486 matches found
Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2020-26413 info:...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking The catcprobe function fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors. This occurs as follows: - usbsndbulkpipeusbdev, 1 and...
CVE-2026-48140
There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message...
CVE-2026-48140 Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream
There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message...
CVE-2026-48140
NI grpc-device contains an unchecked enum cast vulnerability in BeginSidebandStream affecting version 2.17.0 and earlier. The issue allows triggering invalid enum states and undefined behavior, potentially leading to a denial of service. Exploitation requires sending a specially crafted message w...
PT-2026-50891
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...
UBUNTU-CVE-2026-46282
In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...
Security Bulletin: IBM SPSS Modeler is affected by Improper Access Control vulnerability in Apache Commons
Summary IBM SPSS Modeler is affected by Improper Access Control vulnerability in Apache Commons. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class wa...
CVE-2026-46282
In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...
CVE-2026-46282
CVE-2026-46282 affects the Linux kernel IIO frequency driver (admv1013). Root cause: if device_property_read_string() fails, str can remain uninitialized and later is dereferenced in strcmp, causing a NULL/garbage pointer dereference. Mitigation in the patch set: replace manual read/strcmp with d...
PT-2026-47354
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the admv1013 driver within the iio: frequency component. When the device property read string function fails, the str variable remains uninitialized...
ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
...
CVE-2026-46088
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA control component. Improper validation of the buffer length before a string length operation in the sndctleleminitenumnames function can lead to a system panic. This vulnerability could allow a local attacker to trigger...
CVE-2026-46088
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buflen before strnlen in sndctleleminitenumnames sndctleleminitenumnames advances pointer p through the names buffer while decrementing buflen. If buflen reaches zero but items remain, the next iteration...
UBUNTU-CVE-2026-46088
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buflen before strnlen in sndctleleminitenumnames sndctleleminitenumnames advances pointer p through the names buffer while decrementing buflen. If buflen reaches zero but items remain, the next iteration...
CVE-2026-46088
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buflen before strnlen in sndctleleminitenumnames sndctleleminitenumnames advances pointer p through the names buffer while decrementing buflen. If buflen reaches zero but items remain, the next iteration...
EUVD-2026-32471
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buflen before strnlen in sndctleleminitenumnames sndctleleminitenumnames advances pointer p through the names buffer while decrementing buflen. If buflen reaches zero but items remain, the next iteration...
CVE-2026-46088
CVE-2026-46088 affects the Linux kernel (ALSA subsystem). The vulnerability arises in snd_ctl_elem_init_enum_names() where a loop advances through a names buffer using buf_len, and may call fortified strnlen(p, 0) when buf_len reaches zero but items remain. Public documents indicate the fix added...
CVE-2026-46088
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buflen before strnlen in sndctleleminitenumnames sndctleleminitenumnames advances pointer p through the names buffer while decrementing buflen. If buflen reaches zero but items remain, the next iteration...
CVE-2026-46088 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buflen before strnlen in sndctleleminitenumnames sndctleleminitenumnames advances pointer p through the names buffer while decrementing buflen. If buflen reaches zero but items remain, the next iteration...