Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from undefined and forced checks on the maximum length of keys in the libceph library. This...

PT-2026-38946

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where the system failed to properly verify the length of key material during decoding. Specifically, the process auth done function did not ensur...

PT-2026-38952

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description On the i.MX8MQ platform, a hardware limitation exists where the g1 VPU and g2 VPU cannot perform decoding simultaneously. Concurrent operation leads to a bus error, resulting in corrupte...

Linux Distros Unpatched Vulnerability : CVE-2026-43310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot deco...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the inability of the g1 and g2 VPUs in the verisilicon driver to decode simultaneously, potential...

GHSA-Q6MH-RQWH-G786 Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery

Summary No minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing...

CVE-2026-43861

A flaw was found in mutt, an email client. The urlpctdecode function, which is responsible for decoding URL-encoded strings, does not correctly handle null termination characters. This vulnerability could allow a remote attacker, to manipulate how URLs are processed, potentially leading to a...

GHSA-JFG9-48MV-9QGX Netty MQTT: Resource exhaustion in MqttDecoder

Impact The MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the bytesRemainingBeforeVariableHeader maxBytesInMessage check. The decodeVariableHeader can call other metho...

MGASA-2026-0112 Updated libexif packages fix security vulnerabilities

CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon...

SUSE CVE-2026-43108

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's reason field due which we could observe decoding error on PD crash...

Netty HTTP/3 QPACK literal unbounded allocation

Summary When Netty decodes HTTP/3 headers, it sometimes runs new bytelength using a length from the wire before checking that many bytes are really there. A small malicious header can claim a huge length on the order of a gigabyte. Details When decoding header blocks, the non-Huffman branch of...

GHSA-2C5C-CHWR-9HQW Netty HTTP/3 QPACK literal unbounded allocation

Summary When Netty decodes HTTP/3 headers, it sometimes runs new bytelength using a length from the wire before checking that many bytes are really there. A small malicious header can claim a huge length on the order of a gigabyte. Details When decoding header blocks, the non-Huffman branch of...

PT-2026-38375

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Description When decoding HTTP/3 header blocks, the non-Huffman branch of the decodeHuffmanEncodedLiteral function in io.netty.handler.codec.http3.QpackDecoder may execute new bytelength for a string litera...

PT-2026-38399

Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description Resource exhaustion occurs because the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. In the MqttDecoder class, the decodeVariableHeader...

Linux Distros Unpatched Vulnerability : CVE-2026-43108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's...

Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

GHSA-2CWQ-PWFR-WCW3 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`

A proxy route rule like: ts routeRules: "/api/orders/": proxy: to: "http://upstream/orders/" is intended to limit the proxy to URLs under /api/orders/. Before the patch, an attacker could bypass that scope by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a...

Directory Traversal

Overview nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Directory Traversal via the routeRules function. An attacker can access files or endpoints outside the intended proxy scope by sending specially crafted URLs containing...

GHSA-5W89-W975-HF9Q Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`

A proxy route rule like: ts routeRules: "/api/orders/": proxy: to: "http://upstream/orders/" is intended to limit the proxy to URLs under /api/orders/. Before the patch, an attacker could bypass that scope by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a...