ovn: OVN: Information disclosure via crafted DHCPv6 packets

A flaw was found in OVN Open Virtual Network. A remote attacker, by sending crafted DHCPv6 Dynamic Host Configuration Protocol for IPv6 SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the uninitialized zeroed security descriptor buffer in the smb client. This vulnerability may allow...

Astra Linux - уязвимость в ruby2.5

A issue was discovered in Ruby 3.x through 3.3.0. If data supplied by an attacker is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3....

Astra Linux - уязвимость в openimageio

There is an information disclosure vulnerability in the DPXOutput::close function of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput object can lead to the leakage of heap data. An attacker can provide malicious input to trigger this vulnerability...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Validated EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length. This does not verify whether the length of the name actually...

CVE-2026-43618

Rsync

CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-016521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016521 advisory. An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data...

EUVD-2026-27580

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: initialize nfgenmsg in NLMSGDONE terminator When batching multiple NFLOG messages inst-qlen 1, nfulnlsend appends an NLMSGDONE terminator with sizeofstruct nfgenmsg payload via nlmsgput, but never...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the uninitialized payload of NLMSGDONE in the nfnetlinklog, leading to a leak of kernel heap data...

Astra Linux - уязвимость в openimageio

An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability...

Astra Linux - уязвимость в qemu

A flaw was discovered in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. This flaw occurs when dropping packets during a bulk transfer from a SPICE client, due to the packet queue being full. A malicious SPICE client could exploit this flaw to call the free function in...

Amazon Linux 2 : libpng, --advisory ALAS2-2026-3266 (ALAS-2026-3266)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3266 advisory. Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding...

ovn: OVN: Information disclosure via crafted DHCPv6 packets

A flaw was found in OVN Open Virtual Network. A remote attacker, by sending crafted DHCPv6 Dynamic Host Configuration Protocol for IPv6 SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the...

ovn: OVN: Information disclosure via crafted DHCPv6 packets

A flaw was found in OVN Open Virtual Network. A remote attacker, by sending crafted DHCPv6 Dynamic Host Configuration Protocol for IPv6 SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the...

SUSE CVE-2026-31612

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...

CVE-2026-31612

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...

EUVD-2026-25505

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...