1248 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fixed the acceptqueue memory leak. Since the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the...
Astra Linux - уязвимость в golang-golang-x-text
An attacker can cause a denial of service by creating an Accept-Language header that requires ParseAcceptLanguage to take significant time to process...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: algifhash – fixed the double-free in hashaccept. If the accept2 function is called on the algifhash socket type with the MSGMORE flag set, and the cryptoahashimport fails, sk2 is freed. However, it is also freed in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: iouring: Fixed the issue where multishot accept requests could lead to leaks. Setting REQFPOLLED does not guarantee that the request will be executed as a multishot from the polling path. Fortunately, if the code misidentifies...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: A data race issue around the sysctltcpfwmarkaccept function has been fixed. When reading sysctltcpfwmarkaccept, it can be changed concurrently. Therefore, we need to add a READONCE call to its reader...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: memblock: The memory allocated before it is used in memblockdoublearray should be accepted. When increasing the array size in memblockdoublearray, if the slab is not yet available, a call to memblockfindinrange is used to...
SUSE CVE-2026-40356
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...
Linux Distros Unpatched Vulnerability : CVE-2026-40356
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system...
CVE-2026-40355
A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service DoS...
DEBIAN-CVE-2026-40356
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...
CVE-2026-40355
In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...
CVE-2026-40356
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...
CVE-2026-40356
MIT Kerberos 5 (krb5) before 1.22.3 is affected by an integer underflow that causes an out-of-bounds read when an application calls gss_accept_sec_context() on systems with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, potentially causing the...
MIT Kerberos 数字错误漏洞
MIT Kerberos is a software used by the Massachusetts Institute of Technology MIT for authentication in network clusters. As a network authentication protocol, its design goal is to provide robust authentication services for client/server applications through a key system. Prior to version 5.1.2.3...
EUVD-2026-25993
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...
EUVD-2026-25981
In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...
CVE-2026-40355
In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...
CVE-2026-40355
In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...
PT-2026-35666
Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to 1.22.3 Description An integer underflow leads to an out-of-bounds read when an application calls the gss accept sec context function on a system with a NegoEx mechanism registered in /etc/gss/mech. An...
CVE-2026-40356
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...