UBUNTU-CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

EUVD-2026-31402

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

EUVD-2026-31388

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

GO-2026-5033 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

PT-2026-42717

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An incorrectly placed cast from bytes to int in the AES-GCM packet decoder allows for a server-side panic when processing well-crafted inputs. A server-side pani...

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

PT-2026-42718

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Certain crafted inputs allow the creation of an ed25519.PrivateKey by casting malformed wire bytes, which results in a panic when the key is used. A panic is an...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from creating ed25519.PrivateKey by forced conversion of format-errorsed bytes in the...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from an error in the conversion between bytes and integers. This vulnerability may cause ...

MAL-2026-4463 Malicious code in @vivaux/telemetry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0a848407f225f6d34a9d48d9619b517c80e007c2a12c20a341e48cb7f907f81 @vivaux/[email protected] ships an empty index.js and exists only to pull in an off-registry dependency. package.json declares "ltidisafe":...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The default value of getbytesperelement has been set to 1. Variables that are used as denominators and may not be assigned to other values should not have a value of 0. bytesperelementy and bytesperelementc are...

Astra Linux - уязвимость в modsecurity-apache

ModSecurity is an open-source, cross-platform Web application firewall WAF engine for Apache, IIS, and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in a specific scenario: when the payload’s content type is application/json, and there is at least one rule that...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: brwimac: pcie: handling of randbuf allocation failure The kzalloc function in brwimacpciedownloadfwnvram will return null if physical memory runs out. As a result, if we use getrandombytes to generate random bytes into the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevents the transmitted data size from exceeding the length of sgm. No check is performed on the size of the data to be transmitted. This can lead to a kernel panic when the transmitted data size exceeds the...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smackfs: Restrict bytes count in smksetcipso Oops, I failed to update the subject line. From: 07571157c91b98ce1a4aa70967531e64b78e8346 Date: Mon, 12 Apr 2021 22:25:06 +0900 Subject: PATCH smackfs: Restrict bytes count in...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: The logic for uncharging memory in tcpbpfsendmsg has been fixed. The current memory accounting logic in SKREDIRECT involves pre-uncharging of bytes to be sent, where the value is either msg-sg.size or a smaller value,...