272 matches found
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...
PT-2026-37612
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer head page in rb meta validate events which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failur...
CVE-2026-31433
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in getfileallinfo for compound requests When a compound request consists of QUERYDIRECTORY + QUERYINFO FILEALLINFORMATION and the first command consumes nearly the entire maxtranssize, getfileallinfo woul...
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in getfileallinfo for compound requests When a compound request consists of QUERYDIRECTORY + QUERYINFO FILEALLINFORMATION and the first command consumes nearly the entire maxtranssize, getfileallinfo woul...
CVE-2026-40614
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers decframe.buf were allocated based on a...
CVE-2026-40335
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622–629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...
libgphoto2 安全漏洞
libgphoto2 is an open-source camera access and control library developed by gPhoto. Versions of libgphoto2 prior to 2.5.33 contained security vulnerabilities. These vulnerabilities stemmed from the ptpunpackSonyDPD function in the camlibs/ptp2/ptp-pack.c file, which did not validate the remaining...
CVE-2026-5494
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in...
CVE-2026-5495
Labcenter Proteus PDSPRJ file parsing vulnerability (CVE-2026-5495) is an out-of-bounds write leading to remote code execution. Affected software: Labcenter Proteus; vulnerability resides in PDSPRJ file processing due to insufficient input validation, allowing code execution in the process contex...
EUVD-2026-19327
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation...
CVE-2026-21371 Buffer Over-read in WinBlast Driver
Memory Corruption when retrieving output buffer with insufficient size validation...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets, which stem from insufficient buffer size validation when processing commands for auxiliary sensor input/output control, potentially leading t...
PT-2026-30644
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation...
CVE-2026-23424
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used to determine the valid payload size. Verify that the valid payload does not exceed the remaining buffer space...
CVE-2026-2922
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
UBUNTU-CVE-2026-3086
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
PT-2026-22391
Name of the Vulnerable Software and Affected Versions pillow heif versions prior to 1.3.0 Description An integer overflow in the encode path buffer validation within pillow heif.c allows an attacker to bypass bounds checks by providing large image dimensions. This can lead to a heap out-of-bounds...
BIT-VALKEY-2026-21863 Malformed Valkey Cluster bus message can lead to Remote DoS
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid packet that may cause an out bound read, which might result in the system crashing. The Valkey clusterbus packet processin...
SAIL 安全漏洞
SAIL is an open-source image decoding library developed by SAIL. SAIL has a security vulnerability that stems from the XWD parser’s use of the bytesperline value. This value is read directly from the file and used as the reading size, but it is not compared with the actual size of the target...
Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-39787)
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...