Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Use variable length arrays instead of fixed-size ones. The issue with the “smatch warning” should be fixed: Error in ntfssetlabel: builtinmemcpy’s ‘uni-name’ is too small 20 vs 256...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fix helper functions that write to read-only maps Lonial identified an issue where, even when the BPF map at the user and BPF levels is frozen like in the case of .rodata, it was still possible to write into it from a BPF...

GHSA-9M44-RR2W-PPP7 Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length

Summary The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...

EUVD-2026-16224

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

UBUNTU-CVE-2026-2646

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...

GHSA-RQQ8-JH93-F4VG ImageMagick has stack buffer overflow in MagnifyImage

MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack...

CVE-2026-30929

ImageMagick Vulnerability CVE-2026-30929: A stack buffer overflow in MagnifyImage exists prior to versions 7.1.2-16 and 6.9.13-41 due to a fixed-size stack buffer. Processing a specific image can overflow the buffer and corrupt the stack. This impacts ImageMagick’s MagnifyImage component, with th...

SUSE CVE-2026-23059

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by firmware is used to calculate the copy length into item-iocb. However, the iocb member is...

CVE-2025-11961

CVE-2025-11961 affects the libpcap library (pcap_ether_aton) with an OOB read/write when given malformed MAC-48 inputs. Concretely, packages libpcap versions older than 1.10.6-1 are affected (examples: libpcap for Fedora 42/43, Mariner 1.x). Some advisories also indicate affected downstreams (e.g...

CVE-2025-68473

The CVE-2025-68473 affects ESF-IDF (Espressif IoT Development Framework) Bluetooth host stack (ESP-IDF BlueDroid). The SDP result handling in bta_dm_sdp_result() stores discovered service UUIDs in a fixed-size array uuid_list[32][MAX_UUID_SIZE]; if more than 32 services are present, writes can ov...

CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...

CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...

CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...

PT-2025-53610

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.5.1 through 5.1.6 and earlier Description ESF-IDF is the Espressif Internet of Things IOT Development Framework. The Bluetooth host stack BlueDroid within ESP-IDF contains a flaw in the bta dm sdp result function. This...

CVE-2025-14934

NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target...

CVE-2025-65288

A buffer overflow in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long...

PT-2025-50101

Name of the Vulnerable Software and Affected Versions Mercury MR816v2 version 4.8.7 Build 110427 Rel 36550n Description A buffer overflow occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copi...

CVE-2025-11780 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated in...

CVE-2025-60693

A stack-based buffer overflow exists in the getmergemac function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to six user-supplied CGI parameters matching 05 into a fixed-size buffer a2 without proper bounds checking, appending...

CVE-2025-60684

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619B20230130 and NR1800X V9.1.0u.6681B20230703 Router firmware within the cstecgi.cgi binary sub42F32C function. The web interface reads the "lang" parameter and constructs Help URL strings using sprintf into fixed-siz...