3657 matches found
CVE-2026-43316 media: solo6x10: Check for out of bounds chip_id
In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chipid Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type literal "1" is an "int" could end up being shifted beyond 32 bits, so instrumentation was added and due to the...
pyOpenSSL: DTLS cookie callback buffer overflow
A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...
SUSE CVE-2026-43070
In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPFEND value tracking When a register undergoes a BPFEND byte swap operation, its scalar value is mutated in-place. If this register previously shared a scalar ID with another register e.g., after an r1...
pyOpenSSL: DTLS cookie callback buffer overflow
A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...
CVE-2026-33846
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
CLSA-2026-1777886414 xorg-x11-server-Xwayland: Fix of 3 CVEs
CVE-2026-33999: fix buffer re-use in XkbSetCompatMap ELSCVE-122736 - CVE-2026-34001: fix use-after-free in miSyncTriggerFence ELSCVE-122732 - CVE-2026-34003: add bounds checking in CheckKeyTypes and companion helpers ELSCVE-122740...
CLSA-2026-1777885651 tigervnc: Fix of 3 CVEs
CVE-2026-33999: fix buffer re-use in XkbSetCompatMap ELSCVE-122668 - CVE-2026-34001: fix use-after-free in miSyncTriggerFence ELSCVE-122664 - CVE-2026-34003: add bounds checking in CheckKeyTypes and companion helpers ELSCVE-122672...
Linux Distros Unpatched Vulnerability : CVE-2026-42480
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a...
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: move wake reason storage into validated event handlers hcistorewakereason is called from hcieventpacket immediately after stripping the HCI event header but before hcieventfunc enforces the per-event minimum...
EUVD-2026-26579
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...
EUVD-2026-26525
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate rec-used in journal-replay file record check checkfilerecord validates rec-total against the record size but never validates rec-used. The doaction journal-replay handlers read rec-used from disk and use it to...
CVE-2026-31716
The CVE-2026-31716 entry covers a Linux kernel NTFS3 flaw in journal replay. Description from multiple sources states that check_file_record() validates rec->total against the record size but not rec->used. The journal-replay handlers read rec->used from disk and use it to compute memmov...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the wacomintuosbtirq function in the wacom driver that does not adequately bounds-check Bluetooth HID...
CVE-2026-42480
A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr++anOffset without proper...
PT-2026-36401
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbell offset in user queue creation amdgpu userq get doorbell index passes the user-provided doorbell offset to amdgpu doorbell index on bar without bounds checking. An arbitrarily large doorbell offset ca...
PT-2026-36510
Name of the Vulnerable Software and Affected Versions miaofng/uds-c versions prior to commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a Description A stack buffer overflow exists in the send diagnostic request function. The issue occurs because a 6-byte stack buffer, defined by MAX DIAGNOSTIC PAYLO...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper bounds checking in the JSON parsing process. An attacker can cause the application to read memory outside the intended buffer by providing specially crafted JSON input. Remediation Upgrade thrift to...
CLSA-2026-1776878817 squid: Fix of 13 CVEs
CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...
CVE-2026-41475
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...
CVE-2026-31622
In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digitalinrecvsddres appends 3 or 4 bytes to target-nfcid1 on each round, but the number of cascade rounds is controlled...