CVE-2026-10725 Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

SUSE CVE-2026-45994

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in commandfilewrite due to missing size checks The commandfilewrite handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the buffer against the dot...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8, 6.17, and 7.0 versions contain security vulnerabilities. These vulnerabilities stem from incorrect validation of internal structure sizes, which may lead to out-of-bound...

CVE-2026-45994

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in commandfilewrite due to missing size checks The commandfilewrite handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the buffer against the dot...

CVE-2026-45994

In the Linux kernel, the ibmasm component is affected by CVE-2026-45994. The vulnerability occurs in command_file_write: it allocates a kernel buffer of exactly count bytes and copies user data into it without validating against the dot command protocol before calling get_dot_command_size() and g...

CVE-2026-45994

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in commandfilewrite due to missing size checks The commandfilewrite handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the buffer against the dot...

CVE-2026-45994

ibmasm: fix OOB reads in commandfilewrite due to missing size checks...

PT-2026-43861

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the command file write handler where it allocates a kernel buffer based on a user-provided count but fails to validate this buffer against the dot command protocol before...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of size checking in the commandfilewrite function of ibmasm, potentially leading to...

kavita 安全漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of library-level authorization for download, size checking, and chapter metadata...

CLSA-2026-1779493861 postgresql: Fix of 6 CVEs

CVE-2026-6473: use pallocarray in hstoreplperl/hstoreplpython to avoid integer overflow on 32-bit systems - CVE-2026-6474: guard pgstrftime callers against unsafe conditions and ensure null-terminated output to prevent format-string leak via crafted timezone names - CVE-2026-6475: prevent path...

CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

Astra Linux - уязвимость в linux-5.10

In the dplinksettingswrite function in the file drivers/gpu/drm/amd/display/amdgpudm/amdgpudmdebugfs.c in the Linux kernel, up to version 5.14.14, there is a vulnerability that allows for a heap-based buffer overflow by an attacker. This vulnerability arises because the attacker can write a strin...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fixed an issue where PCM OSS buffer allocation might overflow. We have received reports of situations where INTMAX is exceeded during memory allocation using vmalloc. This issue occurs when the sndpcmplugalloc function...

Astra Linux - уязвимость в gst-plugins-good1.0

DOS: Potential heap overwrite during MKV demuxing using HEADERSTRIP decompression. Integer overflow occurs in the matroskaparse element within the gstmatroskadecompressdata function, leading to a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, this overflow cannot ...

CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

Netty MQTT: Resource exhaustion in MqttDecoder

Impact The MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the bytesRemainingBeforeVariableHeader maxBytesInMessage check. The decodeVariableHeader can call other metho...

PT-2026-38399

Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description Resource exhaustion occurs because the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. In the MqttDecoder class, the decodeVariableHeader...

EUVD-2026-27760

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err-sectionlength and ctxinfo-size Add checks ...

CVE-2026-43201

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err-sectionlength and ctxinfo-size Add checks ...