Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload through the image decoding process. An attacker can cause the server process to crash by uploading a specially crafted TIFF file that triggers excessive memory allocation. Remediation Upgrade...

SUSE CVE-2026-46281

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

SUSE CVE-2026-46305

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...

K000161639: Apache HTTP Server mod_http2 (HTTP/2 Bomb) vulnerability CVE-2026-49975

Security Advisory Description Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67. CVE-2026-49975 Impact For products with None in the...

PT-2026-47755

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where hugetlb VMA lock allocation is incorrectly handled during the mmap prepare stage. If an allocation fails after mmap prepare is called, it may...

PT-2026-47757

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the tap get user xdp function. When a frame is shorter than ETH HLEN, the function returns -EINVAL; similarly, it returns -ENOMEM if build skb fails. In both...

PT-2026-47754

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM arm64 component where the kvm-arch.nested mmus array is accessed under the kvm-mmu lock, including within the MMU notifier path via the functions kvm unmap gfn...

FreeBSD Security Advisory - FreeBSD-SA-26:34.vt

FreeBSD Security Advisory - The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the...

PT-2026-47778

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

PT-2026-48129

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...

PT-2026-48321

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

FreeSWITCH 输入验证错误漏洞

FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was a...

QEMU calc_image_hostmem Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu driver. Th...

389 Directory Server 代码问题漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a code vulnerability in 389 Directory Server, which stems from the control plugin’s failure to check for allocation failures before using BER structures. This...

FreeBSD -- Integer overflow in vt(4) CONS_HISTORY ioctl

Problem Description: The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of...

GHSA-X4GW-5CX5-PGMH Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates ctx.alloc.bufferhandshakeLength line 161. The guard at line 140 is handshakeLength maxClientHelloLength && maxClientHelloLength != 0, and the...

Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates ctx.alloc.bufferhandshakeLength line 161. The guard at line 140 is handshakeLength maxClientHelloLength && maxClientHelloLength != 0, and the...

CVE-2026-46279

A flaw was found in the Linux kernel's memory management subsystem. Due to an initialization ordering issue, certain pages allocated before the pageext structure is fully available may have uninitialized codetag references. This can lead to a warning being triggered when these pages are later...

CVE-2026-46293

A flaw was found in the Linux kernel's clock driver for Microchip PolarFire SoC MPFS systems. This vulnerability involves an out-of-bounds memory access that occurs during the registration of clock outputs. The issue stems from incorrect memory allocation within the driver, which can lead to syst...

CVE-2026-46305

A flaw was found in the Linux kernel, specifically within the rtl8723bs staging driver's osdep module. The rtwcbufalloc function does not properly validate the return value of a memory allocation, leading to an unconditional dereference of a potentially NULL pointer. This vulnerability could allo...