53976 matches found
firefox: Integer overflow in the Networking: JAR component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the Networking: JAR component...
firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Audio/Video component...
CVE-2026-46062
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use...
CVE-2026-46039
In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgkextracttoken when checking the length of the ticket. Rather than rounding up the value to be tested which might overflow, round down the...
CVE-2026-46023
In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...
UBUNTU-CVE-2026-46039
In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgkextracttoken when checking the length of the ticket. Rather than rounding up the value to be tested which might overflow, round down the...
UBUNTU-CVE-2026-46023
In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...
UBUNTU-CVE-2026-46062
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use...
CVE-2026-46062
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use...
CVE-2026-46062
In the Linux kernel ntfs3 driver, CVE-2026-46062 arises from an integer overflow in run_unpack() where the volume boundary check uses raw addition (lcn + len) against sbi->used.bitmap.nbits. This can wrap for large lcn/len values, bypassing validation. A fix uses check_add_overflow() (consiste...
EUVD-2026-32444
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use...
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use...
CVE-2026-46062
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use...
CVE-2026-46039
In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgkextracttoken when checking the length of the ticket. Rather than rounding up the value to be tested which might overflow, round down the...
CVE-2026-46039 rxgk: Fix potential integer overflow in length check
In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgkextracttoken when checking the length of the ticket. Rather than rounding up the value to be tested which might overflow, round down the...
CVE-2026-46039
CVE-2026-46039 affects the Linux kernel. The root cause is a potential integer overflow in rxgk_extract_token() during the length check. The fix changes the check to round down the size of the available data rather than rounding up, preventing overflow. Kernel commits upstream (listed in referenc...
EUVD-2026-32420
In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgkextracttoken when checking the length of the ticket. Rather than rounding up the value to be tested which might overflow, round down the...
CVE-2026-46023
In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...
CVE-2026-46023
The CVE describes a Linux kernel dm-mirror issue in create_dirty_log(): the arg count is computed as 2 + param_count before argc is validated, allowing an unsigned overflow when param_count approaches UINT_MAX. This can bypass the argc
EUVD-2026-32404
In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...