1396 matches found
CVE-2026-10665
In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...
CVE-2026-50721
CVE-2026-50721 concerns Libreswan where the function RSA_authenticate_hash_signature_raw_rsa() does not properly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS#1 RSA Encryption per RFC 2313. This enables a remote attacker to leverage a Bleichen...
SUSE-SU-2026:2697-1 Security update for opensc
This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to cra...
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and includin...
EUVD-2026-39565
HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...
UBUNTU-CVE-2026-6331
HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...
CVE-2026-6331
HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...
UBUNTU-CVE-2026-53195
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...
EUVD-2026-38872
In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...
CVE-2026-53074
Summary of CVE-2026-53074 (Linux kernel) : The issue occurs in the bpf_prog_test_run_skb() path where the code may access ip_hdr(skb) or ipv6_hdr(skb) for IPv4/IPv6 inputs even when only an Ethernet header is present. If the Ethernet frame carries an IPv4/IPv6 EtherType but the Layer 3 header is ...
CVE-2026-53004 sctp: fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks
In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: Check actuallength before accessing the header. The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostfram...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: virtio-net: The issue of checking the received length in large packets has been fixed. Since commit 4959aebba8c0 “virtio-net: Use the MTU size as the buffer length for large packets”, when the guest gso is disabled, the allocated...
CVE-2026-52934
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...
PT-2026-51968
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the bpf prog test run skb function where the system may access ip hdrskb or ipv6 hdrskb even if the provided test input contains only an Ethernet header. This occurs...
CVE-2026-46551
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to downloa...
CVE-2026-46553 NocoDB: Attachment Size Limit Bypass via Upload-by-URL
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...
RHEL 7 : kernel (RHSA-2026:27729)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27729 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of servi...
USN-8349-3 rsync regression
USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read...
CVE-2026-52722
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...