609 matches found
CVE-2026-15685
Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2026-57258
The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes...
keycloak: Keycloak: Denial of Service via malformed Authorization header
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...
EUVD-2026-39341
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an issue where engid could be negative, causing the streamenc regs array to be indexed out of bounds. The variable engid is used directly as an index into the streamenc regs array, which has only 5 elements...
CVE-2026-52915
In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6thbh: reject oversized option lists struct ip6topts stores at most IP6TOPTSOPTSNR option descriptors, but hbhmt6check does not reject larger optsnr values supplied from userspace. Validate optsnr in the rule setup...
UBUNTU-CVE-2026-52915
In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6thbh: reject oversized option lists struct ip6topts stores at most IP6TOPTSOPTSNR option descriptors, but hbhmt6check does not reject larger optsnr values supplied from userspace. Validate optsnr in the rule setup...
CVE-2026-52915 netfilter: ip6t_hbh: reject oversized option lists
In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6thbh: reject oversized option lists struct ip6topts stores at most IP6TOPTSOPTSNR option descriptors, but hbhmt6check does not reject larger optsnr values supplied from userspace. Validate optsnr in the rule setup...
Linux Distros Unpatched Vulnerability : CVE-2026-52915
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: ip6thbh: reject oversized option lists struct ip6topts stores at most IP6TOPTSOPTSNR option descriptors, but hbhmt6check does not reject larger optsn...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40252)
In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend The loops in 'qedetpacont' and 'qedetpaend', iterate over 'cqe-lenlist' using only a zero- length terminator as the stopping condition. If the...
CVE-2026-10641 Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_values)
Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...
SUSE CVE-2026-46286
In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...
UBUNTU-CVE-2026-46307
In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: The ath5k driver seems to do an array-index-out-of-bounds access as shown by the UBSAN kernel message: UBSAN: array-index-out-of-bounds in...
UBUNTU-CVE-2026-46286
In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...
EUVD-2026-35151
In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...
CVE-2026-46286 leds: qcom-lpg: Check for array overflow when selecting the high resolution
In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...
CVE-2026-46286 leds: qcom-lpg: Check for array overflow when selecting the high resolution
In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...
PT-2026-47378
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An array-index-out-of-bounds access exists in the ath5k WiFi driver. The issue occurs within the ath5k tasklet tx function in the drivers/net/wireless/ath/ath5k/base.c file. Specifically...
EUVD-2026-32859
In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will read off the end of the touchreports array, up to about 2 KiB for the...
EUVD-2026-32719
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...