EUVD-2025-26475

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to...

CVE-2026-5071

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...

Linux Distros Unpatched Vulnerability : CVE-2026-46186

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with the WMT event length verification in the btmtk module. This vulnerability may lead ...

UBUNTU-CVE-2026-46039

In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgkextracttoken when checking the length of the ticket. Rather than rounding up the value to be tested which might overflow, round down the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from integer overflows in the length checks within the rxgkextracttoken function. This vulnerability...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the decode and pull16 functions in the slip module not performing boundary checks on the length o...

CVE-2026-8047

CVE-2026-8047 affects CODESYS Control. The flaw is an improper length check while parsing incoming HTTP requests, causing a size-limited out-of-bounds write. An unauthenticated remote attacker could trigger a denial of service via a system crash on the affected device. Exploitation details and re...

EUVD-2026-31800

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device...

httpd: Fix of 5 CVEs

CVE-2026-28780: modproxyajp 4-byte heap buffer overflow when contacting a malicious AJP backend off-by-AJPHEADERLEN check in ajpmsgcheckheader - CVE-2026-34059: modproxyajp heap over-read in ajpparsedata on short AJP replies - CVE-2026-33006: modauthdigest used non-constant-time strcmp for...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl818x: rtl8187: Fixed a potential buffer underflow in rtl8187rxcb. The rtl8187rxcb function calculates the RX descriptor header address by subtracting its size from the skbtailptr. However, it does not validate whether th...

Astra Linux - уязвимость в xorg-server

A vulnerability was discovered in X.Org. This security flaw arises due to issues with the length validation of the handler for the XIChangeProperty request, leading to out-of-bounds memory reads and potential information disclosure. This issue can result in elevation of local privileges on system...

CLSA-2026-1778612609 httpd: Fix of 8 CVEs

CVE-2026-24072: use APEXPRFLAGRESTRICTED in htaccess - CVE-2026-29169: moddavlock: use the right davlockdiscovery - CVE-2026-33006: modauthdigest: use aprcryptoequals - CVE-2026-33007: modauthnsocache: validate URL earlier - CVE-2026-33523: scan outgoing status line for newlines and controls -...

CLSA-2026-1778490923 httpd: Fix of 9 CVEs

CVE-2026-33857: fix length checks in AJP msgget functions - CVE-2026-34032: fix ajpmsggetstring buffer checks - CVE-2026-34059: fix ajpparsedata message len check - CVE-2026-24072: use APEXPRFLAGRESTRICTED in htaccess - CVE-2026-29169: moddavlock: use the right davlockdiscovery - CVE-2026-33006:...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from undefined and forced checks on the maximum length of keys in the libceph library. This...

SUSE CVE-2026-43051

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacomintuosbtirq The wacomintuosbtirq function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read when...

awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: do not trust the firmware’s nChannels value. If the firmware sends us a corrupted MCC response where nChannels is much larger than what the command response can handle, we might copy too much uninitialized...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In loaddata, make the validation of and skipping over the main info block match that in loadguspatch. In loadguspatch, add checking that the specified patch length matches the...