866 matches found
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: net: gso: Fixed a panic that occurred when using a fraglist with mixed head allocation types. Since the commit 3dcbdb134f32 “net: gso: Fixed an error in skbsegment when splitting a gsosize mangled skb having linear-headed...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: pagepool: Always add GFPNOWARN for ATOMIC allocations. Driver authors often forget to include GFPNOWARN when allocating pages from the datapath. This is annoying for users, as OOM Out-of-Memory conditions are common. We can expec...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: spi: Fixed a use-after-free issue with devmspialloc. We cannot rely on the contents of the devres list during spiunregistercontroller, as the list is already cleared when we call devmspireleasecontroller. This causes devices...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: A memory leak was fixed in lpfccreateport. The commit 5e633302ace1 “scsi: lpfc: vmid: Added support for VMID in the mailbox command” introduced allocations for the VMID resources in lpfccreateport after the call to...
PostgreSQL server undersizes allocations, via integer wraparound
...
UBUNTU-CVE-2026-44216
Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is...
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...
CVE-2026-6473
CVE-2026-6473 affects PostgreSQL server features where integer wraparound can cause undersized allocations and write out-of-bounds. An unprivileged database user could potentially execute arbitrary code as the OS user running the database, or trigger segmentation faults with gigabyte-scale inputs...
PT-2026-40334
Name of the Vulnerable Software and Affected Versions Exim versions 4.97 through 4.99.2 Description A use-after-free issue exists in the BDAT body parsing path of Exim when compiled with GnuTLS. The flaw is triggered when a client sends a TLS close notify alert during a CHUNKING transfer before t...
SUSE CVE-2026-39820
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
SUSE CVE-2026-43169
In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Prevent BUGON by validating rounded allocation When DRMBUDDYCONTIGUOUSALLOCATION is set, the requested size is rounded up to the next power-of-two via rounduppowoftwo. Similarly, for non-contiguous allocations with lar...
EUVD-2026-28423
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
DEBIAN-CVE-2026-39820
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
CVE-2026-39820
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
UBUNTU-CVE-2026-39820
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Buffer.alloc family in lib/setup-sandbox.js. An attacker can crash t...
CVE-2026-43245
In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...
CVE-2026-43245
In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...