1673 matches found
CVE-2026-48132
The CVE-2026-48132 entry describes a vulnerability in Security Gateway where length values in certain IKE packets over NAT-T (UDP/4500) are not validated correctly. This can cause the VPN processing service to terminate unexpectedly, resulting in a denial-of-service (temporary interruption of VPN...
CVE-2026-48132 VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption of VPN...
gimp: GIMP: Remote Code Execution via PSP file parsing
A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP PaintShop Pro file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful...
PT-2026-43271
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description An out-of-bounds read exists in the NetFlow v9 options template parser. In the process netflow v9 options template function, the scope parsing loop iterates until scopes offset...
CVE-2026-48686
FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...
Check Point Security Gateway 安全漏洞
Check Point Security Gateway is a series of network security gateway devices developed by Check Point Corporation in Israel. There is a security vulnerability in Check Point Security Gateway, which stems from incorrect validation of length values in specific IKE packets during NAT-T operations...
PT-2026-43236
Name of the Vulnerable Software and Affected Versions Security Gateway affected versions not specified Description The Security Gateway fails to correctly validate a length value in specific IKE packets when NAT-T NAT Traversal, a method allowing VPN traffic to pass through NAT devices is used vi...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: - acpi: nfit: vmalloc-out-of-bounds read in acpinfitctl A issue detected by syzbot with KASAN has also been fixed: BUG: KASAN: vmalloc-out-of-bounds in cmdtofunc, drivers/acpi/nfit/core.c:416 inline BUG: KASAN:...
Astra Linux – Vulnerability in libpcap
The sf-pcapng.c file in libpcap before version 1.9.1 does not properly validate the PHB header length before allocating memory...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: verifyremainingdatalength respects maxfragmentedrecvsize This issue is related to the check for dataoffset + datalength...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211 – Increase scanieslen for S1G. Currently, the S1G capability element is not taken into consideration when calculating scanieslen, which leads to a buffer length validation failure in the ieee80211prephwscan functio...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: cifs: Fixed a buffer overflow issue when parsing NFS reparse points. ReparseDataLength is the sum of the InodeType size and the DataBuffer size. To determine the DataBuffer size, it is necessary to subtract the InodeType size...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevents out-of-bounds stream writes by validating pos. The ksmbdvfsstreamwrite function did not validate whether the write offset pos was within the bounds of the existing stream data length vlen. If pos was greater than ...
FreeBSD Security Advisory - FreeBSD-SA-26:18.setcred
FreeBSD Security Advisory - The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the...
CVE-2026-48132 - VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP
Symptoms - The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption o...
GStreamer: GStreamer: Arbitrary code execution via ASF file processing
A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF Advanced Systems Forma...
GStreamer: GStreamer: Arbitrary code execution via ASF file processing
A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF Advanced Systems Forma...
ALSA-2026:19010 Important: postgresql16 security update
PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...
PT-2026-41681
OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enet encap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled item count value that is not consistently...
CLSA-2026-1778934210 Fix of 7 CVEs
SECURITY UPDATE: off-by-one OOB read in modproxyajp message getters - debian/patches/CVE-2026-33857.patch: tighten length checks msg-len - = msg-len in ajpmsggetuint8/16/32 and ajpmsgpeekuint8/16 in modules/proxy/ajpmsg.c. - CVE-2026-33857 SECURITY UPDATE: heap over-read in modproxyajp via missin...