9075 matches found
PT-2026-51663
Name of the Vulnerable Software and Affected Versions libslirp versions prior to v4.9.2 Description An integer underflow and out-of-bounds heap read exist in the TCP urgent data handling sosendoob within hypervisor host environments, such as QEMU. A privileged guest VM attacker with root or CAP N...
Linux Distros Unpatched Vulnerability : CVE-2026-52919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: fix tpmeter counter underflow during shutdown batadvtpsendershutdown unconditionally decrements the sending atomic counter. If multiple paths e.g...
CVE-2026-54257
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in t...
CVE-2026-54257 Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in t...
CVE-2026-54257
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in t...
CVE-2026-54257
CVE-2026-54257 affects Electron 42.3.1 through 42.3.2 where the Node.js Buffer API uses incorrect byte-length calculations, causing heap underflow/overflow. This can lead to crashes and, in some cases, incorrect buffer allocations (truncation or misallocation). The issue is fixed in Electron 42.3...
OPENSUSE-SU-2026:21023-1 Security update for libexif
This update for libexif fixes the following issues - CVE-2026-32775: Buffer overwrite via integer underflow in MakerNotes decoding bsc1259755. - CVE-2026-40385: information disclosure and crashes via integer overflow in Nikon MakerNote handling bsc1262000. - CVE-2026-40386: denial of service and...
OPENSUSE-SU-2026:21021-1 Security update for krb5
This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism bsc1263366. - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read bsc1263367...
SUSE-SU-2026:22255-1 Security update for krb5
This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism bsc1263366. - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read bsc1263367...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
kernel: Linux kernel: Denial of service and memory corruption in RDMA umad
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.1.8)
The version of AOS installed on the remote host is prior to 7.5.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.1.8 advisory. - A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a deni...
SUSE-SU-2026:22193-1 Security update for mcphost
This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fixed the incorrect order of resource deallocation. When attempting to destroy a QP or CQ, we first reduce the reference count and potentially free the memory regions allocated for the object. Then, we request the devic...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: tpm: efi: Use a local variable to calculate the final log size When tpmreadlogefi is called multiple times, which occurs when one loads and unloads a TPM2 driver multiple times, the global variable efitpmfinallogsize will...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: NFSD: Initialize the struct nfsd4copy earlier. Ensure that the refcount and asynccopies fields are initialized early. The cleanupasynccopy function will reference these fields if an error occurs in nfsd4copy. If these fields are...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mac80211: Fixed an underflow in staticbranchdec for aqldisable. syzbot reported an underflow in staticbranchdec in aqlenablewrite. 0 The issue arises because aqlenablewrite does not serialize concurrent write operations ...
Astra Linux – Vulnerability in espeak-ng
It was discovered that Espeak-ng 1.52-dev contains a Stack Buffer Underflow due to the CountVowelPosition function in synthdata.c...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: prevents underflow of lockedvm via exec When a vfio container is preserved during execution, the task does not change. Instead, a new memory management unit mm is created with lockedvm=0, and the counter from existing...
Astra Linux – Vulnerability in OpenLDAP
An integer underflow was discovered in OpenLDAP before version 2.4.57, causing slapd to crash during the Certificate Exact Assertion processing, resulting in a denial of service schemainit.c serialNumberAndIssuerCheck...