CVE-2026-0819

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...

CVE-2025-70121

An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method NASMobileIdentity5GS.go when accessing index 5 of ...

CVE-2025-70121

An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method NASMobileIdentity5GS.go when accessing index 5 of ...

PT-2026-8006

Name of the Vulnerable Software and Affected Versions free5GC version 4.0.1 Description A flaw exists in the AMF component of free5GC that could allow a remote attacker to disrupt service. This happens due to an array index out of bounds condition when processing a specially crafted 5GS Mobile...

EUVD-2025-206802

In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe The "index" variable is used as an index into the usbphyc-phys array which has usbphyc-nphys elements. So if it is equal to usbphyc-nphys then it is one element out of bounds. The "index...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005118)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005118 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree Tenable has extracted the preceding description bloc...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46859)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46859 advisory. - In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF...

MiracleLinux 8 : sqlite-3.26.0-17.el8 (AXSA:2023-4779:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4779:01 advisory. sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API CVE-2022-35737 Tenable has extracted the preceding description...

MiracleLinux 9 : java-21-openjdk-21.0.2.0.13-1.el9.ML.1 (AXSA:2024-7447:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7447:04 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.402.b06-1.el7 (AXSA:2024-7425:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7425:01 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...

MiracleLinux 8 : java-21-openjdk-21.0.2.0.13-1.el8.ML.1 (AXSA:2024-7439:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7439:03 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.231-2.6.19.1.AXS4 (AXSA:2019-3940:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3940:03 advisory. OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 OpenJDK: Insufficient checks of suppressed...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001469)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001469 advisory. An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.222.b10-0.el7 (AXSA:2019-3939:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3939:04 advisory. OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 OpenJDK: Insufficient checks of suppressed...

CVE-2025-68783

An out-of-bounds write flaw was found in the Linux kernel's ALSA USB mixer driver for Tascam US-16x08 audio interfaces. The getmeterlevelsfromurb function extracts channel indices from USB packets without validating the range. A malicious or malfunctioning USB device can send packets with...

SUSE CVE-2025-71100

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cutxfilldesc TID getting from ieee80211gettid might be out of range of array size of staentry-tids, so check TID is less than MAXTIDCOUNT. Othwerwise, UBSAN warn: UBSAN:...

CVE-2025-71101

CVE-2025-71101 stems from the Linux kernel HP-BIOSCFG driver’s ACPI package parsing: hp_populate_*_elements_from_package() reads multi-element fields (PREREQUISITES, ENUM_POSSIBLE_VALUES) using offsets like enum_obj[elem + reqs] or enum_obj[elem + pos_values], but the bounds check only validated ...

CVE-2025-71100 wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc()

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cutxfilldesc TID getting from ieee80211gettid might be out of range of array size of staentry-tids, so check TID is less than MAXTIDCOUNT. Othwerwise, UBSAN warn: UBSAN:...

CVE-2025-68783

CVE-2025-68783 affects the Linux kernel ALSA usb-mixer for the us16x08, where get_meter_levels_from_urb() previously derived a channel index from a meter packet without validating range, risking writes past the end of per-channel arrays when the packet contained a negative or out-of-range channel...

CVE-2025-68783 ALSA: usb-mixer: us16x08: validate meter packet indices

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices getmeterlevelsfromurb parses the 64-byte meter packets sent by the device and fills the per-channel arrays meterlevel, complevel and masterlevel in struct...