1382 matches found
EUVD-2026-39565
HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...
EUVD-2026-38872
In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...
CVE-2026-53074
Summary of CVE-2026-53074 (Linux kernel) : The issue occurs in the bpf_prog_test_run_skb() path where the code may access ip_hdr(skb) or ipv6_hdr(skb) for IPv4/IPv6 inputs even when only an Ethernet header is present. If the Ethernet frame carries an IPv4/IPv6 EtherType but the Layer 3 header is ...
CVE-2026-46551
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to downloa...
CVE-2026-46553 NocoDB: Attachment Size Limit Bypass via Upload-by-URL
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211 – Fix for buffer overflow in elem comparison. For vendor elements, the code assumes that 5 octets are present without checking them. Since the element itself has already been checked for compatibility, we only need...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: Fixed a possible overflow in the DPE length check. Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength U16MAX. This could lead to an OoB read. The term wDatagramInd...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: Check actuallength before accessing the header. The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostfram...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: s390/dasd: fixed an issue where error recovery led to data corruption on ESE devices. Extent Space Efficient ESE or thin-provisioned volumes need to be formatted on demand during normal IO processing. The dasdeseneedsformat...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: netlink: afnetlink: Added a check on the len parameter to prevent empty skb objects. This prevents a division error in the netemenqueue function, which occurs when skb-len=0 and skb-datalen=0 during the randomized corruption...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005i2cxfer In af9005i2cxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious data will eventually...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: media: dvb-frontends: w7090p: Fixed the nullptrderef issue in w7090ptunerwriteserpar and w7090ptunerreadserpar. In w7090ptunerwriteserpar, msg is controlled by the user. When msg0.buf is null and msg0.len is zero, previous...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tipc: The issue in tipcnlcompatnametabledumpheader regarding the check of the msg-req TLV length was fixed. This is a follow-up to commit 974cb0e3e7c9 “tipc: fixing uninit-value in tipcnlcompatnametabledump", where a type cast fr...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: virtio-net: The issue of checking the received length in large packets has been fixed. Since commit 4959aebba8c0 “virtio-net: Use the MTU size as the buffer length for large packets”, when the guest gso is disabled, the allocated...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: comedi: A flaw in the comedibufmunge function was addressed. This function performs a modulo operation async-mungechan %= async-cmd.chanlistlen, without first checking whether chanlistlen is zero. If a user program submits a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Softwarenodegetreferenceargs: A OOB check was corrected. Softwarenodegetreferenceargs attempts to retrieve the @index-th element. The property value requires at least index + 1 sizeofref bytes. However, this condition cannot be...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: tipc: Check the attribute length for the bearer name. syzbot reported uninit-value issues: ===================================================== BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:644 inline BUG: KMSAN:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places where qla4xxx parses nlattrs: - qla4xxxsetchapentry - qla4xxxifacesetparam - qla4xxxsysfsddbsetparam Each of these functions converts nlattr to a specifi...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fixed the overflow bug in musbgadget.c The musbgadgetqueue function calls the USB function device. This function adds the passed request to musbep::reqlist. If request-length musbep-packetsz and isbuffermappedreq retur...
CVE-2026-52722
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...