CVE-2026-0095

The provided CVE-2026-0095 entries describe a vulnerability in the Bluetooth stack, specifically in the function l2c_fcr_clone_buf in l2c_fcr.cc. The issue is an integer overflow that can trigger controlled heap corruption within the privileged Bluetooth process, leading to local escalation of pr...

CVE-2026-46006

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveaugempushbufrelocapply validates each relocation with if r-relocbooffset + 4 nvbo-bo.base.size but relocbooffset is u32 uapi/drm/nouveaudrm.h and the integer litera...

Linux Distros Unpatched Vulnerability : CVE-2026-46006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveaugempushbufrelocapply validates each relocation with if r-relocbooffset + 4 nvbo-bo.base.size...

Astra Linux - уязвимость в qtbase-opensource-src

A issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. There is an incorrect HPack integer overflow check in network/access/http2/hpacktable.cpp...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a traversal bug in ext4mbusepreallocated. During allocation, when searching for pre-allocations PA in the per-inode rbtree, we cannot perform a direct traversal of the tree. This is because...

SUSE CVE-2026-43907

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when...

CVE-2026-43909 OpenImageIO: Signed integer overflow in SwapRGBABytes loop index leads to out-of-bounds read/write in DPX ABGR decoder

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i 4 inside SwapRGBABytes causes the function to compute a large negative...

PT-2026-41028

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i 4 inside SwapRGBABytes causes the function to compute a large negative...

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have a vulnerability related to input validation errors. This vulnerability arises when decNumberFromString receives an integer with exactly INTMAX-1 digits. During signed integer...

CVE-2026-7568

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

CLSA-2026-1778259521 vim: Fix of 4 CVEs

CVE-2022-3278: fix crash when using NUL in buffer that uses :source; don't get a next line when skipping over NL in evalnextnonblank eval.c, upstream patch 9.0.0552 - CVE-2023-48234: fix overflow when getting count for normal z command; break out of nvzet count loop when n LONGMAX/10 normal.c,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016513 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescapefunction on 32-bit systems can cause an...

CLSA-2026-1778090588 libtiff: Fix of CVE-2026-4775

CVE-2026-4775: fix signed integer overflow in YCbCr tile decoder helpers in TIFFReadRGBAImage that could lead to heap overflow on crafted images with huge width...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ALSA: hda: Fixed an error related to surround channel names in version 9.1. The getlineoutpfx function may trigger an error due to overflowing a static array with more than 8 channels. This issue was reported on MacBookPro 12....

Astra Linux - уязвимость в openssl1.0

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

JLSEC-2026-216 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with...

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

CVE-2026-31648

In the Linux kernel, the following vulnerability has been resolved: mm: filemap: fix nrpages calculation overflow in filemapmappages When running stress-ng on my Arm64 machine with v7.0-rc3 kernel, I encountered some very strange crash issues showing up as "Bad page state": " 734.496287 BUG: Bad...

CVE-2026-40250

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1040 performs chan-width chan-bytesperelement in...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010751 advisory. In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhostiotlbaddrangectx, range size can...

CVE-2026-5474

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFEMSGGetSize of the file apps/tolab/fsw/src/tolabpassthruencode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local...