191 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix another slab-out-of-bounds issue in fib6nhflushexceptions While running the self-tests on a KASAN-enabled kernel, I observed a slab-out-of-bounds issue, which is very similar to the one reported in commit 821bbf79fe46...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cpumap: The data structure xdprxqinfo is not initialized to zero before running the XDP program. When running an XDP program that is associated with a cpumap entry, we do not initialize the xdprxqinfo data structure, which is use...
CVE-2026-5446
In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...
PYSEC-2026-200
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...
PT-2026-45948
Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.6 Django versions prior to 5.2.15 Description An issue exists in django.core.mail.backends.smtp.EmailBackend where the system fails to prevent the reuse of a partially-initialized connection following a failed...
CVE-2026-40034
gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...
EUVD-2026-32808
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with the pkvminitvcpu function in KVM arm64. These issues involve pin leakage and ordering...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix for unbuffered write error handling If all the subrequests in an unbuffered write stream fail, the subrequest collector does not update the stream-transferred value, and it retains its initial LONGMAX value...
CLSA-2026-1778493745 opensc: Fix of 5 CVEs
CVE-2024-45615: initialize uninitialized variables passed as arguments - CVE-2024-45616: fix insufficient control of APDU response buffer length - CVE-2024-45617: check return values to avoid uninitialized variable use - CVE-2024-45618: check return values in pkcs15-init to avoid uninitialized...
EUVD-2026-28701
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...
CVE-2026-43408
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
PT-2026-39069
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Ceph component of the Linux kernel where the ceph mdsc build path function is called without a zero-initialized ceph path info parameter. Because ceph mdsc build pat...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ndiscrauseropt function failing to initialize the padding field in the nduseroptmsg structure, resulting...
JLSEC-2026-310
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Znbitdecompressonebyte in H5Znbit.c, caused by the earlier use of an initialized pointer...
EUVD-2026-21180
In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...
CVE-2026-23353
A flaw was found in the Linux kernel's ice network driver. When a local user performs an ethtool offline loopback test, the system can experience a kernel null pointer dereference. This occurs because the libeth library for the receive ring is not properly initialized. Successful exploitation of...
CVE-2026-23329
In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libiefwlogdeinit function can be called during driver unload even when firmware logging was never properly initialized. This led to call trace: 148.576156 Oops: Oops: 0000 1 SMP...
CVE-2026-26958 filippo.io/edwards25519 MultiScalarMult function produces invalid results or undefined behavior if receiver is not the identity
filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...