",
            "id": "107166"
          },
          {
            "db": "PACKETSTORM",
            "id": "106446"
          },
          {
            "db": "PACKETSTORM",
            "id": "106356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-221"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3604"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-51549",
            "ident": null
          },
          {
            "db": "BID",
            "id": "50395",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106846",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "107166",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106446",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106356",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-221",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3604",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-02-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-51549",
            "ident": null
          },
          {
            "date": "2011-10-27T00:00:00",
            "db": "BID",
            "id": "50395",
            "ident": null
          },
          {
            "date": "2011-11-11T03:09:09",
            "db": "PACKETSTORM",
            "id": "106846",
            "ident": null
          },
          {
            "date": "2011-11-21T01:10:29",
            "db": "PACKETSTORM",
            "id": "107166",
            "ident": null
          },
          {
            "date": "2011-10-31T03:45:06",
            "db": "PACKETSTORM",
            "id": "106446",
            "ident": null
          },
          {
            "date": "2011-10-28T21:47:49",
            "db": "PACKETSTORM",
            "id": "106356",
            "ident": null
          },
          {
            "date": "2014-02-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-221",
            "ident": null
          },
          {
            "date": "2014-02-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005288",
            "ident": null
          },
          {
            "date": "2014-02-17T16:55:07.070000",
            "db": "NVD",
            "id": "CVE-2011-3604",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-02-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-51549",
            "ident": null
          },
          {
            "date": "2015-05-07T17:12:00",
            "db": "BID",
            "id": "50395",
            "ident": null
          },
          {
            "date": "2014-02-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-221",
            "ident": null
          },
          {
            "date": "2014-02-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005288",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-3604",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-221"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "router advertisement daemon of  process_ra Service disruption in functions  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005288"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-221"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201402-0026

    Vulnerability from variot - Updated: 2026-04-10 23:54

    Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A buffer overflow vulnerability exists in the 'process_ra' function in radvd 1.8.1 and earlier. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011

    radvd vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 11.10
    • Ubuntu 11.04
    • Ubuntu 10.10
    • Ubuntu 10.04 LTS

    Summary:

    radvd could be made to crash or overwrite certain files if it received specially crafted network traffic.

    Software Description: - radvd: Router Advertisement Daemon

    Details:

    Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601)

    Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. (CVE-2011-3602)

    Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604)

    Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1

    Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1

    Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1

    Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1

    In general, a standard system update will make all the necessary changes.

    References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605

    Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1

    . ----------------------------------------------------------------------

    Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.

    Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/


    TITLE: Fedora update for radvd

    SECUNIA ADVISORY ID: SA46626

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46626/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46626

    RELEASE DATE: 2011-10-29

    DISCUSS ADVISORY: http://secunia.com/advisories/46626/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/46626/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=46626

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Fedora has issued an update for radvd.

    For more information: SA46200

    SOLUTION: Apply updated packages via the yum utility ("yum update radvd").

    ORIGINAL ADVISORY: FEDORA-2011-14000: http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068481.html

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08


                                            http://security.gentoo.org/
    

    Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08


    Synopsis

    Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service.

    Background

    radvd is an IPv6 router advertisement daemon for Linux and BSD.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/radvd < 1.8.2 >= 1.8.2

    Description

    Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All radvd users should upgrade to the latest stable version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2"

    References

    [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201111-08.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "router advertisement daemon",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "litech",
            "version": "1.8.1"
          },
          {
            "_id": null,
            "model": "router advertisement daemon",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "litech design",
            "version": "1.8.2"
          },
          {
            "_id": null,
            "model": "router advertisement daemon",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "litech",
            "version": "1.8.1"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "radvd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "litech",
            "version": "1.8.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "radvd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "litech",
            "version": "1.8.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3601"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:litech:router_advertisement_daemon",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Vasiliy Kulikov",
        "sources": [
          {
            "db": "BID",
            "id": "50395"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-3601",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2011-3601",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-51546",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-3601",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-3601",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201402-220",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-51546",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51546"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3601"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value. radvd is prone to the follow security vulnerabilities:\n1. Multiple local privilege-escalation vulnerability. \n2. A local arbitrary file-overwrite vulnerability. \n3. Multiple remote denial-of-service vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. A buffer overflow vulnerability exists in the \u0027process_ra\u0027 function in radvd 1.8.1 and earlier. ==========================================================================\nUbuntu Security Notice USN-1257-1\nNovember 10, 2011\n\nradvd vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nradvd could be made to crash or overwrite certain files if it received\nspecially crafted network traffic. \n\nSoftware Description:\n- radvd: Router Advertisement Daemon\n\nDetails:\n\nVasiliy Kulikov discovered that radvd incorrectly parsed the\nND_OPT_DNSSL_INFORMATION option. The default compiler options for affected\nreleases should reduce the vulnerability to a denial of service. This issue\nonly affected Ubuntu 11.04 and 11.10. (CVE-2011-3601)\n\nVasiliy Kulikov discovered that radvd incorrectly filtered interface names\nwhen creating certain files. \n(CVE-2011-3602)\n\nVasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604)\n\nVasiliy Kulikov discovered that radvd incorrectly handled delays when used\nin unicast mode, which is not the default in Ubuntu. If used in unicast\nmode, a remote attacker could cause radvd outages, resulting in a denial of\nservice. (CVE-2011-3605)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n  radvd                           1:1.8-1ubuntu0.1\n\nUbuntu 11.04:\n  radvd                           1:1.7-1ubuntu0.1\n\nUbuntu 10.10:\n  radvd                           1:1.6-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n  radvd                           1:1.3-1.1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-1257-1\n  CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1\n\n\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nFedora update for radvd\n\nSECUNIA ADVISORY ID:\nSA46626\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46626/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46626\n\nRELEASE DATE:\n2011-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46626/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46626/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46626\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nFedora has issued an update for radvd. \n\nFor more information:\nSA46200\n\nSOLUTION:\nApply updated packages via the yum utility (\"yum update radvd\"). \n\nORIGINAL ADVISORY:\nFEDORA-2011-14000:\nhttp://lists.fedoraproject.org/pipermail/package-announce/2011-October/068481.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201111-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: radvd: Multiple vulnerabilities\n     Date: November 20, 2011\n     Bugs: #385967\n       ID: 201111-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in radvd which could\npotentially lead to privilege escalation, data loss, or a Denial of\nService. \n\nBackground\n==========\n\nradvd is an IPv6 router advertisement daemon for Linux and BSD. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/radvd               \u003c 1.8.2                    \u003e= 1.8.2 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in radvd. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll radvd users should upgrade to the latest stable version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/radvd-1.8.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-3601\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601\n[ 2 ] CVE-2011-3602\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602\n[ 3 ] CVE-2011-3603\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603\n[ 4 ] CVE-2011-3604\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604\n[ 5 ] CVE-2011-3605\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-3601"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287"
          },
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "VULHUB",
            "id": "VHN-51546"
          },
          {
            "db": "PACKETSTORM",
            "id": "106846"
          },
          {
            "db": "PACKETSTORM",
            "id": "106366"
          },
          {
            "db": "PACKETSTORM",
            "id": "107166"
          }
        ],
        "trust": 2.25
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-51546",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51546"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-3601",
            "trust": 3.0
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2011/10/06/3",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-220",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "46626",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "46884",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46825",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46270",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "46930",
            "trust": 0.6
          },
          {
            "db": "UBUNTU",
            "id": "USN-1257-1",
            "trust": 0.6
          },
          {
            "db": "MLIST",
            "id": "[OSS-SECURITY] 20111007 RADVD 1.8.2 RELEASED WITH SECURITY FIXES",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "50395",
            "trust": 0.3
          },
          {
            "db": "PACKETSTORM",
            "id": "106846",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "107166",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-51546",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106366",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51546"
          },
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "PACKETSTORM",
            "id": "106846"
          },
          {
            "db": "PACKETSTORM",
            "id": "106366"
          },
          {
            "db": "PACKETSTORM",
            "id": "107166"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3601"
          }
        ]
      },
      "id": "VAR-201402-0026",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51546"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:54:21.723000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "CHANGES",
            "trust": 0.8,
            "url": "http://www.litech.org/radvd/CHANGES"
          },
          {
            "title": "radvd-1.8.2",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48103"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3601"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-1257-1"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2011/10/06/3"
          },
          {
            "trust": 1.7,
            "url": "http://www.litech.org/radvd/changes"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3601"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3601"
          },
          {
            "trust": 0.6,
            "url": "http://www.litech.org/radvd/"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46270"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46626"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46825"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46884"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46930"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3604"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3602"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3601"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3605"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-october/068481.html"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46626/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46626/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46626"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3605"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3602"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-201111-08.xml"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3603"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3601"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3603"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3604"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-51546"
          },
          {
            "db": "BID",
            "id": "50395"
          },
          {
            "db": "PACKETSTORM",
            "id": "106846"
          },
          {
            "db": "PACKETSTORM",
            "id": "106366"
          },
          {
            "db": "PACKETSTORM",
            "id": "107166"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3601"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-51546",
            "ident": null
          },
          {
            "db": "BID",
            "id": "50395",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106846",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106366",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "107166",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-220",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3601",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-02-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-51546",
            "ident": null
          },
          {
            "date": "2011-10-27T00:00:00",
            "db": "BID",
            "id": "50395",
            "ident": null
          },
          {
            "date": "2011-11-11T03:09:09",
            "db": "PACKETSTORM",
            "id": "106846",
            "ident": null
          },
          {
            "date": "2011-10-31T07:50:50",
            "db": "PACKETSTORM",
            "id": "106366",
            "ident": null
          },
          {
            "date": "2011-11-21T01:10:29",
            "db": "PACKETSTORM",
            "id": "107166",
            "ident": null
          },
          {
            "date": "2014-02-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-220",
            "ident": null
          },
          {
            "date": "2014-02-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005287",
            "ident": null
          },
          {
            "date": "2014-02-17T16:55:05.977000",
            "db": "NVD",
            "id": "CVE-2011-3601",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-02-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-51546",
            "ident": null
          },
          {
            "date": "2015-05-07T17:12:00",
            "db": "BID",
            "id": "50395",
            "ident": null
          },
          {
            "date": "2014-02-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201402-220",
            "ident": null
          },
          {
            "date": "2014-02-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-005287",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-3601",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-220"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "router advertisement daemon of  process_ra Function Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-005287"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201402-220"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200702-0378

    Vulnerability from variot - Updated: 2026-04-10 23:50

    Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                     National Cyber Alert System
    
               Technical Cyber Security Alert TA07-050A
    

    Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow

    Original release date: February 19, 2007 Last revised: -- Source: US-CERT

    Systems Affected

     * Snort 2.6.1, 2.6.1.1, and 2.6.1.2
     * Snort 2.7.0 beta 1
     * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with
       SEUs prior to SEU 64
     * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x,
       and 4.6x with SEUs prior to SEU 64
    

    Other products that use Snort or Snort components may be affected.

    I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules.

    The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake.

    US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS.

    II.

    III. Solution

    Upgrade

    Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site.

    Disable the DCE/RPC Preprocessor

    To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems):

     [/etc/snort.conf]
     ... 
     #preprocessor dcerpc...
    

    Restart Snort for the change to take effect.

    Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS.

    IV. References

     * US-CERT Vulnerability Note VU#196240 -
       <http://www.kb.cert.org/vuls/id/196240>
    
     * Sourcefire Advisory 2007-02-19 -
       <http://www.snort.org/docs/advisory-2007-02-19.html>
    
     * Sourcefire Support Login - <https://support.sourcefire.com/>
    
     * Sourcefire Snort Release Notes for 2.6.1.3 -
       <http://www.snort.org/docs/release_notes/release_notes_2613.txt>
    
     * Snort downloads - <http://www.snort.org/dl/>
    
     * DCE/RPC Preprocessor -
       <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html>
    
     * IBM Internet Security Systems Protection Advisory -
       <http://iss.net/threats/257.html>
    
     * CVE-2006-5276 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276>
    

    The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA07-050A.html>
    

    Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-050A Feedback VU#196240" in the subject.


    For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.


    Produced 2007 by US-CERT, a government organization.

    Terms of use:

     <http://www.us-cert.gov/legal.html>
    

    Revision History

    February 19, 2007: Initial Release

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

    iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007

    Summary:

    Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue.

    Mitigating Factors:

    Users who have disabled the DCE/RPC preprocessor are not vulnerable.

    Recommended Actions:

    • Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately.
    • Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2.

    Workarounds:

    Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor.

    Detecting Attacks Against This Vulnerability:

    Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability.

    Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited.

    Acknowledgments:

    Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it.


    Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV


    Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce .

    Resolution

    All Snort users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3"
    

    References

    [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200703-01.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "snort",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "snort",
            "version": "2.6.1"
          },
          {
            "_id": null,
            "model": "snort",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "snort",
            "version": "2.6.1.1"
          },
          {
            "_id": null,
            "model": "snort",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "snort",
            "version": "2.7_beta1"
          },
          {
            "_id": null,
            "model": "snort",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "snort",
            "version": "2.6.1.2"
          },
          {
            "_id": null,
            "model": "snort",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "snort",
            "version": "2.6.1.2"
          },
          {
            "_id": null,
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sourcefire",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sourcefire",
            "version": "4.6"
          },
          {
            "_id": null,
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sourcefire",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nortel",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "snort",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": null
          },
          {
            "_id": null,
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": "4.5.x"
          },
          {
            "_id": null,
            "model": "snort",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "snort",
            "version": "2.7.0 beta 1"
          },
          {
            "_id": null,
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": "for crossbeam version 4.1.x"
          },
          {
            "_id": null,
            "model": "intrusion sensor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": "4.6x of  seu 64 earlier versions"
          },
          {
            "_id": null,
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": "version 4.1.x"
          },
          {
            "_id": null,
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.6.1.2"
          },
          {
            "_id": null,
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.6.1.1"
          },
          {
            "_id": null,
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.6.1"
          },
          {
            "_id": null,
            "model": "project snort beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.7.01"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "fedora core7",
            "scope": null,
            "trust": 0.3,
            "vendor": "redhat",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "networks threat protection system intrusion sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "networks threat protection system intrusion sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.6"
          },
          {
            "_id": null,
            "model": "networks threat protection system intrusion sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "networks threat protection system defense center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "networks threat protection system defense center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.6"
          },
          {
            "_id": null,
            "model": "networks threat protection system defense center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "net-analyzer/snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gentoo",
            "version": "2.6.1"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "project snort",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.6.1.3"
          },
          {
            "_id": null,
            "model": "net-analyzer/snort",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "gentoo",
            "version": "2.6.1.3"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "BID",
            "id": "22616"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:snort:snort",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:sourcefire:intrusion_sensor",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Neel Mehta",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-5276",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-5276",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-21384",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-5276",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#196240",
                "trust": 0.8,
                "value": "23.63"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-5276",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200702-347",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-21384",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2006-5276",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted \u0027DCE\u0027 and \u0027RPC\u0027 network packets. \nAn attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                     National Cyber Alert System\n\n               Technical Cyber Security Alert TA07-050A\n\n\nSourcefire Snort DCE/RPC Preprocessor Buffer Overflow\n\n   Original release date: February 19, 2007\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Snort 2.6.1, 2.6.1.1, and 2.6.1.2\n     * Snort 2.7.0 beta 1\n     * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with\n       SEUs prior to SEU 64\n     * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x,\n       and 4.6x with SEUs prior to SEU 64\n\n   Other products that use Snort or Snort components may be affected. \n\n\nI. The DCE/RPC\n   preprocessor reassembles fragmented SMB and DCE/RPC traffic before\n   passing data to the Snort rules. \n\n   The vulnerable code does not properly reassemble certain types of\n   SMB and DCE/RPC packets. An attacker could exploit this\n   vulnerability by sending a specially crafted TCP packet to a host\n   or network monitored by Snort. The DCE/RPC preprocessor is enabled\n   by default, and it is not necessary for an attacker to complete a\n   TCP handshake. \n\n   US-CERT is tracking this vulnerability as VU#196240. This\n   vulnerability has been assigned CVE number CVE-2006-5276. Further\n   information is available in advisories from Sourcefire and ISS. \n\n\nII. \n\n\nIII. Solution\n\nUpgrade\n\n   Snort 2.6.1.3 is available from the Snort download site. Sourcefire\n   customers should visit the Sourcefire Support Login site. \n\nDisable the DCE/RPC Preprocessor\n\n   To disable the DCE/RPC preprocessor, comment out the line that loads\n   the preprocessor in the Snort configuration file (typically\n   /etc/snort.conf on UNIX and Linux systems):\n\n     [/etc/snort.conf]\n     ... \n     #preprocessor dcerpc... \n   \n   Restart Snort for the change to take effect. \n\n   Disabling the preprocessor will prevent Snort from reassembling\n   fragmented SMB and DCE/RPC packets. This may allow attacks to evade\n   the IDS. \n\n\nIV. References\n\n     * US-CERT Vulnerability Note VU#196240 -\n       \u003chttp://www.kb.cert.org/vuls/id/196240\u003e\n\n     * Sourcefire Advisory 2007-02-19 -\n       \u003chttp://www.snort.org/docs/advisory-2007-02-19.html\u003e\n\n     * Sourcefire Support Login - \u003chttps://support.sourcefire.com/\u003e\n\n     * Sourcefire Snort Release Notes for 2.6.1.3 -\n       \u003chttp://www.snort.org/docs/release_notes/release_notes_2613.txt\u003e\n\n     * Snort downloads - \u003chttp://www.snort.org/dl/\u003e\n\n     * DCE/RPC Preprocessor -\n       \u003chttp://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html\u003e\n\n     * IBM Internet Security Systems Protection Advisory -\n       \u003chttp://iss.net/threats/257.html\u003e\n\n     * CVE-2006-5276 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276\u003e\n\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA07-050A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA07-050A Feedback VU#196240\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2007 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n   February 19, 2007:  Initial Release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP\nqulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq\n+kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6\nOuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w\nRSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg\n+EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg==\n=T7v8\n-----END PGP SIGNATURE-----\n. February 19, 2007\n\nSummary:\n\nSourcefire has learned of a remotely exploitable vulnerability in the \nSnort DCE/RPC preprocessor. Sourcefire \nhas prepared updates for Snort open-source software to address this issue. \n\n\nMitigating Factors:\n\nUsers who have disabled the DCE/RPC preprocessor are not vulnerable. \n\n\nRecommended Actions:\n\n* Open-source Snort 2.6.1.x users are advised to upgrade to Snort \n2.6.1.3 (or later) immediately. \n* Open-source Snort 2.7 beta users are advised to mitigate this issue by \ndisabling the DCE/RPC preprocessor. \n   This issue will be resolved in Snort 2.7 beta 2. \n\n\nWorkarounds:\n\nSnort users who cannot upgrade immediately are advised to disable the \nDCE/RPC preprocessor by removing the DCE/RPC preprocessor directives \nfrom snort.conf and restarting Snort. However, be advised that disabling \nthe DCE/RPC preprocessor reduces detection capabilities for attacks in \nDCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC \npreprocessor. \n\n\nDetecting Attacks Against This Vulnerability:\n\nSourcefire will be releasing a rule pack that provides detection for \nattacks against this vulnerability. \n\nHas Sourcefire received any reports that this vulnerability has been \nexploited?\n- No. Sourcefire has not received any reports that this vulnerability \nhas been exploited. \n\n\nAcknowledgments:\n\nSourcefire would like to thank Neel Mehta from IBM X-Force for reporting \nthis issue and working with us to resolve it. \n\n\n-------------------------------------------------------------------------\nTake Surveys. Earn Cash. Influence the Future of IT\nJoin SourceForge.net\u0027s Techsay panel and you\u0027ll get the chance to share your\nopinions on IT \u0026 business topics through brief surveys-and earn cash\nhttp://www.techsay.com/default.php?page=join.php\u0026p=sourceforge\u0026CID=DEVDEV\n_______________________________________________\nSnort-announce mailing list\nSnort-announce@lists.sourceforge.net\nhttps://lists.sourceforge.net/lists/listinfo/snort-announce\n. \n\nResolution\n==========\n\nAll Snort users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/snort-2.6.1.3\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-5276\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200703-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          },
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "BID",
            "id": "22616"
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "PACKETSTORM",
            "id": "54569"
          },
          {
            "db": "PACKETSTORM",
            "id": "54522"
          },
          {
            "db": "PACKETSTORM",
            "id": "54834"
          }
        ],
        "trust": 3.06
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=3609",
            "trust": 0.4,
            "type": "exploit"
          },
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-21384",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#196240",
            "trust": 3.8
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276",
            "trust": 3.2
          },
          {
            "db": "BID",
            "id": "22616",
            "trust": 2.9
          },
          {
            "db": "USCERT",
            "id": "TA07-050A",
            "trust": 2.7
          },
          {
            "db": "SECUNIA",
            "id": "24272",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "24190",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "24235",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "24239",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "26746",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "24240",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1017669",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1017670",
            "trust": 1.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "3362",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0668",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0656",
            "trust": 1.8
          },
          {
            "db": "OSVDB",
            "id": "32094",
            "trust": 1.8
          },
          {
            "db": "XF",
            "id": "31275",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347",
            "trust": 0.7
          },
          {
            "db": "CERT/CC",
            "id": "TA07-050A",
            "trust": 0.6
          },
          {
            "db": "GENTOO",
            "id": "GLSA-200703-01",
            "trust": 0.6
          },
          {
            "db": "MILW0RM",
            "id": "3362",
            "trust": 0.6
          },
          {
            "db": "ISS",
            "id": "20070219 SOURCEFIRE SNORT REMOTE BUFFER OVERFLOW",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20070303 ERRATA: [ GLSA 200703-01 ] SNORT: REMOTE EXECUTION OF ARBITRARY CODE",
            "trust": 0.6
          },
          {
            "db": "FEDORA",
            "id": "FEDORA-2007-2060",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "3609",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "54522",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "54569",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "54834",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-72771",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "18723",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "3391",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "111677",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "54632",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "BID",
            "id": "22616"
          },
          {
            "db": "PACKETSTORM",
            "id": "54569"
          },
          {
            "db": "PACKETSTORM",
            "id": "54522"
          },
          {
            "db": "PACKETSTORM",
            "id": "54834"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "id": "VAR-200702-0378",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:50:14.187000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Latest changelog : 2.6.1.3",
            "trust": 0.8,
            "url": "http://www.snort.org/dl/"
          },
          {
            "title": "2007-02-19 Sourcefire Advisory: Vulnerability in Snort DCE/RPC Preprocessor",
            "trust": 0.8,
            "url": "http://www.snort.org/docs/advisory-2007-02-19.html"
          },
          {
            "title": "Sourcefire Support Login",
            "trust": 0.8,
            "url": "https://support.sourcefire.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.sourcefire.com/"
          },
          {
            "title": "Detection for Vulnerability in Snort DCE/RPC Pre-processor",
            "trust": 0.8,
            "url": "http://www.sourcefire.com/services/advisories/sa022007.html"
          },
          {
            "title": "vrt-rules-2007-02-20",
            "trust": 0.8,
            "url": "http://www.snort.org/vrt/advisories/vrt-rules-2007-02-20.html"
          },
          {
            "title": "LinuxFlaw",
            "trust": 0.1,
            "url": "https://github.com/mudongliang/LinuxFlaw "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.0,
            "url": "http://www.kb.cert.org/vuls/id/196240"
          },
          {
            "trust": 2.9,
            "url": "http://www.snort.org/docs/advisory-2007-02-19.html"
          },
          {
            "trust": 2.6,
            "url": "http://iss.net/threats/257.html"
          },
          {
            "trust": 2.6,
            "url": "http://www.securityfocus.com/bid/22616"
          },
          {
            "trust": 2.6,
            "url": "http://www.us-cert.gov/cas/techalerts/ta07-050a.html"
          },
          {
            "trust": 1.9,
            "url": "http://security.gentoo.org/glsa/glsa-200703-01.xml"
          },
          {
            "trust": 1.8,
            "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2007/08/021923-01.pdf"
          },
          {
            "trust": 1.8,
            "url": "http://fedoranews.org/updates/fedora-2007-206.shtml"
          },
          {
            "trust": 1.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229265"
          },
          {
            "trust": 1.8,
            "url": "http://www.osvdb.org/32094"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id?1017669"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id?1017670"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/24190"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/24235"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/24239"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/24240"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/24272"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/26746"
          },
          {
            "trust": 1.7,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=540173"
          },
          {
            "trust": 1.4,
            "url": "http://xforce.iss.net/xforce/xfdb/31275"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/archive/1/461810/100/0/threaded"
          },
          {
            "trust": 1.2,
            "url": "https://www.exploit-db.com/exploits/3362"
          },
          {
            "trust": 1.2,
            "url": "http://www.vupen.com/english/advisories/2007/0656"
          },
          {
            "trust": 1.2,
            "url": "http://www.vupen.com/english/advisories/2007/0668"
          },
          {
            "trust": 1.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31275"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276"
          },
          {
            "trust": 0.8,
            "url": "https://support.sourcefire.com/"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/docs/release_notes/release_notes_2613.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/dl/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/24235/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/24190/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/24272/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta07-050a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta07-050a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-5276"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/461810/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.milw0rm.com/exploits/3362"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2007/0668"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2007/0656"
          },
          {
            "trust": 0.3,
            "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4108\u0026menutype=menupublic"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/"
          },
          {
            "trust": 0.3,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=540173\u0026renditionid=\u0026poid=null"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5276"
          },
          {
            "trust": 0.1,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026amp;documentoid=540173"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2006-5276"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/modules/exploit/multi/ids/snort_dce_rpc"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/3609/"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/techalerts/ta07-050a.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://iss.net/threats/257.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/signup.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://support.sourcefire.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/196240\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/dl/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/legal.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/advisory-2007-02-19.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/release_notes/release_notes_2613.txt\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.techsay.com/default.php?page=join.php\u0026p=sourceforge\u0026cid=devdev"
          },
          {
            "trust": 0.1,
            "url": "https://lists.sourceforge.net/lists/listinfo/snort-announce"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "BID",
            "id": "22616"
          },
          {
            "db": "PACKETSTORM",
            "id": "54569"
          },
          {
            "db": "PACKETSTORM",
            "id": "54522"
          },
          {
            "db": "PACKETSTORM",
            "id": "54834"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#196240",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276",
            "ident": null
          },
          {
            "db": "BID",
            "id": "22616",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "54569",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "54522",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "54834",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2007-02-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#196240",
            "ident": null
          },
          {
            "date": "2007-02-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-21384",
            "ident": null
          },
          {
            "date": "2007-02-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2006-5276",
            "ident": null
          },
          {
            "date": "2007-02-19T00:00:00",
            "db": "BID",
            "id": "22616",
            "ident": null
          },
          {
            "date": "2007-02-23T03:05:45",
            "db": "PACKETSTORM",
            "id": "54569",
            "ident": null
          },
          {
            "date": "2007-02-20T01:23:04",
            "db": "PACKETSTORM",
            "id": "54522",
            "ident": null
          },
          {
            "date": "2007-03-06T06:25:25",
            "db": "PACKETSTORM",
            "id": "54834",
            "ident": null
          },
          {
            "date": "2007-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200702-347",
            "ident": null
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2007-000170",
            "ident": null
          },
          {
            "date": "2007-02-20T01:28:00",
            "db": "NVD",
            "id": "CVE-2006-5276",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2008-01-30T00:00:00",
            "db": "CERT/CC",
            "id": "VU#196240",
            "ident": null
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-21384",
            "ident": null
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2006-5276",
            "ident": null
          },
          {
            "date": "2007-11-15T00:38:00",
            "db": "BID",
            "id": "22616",
            "ident": null
          },
          {
            "date": "2007-05-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200702-347",
            "ident": null
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2007-000170",
            "ident": null
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-5276",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "54569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          }
        ],
        "trust": 0.6
      }
    }