1779 matches found
EUVD-2025-210471
A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...
kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...
The vulnerability of the __qla2x00_abort_all_cmds() function in the drivers/scsi/qla2xxx/qla_os.c driver of the SCSI device drivers for the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the qla2x00abortallcmds function in the drivers/scsi/qla2xxx/qlaos.c module of the SCSI device driver for the Linux operating system is related to the use of pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...
SUSE CVE-2026-14355
In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...
CVE-2026-54234 vLLM: Remote DoS in vLLM via Invalid Recovered Token Reinjection
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...
CVE-2026-54234
CVE-2026-54234 affects vLLM prior to version 0.24.0. A frontend multi-request speculative decoding path could cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which becomes negative one when the next live token is selected. This out-of-vo...
CVE-2026-54234
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...
CVE-2026-59089
A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...
CVE-2026-59089
GIMP contains a vulnerability in its PlayStation TIM loader: the CLUT size is computed by multiplying two 16-bit unsigned values (num_colors and num_cluts), which can overflow and exceed integer limits. This overflow triggers undefined behavior that causes the GIMP plug-in to abort when processin...
CVE-2026-14355
In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...
CVE-2026-14355
In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...
GHSA-C8W6-X74F-VMG3 zebrad vulnerable to full node denial of service via crafted Sapling receiver in z_listunifiedreceivers
Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your zebrad.toml sets rpc.listenaddr to a TCP address RPC server is enabled. 3. An attacker can authenticate to the RPC endpoint. With the default enablecookieauth = true, this requires the attacker to read the...
GHSA-QV2R-V3MX-F4PF zebrad has full node denial of service via non-ASCII LongPollId in getblocktemplate
Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your zebrad.toml sets rpc.listenaddr to a TCP address RPC server is enabled. 3. An attacker can authenticate to the RPC endpoint. With the default enablecookieauth = true, this requires the attacker to read the...
UBUNTU-CVE-2026-20243
A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ...
kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...
dm cache metadata: fix memory leak on metadata abort retry
...
DEBIAN-CVE-2026-53284
In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...
CVE-2026-53284
In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...
CVE-2026-53103
A flaw was found in the Linux kernel's Wi-Fi subsystem, specifically within the mt7925rocabortsync function. This vulnerability can lead to a deadlock condition when rocabortsync attempts to cancel a work item rocwork while rocwork is already holding a mutex. This situation can occur during Wi-Fi...
SUSE CVE-2026-53060
In the Linux kernel, the following vulnerability has been resolved: dm cache metadata: fix memory leak on metadata abort retry When failing to acquire the rootlock in dmcachemetadataabort because the blockmanager is read-only, the temporary blockmanager created outside the rootlock is not properl...