97 matches found
CVE-2026-55958
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...
CVE-2026-55958
The CVE-2026-55958 issue is a buffer overrun in Renesas TSIP TLS 1.3 transcript handling. In tsip_StoreMessage(), a capacity check for the fixed MSGBAG_SIZE (8 KB) sets an error but does not return, allowing an XMEMCPY to overwrite past the end once the TLS handshake transcript exceeds MSGBAGE_SI...
EUVD-2026-39546
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...
Oracle Linux 8 : redis:6 (ELSA-2026-26008)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26008 advisory. 6.2.22-1.0.1 - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 6.2.22-1 - rebase to 6.2.22 for CVE-2026-25243 Tenable has extracted the...
Astra Linux – Vulnerability in Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A missing size check was added in amdgpudebugfsgprwaveread. This prevents a potential buffer overflow if the size exceeds 4K. Chery picked from the commit f5d873f5825b40d886d03bd2aede91d4cf002434...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: igc: The TX packet buffer size per queue has been reduced from 7KB to 5KB. The previous setting of 7KB per queue caused issues with the TX unit during heavy timestamping operations. Reducing the buffer size to 5KB avoids such...
EUVD-2026-28631
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" exceptions ESR=0x96000010 and kernel crashes on Monaco-based platforms. These faults are caused by the kernel...
CVE-2026-43365
In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized liclogroundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff value to 512. This leads to corrupt logs and unmountable filesystems in generic/617 on a disk with 4k...
OpAMP client reads unbounded HTTP response bodies
Summary When receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured OpAMP server i...
PT-2026-37268
Name of the Vulnerable Software and Affected Versions OpenTelemetry.OpAmp.Client versions prior to 0.2.0-alpha.1 Description When receiving responses from the OpAMP server over HTTP, the client allocates an unbounded buffer to read all bytes from the server without an upper limit on the number of...
PT-2026-36400
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPU VA RESERVED TRAP SIZE to 64KB Currently, AMDGPU VA RESERVED TRAP SIZE is hardcoded to 8KB, while KFD CWSR TBA TMA SIZE is defined as 2 PAGE SIZE. On systems with 4K pages, both values match 8KB, so...
Spring Framework DoS with Multipart Temp Files in WebFlux
A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...
CVE-2026-22740
The CVE-2026-22740 issue affects Spring Framework WebFlux multipart request handling. The root cause is cleanup of temporary files created for parts larger than 10 KB, which in some cases are not deleted after the request completes, enabling an attacker to exhaust disk space (Denial of Service). ...
PT-2026-35899
Name of the Vulnerable Software and Affected Versions WebFlux server application affected versions not specified Description A WebFlux server application that processes multipart requests creates temporary files for parts larger than 10 K. Under certain conditions, these temporary files may not b...
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that VECT's...
DEBIAN-CVE-2026-31669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013162)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013162 advisory. In the Linux kernel, the following vulnerability has been resolved: Revert mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K The commit 8396c793ffdf mmc:...
PYSEC-2026-70
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...
CVE-2026-39373
CVE-2026-39373 affects JWCrypto (Python) prior to 1.5.7. An unauthenticated attacker can trigger memory exhaustion by sending crafted JWE tokens using ZIP compression; a token under 250 KB can decompress to ~100 MB. The fix is version 1.5.7. This follows CVE-2024-28102: while the 250 KB input lim...
github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload
A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...