289 matches found
CVE-2026-58472
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...
SUSE-SU-2026:22506-1 Security update for lcms2
This update for lcms2 fixes the following issues - CVE-2026-41254: integer overflow in CubeSize in cmslut.c bsc1264994. - CVE-2026-42798: integer overflow in ParseCube in cmscgats.c bsc1263703...
Linux Distros Unpatched Vulnerability : CVE-2026-53171
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ethosu: fix arithmetic issues in dmalength dmalength derives DMA region usage from command stream values and updates regionsize: len = len + stride0 size0...
PT-2026-53065
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The CONS HISTORY ioctl handler fails to properly validate the requested history size. Providing a large value leads to an integer overflow during the buffer size...
CVE-2026-53068 drm/komeda: fix integer overflow in AFBC framebuffer size check
In the Linux kernel, the following vulnerability has been resolved: drm/komeda: fix integer overflow in AFBC framebuffer size check The AFBC framebuffer size validation calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offset. This addition is performe...
Astra Linux – Vulnerability in glibc
Passing an excessively large alignment parameter to the memalign functions memalign, posixmemalign, alignedalloc in the GNU C Library versions 2.30 to 2.42 may lead to an integer overflow, which could subsequently cause heap corruption. It should be noted that the attacker must have control over...
EUVD-2026-38704
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...
MGASA-2026-0214 Updated lcms2 packages fix security vulnerability
Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254...
SUSE CVE-2026-53689
libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c...
CVE-2026-53689
libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c...
Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...
SUSE-SU-2026:2308-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues - CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. - CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...
PT-2026-45507
FlexRIC v2.0.0 contains a reachable assertion in e2ap recv sctp msg src/lib/ep/e2ap ep.c. The function allocates a fixed 32KB receive buffer and enforces assertrc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP...
UBUNTU-CVE-2026-46209
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drmgemfbinitwithfuncs drmgemfbinitwithfuncs computes sub-sampled plane dimensions using plain integer division: unsigned int width = modecmd-width / i ? info-hsub : 1;...
CVE-2026-46209
CVE-2026-46209 affects the Linux kernel DRM GEM: a discrepancy between plane dimension calculations in drm_gem_fb_init_with_funcs() (plain integer division) and framebuffer_check() (DIV_ROUND_UP via drm_format_info_plane_width/height) can cause GEM size checks to miscalculate, potentially allowin...
Linux Distros Unpatched Vulnerability : CVE-2026-39834
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop t...
Integer Overflow or Wraparound
Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the payload size calculation within the Write process. An attacker can cause the process to enter an infinite loop and exhaust system resources by...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: an implicit overflow issue with virtiomaxdmasize has been fixed. The following code involves an implicit conversion from sizet to u32: u32maxsize = sizetvirtiomaxdmasizevdev; This may lead to an overflow situation; fo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/xe: Fixed a potential integer overflow in the page size calculation. Explicitly cast tbo-pagealignment to u64 before shifting bits to prevent overflow when assigning to minpagesize...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: libbpf: Handling of size overflow for ringbuf mmap The maximum size of a ringbuf on an x86-64 host is 2GB. Therefore, 2 maxentries will cause an overflow of type u32 when mapping producer pages and data pages. Simply casting...