86 matches found
CVE-2026-21379
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value...
CVE-2026-55646 vLLM speech-to-text endpoints allocate full upload before enforcing the audio file-size limit
vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...
kernel: netfilter: conntrack: clamp maximum hashtable size to INT_MAX
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INTMAX Use INTMAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipv6: Annotated data-race in ndiscrouterdiscovery The syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This seems fine, as IFLAINET6RAMTU is a best-effort mechanism. Add...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: gve: Fixed corruption in the stats report when the number of queues changes. The driver and the Network Interface Card NIC share a memory region for stats reporting. The NIC calculates its offset within this region based on the...
aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup
Summary During cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. Impact An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS a zip bomb edge case. Workaround...
CVE-2026-46234
In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...
CVE-2026-46234 vsock: fix buffer size clamping order
In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...
EUVD-2026-32752
In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a sequential error in the size limitation of the vsock buffer. Instead of limiting the minimum...
PT-2026-43945
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the EROFS Enhanced Read-Only File System implementation where out-of-bounds handling occurs for trailing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calculation functions A vulnerability was identified where the operating system can pass in U32MAX as the size of SQ/RQ/SRQ. This can lead to integer overflow and truncation of the SQ/RQ/SRQ depth values...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
The IPv6 implementation in the Linux kernel before version 6.3 has a maxsize threshold in the net/ipv6/route.c file that can be easily exceeded. This can lead to a denial of service condition, where the network becomes unreachable, resulting in errors when IPv6 packets are sent through a raw sock...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: media: s5pcec: limit msglen to CECMAXMSGSIZE I expect that the hardware will have limited this value to 16, but just in case it isn’t the case, check for this corner case...
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdulen infinite loop l2capconfigreq processes CONFIGREQ for channels in BTCONNECTED state to support L2CAP reconfiguration e.g. MTU changes. However, since both CONFINPUTDONE and...
EUVD-2026-24631
In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...
CVE-2026-6022
In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...
CVE-2026-6022
In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...
PT-2026-29606
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Prior to version 3.13.4, AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, read the entire multipart form field into memory before checking the client max size limit. Thi...
CVE-2026-29112
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...