188 matches found
CVE-2026-58102 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...
Linux Distros Unpatched Vulnerability : CVE-2026-53199
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hvnetvsc: use kmaplocalpage in netvsccopytosendbuf netvsccopytosendbuf copies page buffer entries into the VMBus send buffer using phystovirt on the entry PFN...
hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf
...
CVE-2026-56414 H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type
A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...
CVE-2026-56414
The CVE-2026-56414 entry concerns H.View IP cameras (HV-500S6) with certificate-related upload interfaces. Authenticated users can store arbitrary file content to fixed, persistent filesystem locations without validation of file type, structure, or size. The described design omission enables plac...
CVE-2026-55975
CVE-2026-55975 affects H.View IP cameras (e.g., HV-500S6) where an authenticated user can supply unsanitized XML to the device’s certificate generation interface. The input is incorporated into a backend certificate creation command without proper validation, enabling command execution with eleva...
CVE-2026-55975 H.VIEW HV-500S6 IP Camera OS Command Injection
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...
CVE-2026-53199
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: use kmaplocalpage in netvsccopytosendbuf netvsccopytosendbuf copies page buffer entries into the VMBus send buffer using phystovirt on the entry PFN. Entries for the RNDIS header and the skb linear data come from...
CVE-2026-53199
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: use kmaplocalpage in netvsccopytosendbuf netvsccopytosendbuf copies page buffer entries into the VMBus send buffer using phystovirt on the entry PFN. Entries for the RNDIS header and the skb linear data come from...
MINI-J73M-3PJR-24HV
Bulletin has no description...
CVE-2026-9334
A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport init-annotated hvinitclocksource EXPORTSYMBOL and init are a poor combination, as the .init.text section is freed after initialization. As a result, modules cannot use symbols annotated with init...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fixed stack handling in idlekvmstartguest In commit 10d91611f426 “powerpc/64s: Reimplemented the book3s idle code in C”, kvmstartguest became idlekvmstartguest. The old code allocated a stack frame on the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Do not free decrypted memory. In CoCo VMs, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail, resulting in an error and the memory being retained. Callers must take care to...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: A memory leak has been fixed in error handling paths. If the vmbusestablishgpadl function fails, the recv|sendgpadl functions will not be updated, and the hvuiocleanup function in the error handling path will not be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HV: hvballoon: fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must have had dput called upon it; otherwise, a memory leak would occur over time. To simplify things, simply call...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Another memory leak has been fixed in the error handling paths. The memory allocated by vmbusallocring at the beginning of the probe function is never freed during the error handling process. The missing vmbusfreeri...
CVE-2026-43475
A flaw was found in the Linux kernel's hvstorvsc component. When the kernel is configured with PREEMPTRT Real-Time Preemption and running on a Hyper-V virtual machine, a local process performing specific I/O operations can trigger a concurrency issue. This can lead to a system lock-up or crash,...
CVE-2026-43094 ixgbevf: add missing negotiate_features op to Hyper-V ops table
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: add missing negotiatefeatures op to Hyper-V ops table Commit a7075f501bd3 "ixgbevf: fix mailbox API compatibility by negotiating supported features" added the .negotiatefeatures callback to ixgbemacoperations and populat...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013712)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013712 advisory. In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Let userspace take care of interrupt mask Remove the logic to set interrupt mask by...