PT-2026-43221

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etf: Fixed a global-out-of-bounds issue in tmcupdateetfbuffer. The commit 6f755e85c332 “coresight: Add helper for inserting synchronization packets” removed the trailing \0 from the barrierpkt array and updated the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when calculating packet sizes. Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could lead to an underflow, causing the value to wrap around t...

libssh2: Fix of 2 CVEs

CVE-2019-3860: bounds-check SFTP packet sizes in sftppacketrequire/v and sftpbin2attr - CVE-2019-3861: bounds-check paddinglength in libssh2transportread...

CVE-2026-43062

CVE-2026-43062 concerns the Linux kernel Bluetooth L2CAP path, where l2cap_ecred_reconf_rsp() incorrectly casts incoming data to struct l2cap_ecred_conn_rsp instead of struct l2cap_ecred_reconf_rsp. This type confusion causes: (1) the length check to require 8 bytes instead of 2, rejecting valid ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: venus: Added a check for the packet size after reading from shared memory. A check was added to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory...

Astra Linux - уязвимость в erlang

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet si...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sched: schcake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out ...

CVE-2026-31633 rxrpc: Fix integer overflow in rxgk_verify_response()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgkverifyresponse In rxgkverifyresponse, there's a potential integer overflow due to rounding up tokenlen before checking it, thereby allowing the length check to be bypassed. Fix this by checking...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011407)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011407 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio...

CLSA-2026-1776173582 squid: Fix of 3 CVEs

CVE-2026-32748: ICP: fix HttpRequest lifetime for ICP v3 queries - CVE-2026-33515: ICP: fix validation of packet sizes and URLs - CVE-2026-33526: do not escape malformed URI twice when sending ICP errors...

CLSA-2026-1776174481 squid: Fix of 3 CVEs

CVE-2026-32748: ICP: fix HttpRequest lifetime for ICP v3 queries - CVE-2026-33515: ICP: fix validation of packet sizes and URLs - CVE-2026-33526: do not escape malformed URI twice when sending ICP errors...

CLSA-2026-1776174115 squid: Fix of 3 CVEs

CVE-2026-32748: ICP: fix HttpRequest lifetime for ICP v3 queries - CVE-2026-33515: ICP: fix validation of packet sizes and URLs - CVE-2026-33526: do not escape malformed URI twice when sending ICP errors...

CLSA-2026-1775209032 squid: Fix of 2 CVEs

CVE-2026-33515: fix validation of packet sizes and URLs in ICP - CVE-2026-33526: fix escaping malformed URI twice when sending ICP errors...

kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts

In the Linux kernel, the following vulnerability has been resolved: sched: schcake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out ...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46854)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46854 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETHZLEN When...

CVE-2023-40998

Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992981)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992981 advisory. In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the...

UBUNTU-CVE-2022-50876

In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musbgadget.c rxstate overflow bug The usb function device call musbgadgetqueue adds the passed request to musbep::reqlist,If the request-length musbep-packetsz and isbuffermappedreq return false,the rxstate will co...

Unity Linux 20.1060e Security Update: kernel (UTSA-2025-992684)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992684 advisory. In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in ncirxwork syzbot reported the following uninit-value access issue 1...