73 matches found
CVE-2026-59892
OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...
PT-2026-47564
When decoding a PP2 TYPE SSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsExceptio...
CVE-2026-45870
A flaw was found in the Linux kernel's SUNRPC Sun Remote Procedure Call authentication GSS Generic Security Service module. This vulnerability occurs due to memory leaks in the XDR eXternal Data Representation decoding error paths within functions like gssxdecctx, gssxdecstatus, and gssxdecname...
UBUNTU-CVE-2026-45870
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: authgss: fix memory leaks in XDR decoding error paths The gssxdecctx, gssxdecstatus, and gssxdecname functions allocate memory via gssxdecbuffer, which calls kmemdup. When a subsequent decode operation fails, these...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an XDR decoding error path in the SURNPROC authgss module. This error path fails to release the...
Astra Linux – Vulnerability in Firefox and Thunderbird
When attempting to load a cross-origin resource in an audio/video context, a decoding error may occur. The details of that error may contain information related to the resource. This vulnerability affects Firefox versions earlier than 86, Thunderbird versions earlier than 78.8, and Firefox ESR...
Astra Linux – Vulnerability in opensc
The TCOS smart card software driver in OpenSC before version 0.21.0-rc1 has a stack-based buffer overflow in tcosdecipher...
SUSE CVE-2026-43108
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's reason field due which we could observe decoding error on PD crash...
Linux Distros Unpatched Vulnerability : CVE-2026-43108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's...
EUVD-2026-27626
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's reason field due which we could observe decoding error on PD crash...
CVE-2026-43108
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's reason field due which we could observe decoding error on PD crash...
CVE-2026-43108 soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's reason field due which we could observe decoding error on PD crash...
CVE-2026-43108
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's reason field due which we could observe decoding error on PD crash...
PT-2026-37418
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreg loc pfr req ei It looks element length declared in servreg loc pfr req ei for reason not matching servreg loc pfr req's reason field due which we could observe decoding error on...
DEBIAN-CVE-2026-31969
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYSTOP method, an out-by-one error in the...
CVE-2026-31971
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYLEN method, the crambytearraylendecode failed to validat...
EUVD-2019-11896
Malware in sbrugna...
EUVD-2021-10894
Malware in sbrugna...
EUVD-2023-3140
Malicious code in bioql PyPI...
GO-2025-3922 Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz
Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz...