CVE-2026-37229

CVE-2026-37229 affects FlexRIC v2.0.0. A reachable assertion in e2ap_create_pdu() is triggered when ASN.1 PER decoding fails, allowing a remote unauthenticated attacker to send a non-PER byte sequence (e.g., 0x00) over SCTP to the near-RT RIC at port 36421 or iApp at port 36422 to crash the proce...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fixed a kernel panic that occurs when the host sends an invalid H2C PDU length. If the host sends an H2CData command with an invalid DATAL value, the kernel may crash in the nvmettcpbuildpduiovec function. This issue...

CVE-2026-0428

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

PT-2026-41259

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV SOC CMD ID SRIOV COPY VF CHIPLET REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

CVE-2026-33611

A flaw was found in PowerDNS. An operator with access to the REST API can introduce invalid HTTPS or SVCB record data, which can lead to corruption of the LMDB database. This can result in a denial of service due to data integrity issues. Mitigation To mitigate this issue, restrict access to the...

CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

CLSA-2026-1776427525 golang: Fix of 3 CVEs

CVE-2025-61723: fix non-linear processing time when parsing invalid PEM inputs that could lead to denial of service - CVE-2025-58187: fix quadratic complexity when checking name constraints in crypto/x509 certificate validation - CVE-2025-58188: fix panic when validating certificates with DSA...

CVE-2026-31405 media: dvb-net: fix OOB access in ULE extension header tables

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

CVE-2026-23334

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid...

UBUNTU-CVE-2026-23334

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid...

CVE-2026-23334 can: usb: f81604: handle short interrupt urb messages properly

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid...

UBUNTU-CVE-2025-71267

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTRLIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite loop when an...

DEBIAN-CVE-2026-26066

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with IPTCTEXT. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

Infinite loop

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Infinite loop

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

CVE-2025-59895

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service DoS vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious reques...

CVE-2025-59895

CVE-2025-59895 affects Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The vulnerability is a remote DoS in the configuration restore function caused by insufficient validation of user-supplied data, leading to an unresponsive service. In a successful scenario, the serv...

CVE-2023-40074

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-29044

Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get...

CVE-2023-50716

eProsima Fast DDS formerly Fast RTPS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATAFRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely...