Apache NiFi - Information Disclosure

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

CVE-2025-15661

A flaw in libssh2's sftpsymlink function allows a malicious SSH server or man-in-the-middle attacker to trigger an out-of-bounds heap read via a crafted SSHFXPNAME response. This can disclose heap memory contents or crash the application, causing a denial of service DoS. Mitigation Implement stri...

CVE-2026-53224

The CVE-2026-53224 entry pertains to the Linux kernel SCTP cookie parsing. The vulnerability arises because sctp_unpack_cookie() only validated that an embedded INIT chunk’s length did not exceed the remaining cookie payload, but did not ensure the INIT header fit, allowing a malformed COOKIE_ECH...

CVE-2026-53225

The CVE-2026-53225 issue affects the Linux kernel SCTP path: __sctp_rcv_asconf_lookup() in net/sctp/input.c may read uninitialized memory when a truncated IPv6 address parameter is declared in an ASCONF chunk. An unauthenticated peer could trigger reads of up to 16 bytes past the parameter if the...

EUVD-2026-38899

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...

CVE-2026-47382

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and...

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws The commit f316cdff8d67 annotated the hws member of the struct clkhwonecelldata with countedby. This informs the bounds sanitizer UBSANBOUNDS about the number of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed the response length checking for UD request packets. According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be considered invalid, and it shall be silently...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: fbdev: Added bounds checking in bitputcs to prevent out-of-bounds writes using vmalloc. Added bounds checking to prevent writes beyond the framebuffer boundaries when rendering text near the screen edges. Return early if the Y...

Astra Linux – Vulnerability in WebKit2GTK

A vulnerability related to out-of-bounds reads has been addressed through improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code executio...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Added bounds checking to ocfs2checkdirentry. This adds sanity checks for ocfs2direntry to ensure that all members of ocfs2direntry do not go beyond the valid memory region...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive – Properly handles the return of sgnentsforlen The return value of sgnentsforlen was assigned to a unsigned long in starfivehashdigest, causing negative error codes to be converted into large positive integers...

Astra Linux – Vulnerability in ffmpeg, ffmpeg5

FFmpeg n6.1.1 has an integer overflow vulnerability. The vulnerability resides in the parseoptions function in the sbgdec.c file, within the libavformat module. When parsing certain options, the software does not properly validate the input. This allows negative duration values to be accepted...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevention of out-of-bounds read in mvnetaconfigrss The value of pp-indir0 comes from the user. It is passed to the function mvnetapercpuelect. Inside this function, there is a check to ensure that the value does not...

CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

EUVD-2026-36737

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

CVE-2026-6047

CVE-2026-6047 : LibreOffice is affected during OOXML (DOCX) import of a text box element. The issue is a heap buffer overflow that occurs when replaying deferred parser events; a handler object may be written using a layout for a larger type, causing writes past the allocation end. The root cause...

EUVD-2026-36735

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...