19357 matches found
CVE-2026-53002
A flaw was found in the Linux kernel's netfilter conntrack module. This vulnerability arises from the use of sprintf and insufficient buffer sizing in the manglecontentlen function, which can lead to a stack-out-of-bounds write. An attacker could potentially exploit this memory corruption issue t...
gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...
CVE-2026-52989
A flaw was found in the nvmet-tcp component of the Linux kernel. The nvmettcpbuildpduiovec function fails to propagate errors when detecting out-of-bounds PDU lengths or offsets. This can lead to uninitialized memory being used by subsequent operations, such as reading incoming network data into ...
CVE-2026-53074
A flaw was found in the Linux kernel's BPF Berkeley Packet Filter subsystem. Specifically, the bpfprogtestrunskb function, responsible for testing BPF programs with network packets, did not properly validate the length of IPv4 and IPv6 inputs. This could allow the kernel to attempt to access...
JLSEC-2026-627 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
In rsync 3.0.1 through 3.4.1, receivexattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X aka --xattrs. On Linux, many but not all common configurations are vulnerable. Non-Linux platforms are more widely vulnerable...
DEBIAN-CVE-2026-56123
socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...
CVE-2026-57062
A flaw in GnuPG's gpgsm component improperly handles the Cryptographic Message Syntax CMS format for AES-GCM. By accepting an authentication tag length of 4 bytes instead of the required 12 bytes, this vulnerability allows for a low-impact data integrity issue where the cryptographic validity of...
CVE-2026-56123
socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...
CVE-2026-56123
CVE-2026-56123 affects socat versions 1.8.0.0 through 1.8.1.1. A signed-char sign-extension bug in the DOMAINNAME reply parser during SOCKS5 handshake allows a negative bytes_to_read value to be implicitly converted to size_t, causing an unbounded heap write into a 262-byte reply buffer. This res...
CVE-2026-56123
socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...
CVE-2026-56123
socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...
CVE-2026-57452
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...
freerdp security update
An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...
CVE-2026-53267
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...
CVE-2026-53238
In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlblunlabeladdrinfoget used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independentl...
CVE-2026-53224
In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...
CVE-2026-53210
In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...
CVE-2026-53196
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...
CVE-2026-53195
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...
CVE-2026-53186
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...