3966 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53074
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: reject short IPv4/IPv6 inputs in bpfprogtestrunskb bpfprogtestrunskb calls ethtypetrans first and then uses skb-protocol to initialize sk family and addres...
EUVD-2026-38955
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking freebds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that ...
CVE-2026-53087
Summary: CVE-2026-53087 affects the Linux kernel bcmgenet network driver. When reclaiming the transmit queue, the driver advances the write pointer to drop in-flight data but fails to return the dropped frames to the pool of free buffer descriptors (bds), causing a resource leak. This can lead to...
CVE-2026-53003 pppoe: drop PFC frames
In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an...
CVE-2026-53003
The CVE-2026-53003 issue affects the Linux kernel PPPoE stack. A misbehaving peer can send a compressed Protocol Field (PFC) frame, causing the PPP payload to shift by one byte and creating a 4-byte misalignment in the network header, which may trigger unaligned access exceptions on some architec...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed an out-of-bounds read during the parsing of the OnBeacon Extended Supported Rates ESR extension. The handling of the ESR extension during the OnBeacon phase involves accessing p + 1 + ielen and p + 2 +...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames sent to non-broadcast addresses Beacon frames are required to be sent to the broadcast address. See IEEE Std 802.11-2020, 11.1.3.1: “The ‘Address 1’ field of the Beacon frame shall be set to...
google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...
Security Bulletin: Vulnerability in IBM Sterling Order Management
Summary golang.org/x/net-v0.52.0 is vulnerable, When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2...
CVE-2026-52912
The CVE-2026-52912 affects the Linux kernel netfilter nf_queue handling of bridge LOCAL_IN traffic. br_pass_frame_up() rewrites skb->dev from the ingress port to the bridge master before queueing, allowing a queued bridge packet to retain a freed bridge master in skb->dev. On reinjection, b...
PT-2026-51897
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PPPoE driver where the generic PPP layer function ppp input accepts Protocol Field Compression PFC frames, despite PFC not being recommended for PPPoE. If an...
Node.js Module Undici 6.17.x < 6.27.0 / 7.x < 7.28.0 / 8.x < 8.5.0 DoS (CVE-2026-12151)
The nodejs module Undici detected on the host is version 6.17.x prior to 6.27.0, 7.x prior to 7.28.0, or 8.x prior to 8.5.0. It is, therefore, affected by a denial of service vulnerability: - The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a messag...
SUSE CVE-2026-56211
A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...
CVE-2026-54236 vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...
CVE-2026-54236
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...
CVE-2026-54236
CVE-2026-54236 affects vLLM versions before 0.23.1rc0. Five code paths bypass the sanitize_message global exception handler, leaking heap addresses via exception messages: (1) Anthropic API router POST /v1/messages and POST /v1/messages/count_tokens (vllm/entrypoints/anthropic/api_router.py), (2)...
google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...
CVE-2026-54274
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...
CVE-2026-54274
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...