563 matches found
CVE-2026-48191
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
EUVD-2026-33549
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
CVE-2026-37222
FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...
CVE-2026-37222
FlexRIC v2.0.0 contains a vulnerability where the stack asserts exact Information Element (IE) counts in decoded E2AP messages instead of validating against protocol ranges. An unauthenticated remote attacker can send a valid E2AP PDU (for example, an E2setupRequest with extra optional fields) th...
PT-2026-45452
FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...
CVE-2026-46385
Summary (CVE-2026-46385) iskorotkov/avro’s Go Avro decoder can trigger remote, unauthenticated CPU exhaustion by looping up to math.MaxInt64 iterations when decoding large attacker-controlled block counts, because inner loops did not check the reader’s error state after each decode. Affected: git...
GHSA-QJVR-435C-5FJH Nerdbank.MessagePack has a memory amplification DoS in collection deserialization
Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be...
Nerdbank.MessagePack has a memory amplification DoS in collection deserialization
Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an undercounting of reference counts in the metadata of the rebalancechildren function within...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of consistent reduction of socket reference counts during the retransmission of ADDADDR ...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from changes in the mmapprepare function of the afs file system. This change leads to a leak of...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the core sequence parsing process. An attacker can cause a crash or denial of service by providing a specially crafted HEIF file that manipulates the stco.entrycount, saio.entrycount, and saiz.samplecount values to...
Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: mediatek: common: Fixed a reference count leak in parsedailinkinfo. Added calls to ofnodeput before the returns from ofnodeget and ofnodeput, which can prevent imbalance if the “foreachavailablechildofnode” loop terminat...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: md: Fix for softlockup when the bitmap size is less than the array size. It is reported that for dm-raid10, the command lvextend followed by --syncaction will trigger a softlockup. The error message is as follows: kernel:watchdog...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fixed a crash that occurred when setting the number of CPU cores to an odd number. When the number of CPU cores is adjusted to 7 or other odd numbers, the size of the zones becomes an odd number. The addresses of thes...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use the number of bits to manage bitmap sizes. To allocate bitmaps, the mpi3mr driver calculates the sizes of bitmaps using bytes as the unit. However, bitmap helper functions assume that bitmaps are allocated using...
PT-2026-42065
Name of the Vulnerable Software and Affected Versions Bottom Bar versions prior to 0.1.8 Description The Bottom Bar plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to do. The issue exists ...
NLnet Labs Unbound 安全漏洞
NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the DNSSEC verifier failing to account for NSEC3 hash calculation restrictions when querying D...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021619)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021619 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracingcpumaskwrite If a large count is provided, it will trigger ...