Lucene search
K

12061 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg – Zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests that were allocated using sockkmalloc remained uninitialized. This meant that callers had to explicitly set the fields...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Set numsyncs to a limit to prevent excessively large allocations. The exec and vmBind ioctls allow userspace to specify an arbitrary value for numsyncs. Without bounds checking, a very large value of numsyncs can result i...

5.9AI score0.00166EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, resulting in uncontrolled memory allocation. This can lead to a denial of service attack on the host system, causing the QEMU process to terminate...

5.5CVSS7.1AI score0.00137EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Corrected the allocation size for bytes controls The size of the data behind scontrol-ipccontroldata for bytes controls is as follows: 1 sizeofstruct sofipc4controldata + // kernel-only struct 2...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Media: Verisilicon: AV1 – Fix for the tile info buffer size. Each tile consists of: rowsb, colsb, startpos, and endpos 4 bytes each. Therefore, the total memory required is AV1MAXTILES 16 bytes. Use the correct define to allocate...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2, where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub’s argument list. However, it does not check whether the memory allocation fails. Once the allocation fails, a NULL pointer will be processed by the parseoption function,...

5.2CVSS6.5AI score0.00203EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: udptunnel: Use netdevwarn instead of netdevWARN. netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister failing due to a memory allocation failure e.g., kzalloc o...

6.1AI score0.00173EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.35 views

CVE-2026-56376 ImageMagick - Heap Use-After-Free in Meta Coder

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...

6.3CVSS0.00184EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/23 10:39 a.m.5 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-54285

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 4:52 p.m.30 views

CVE-2026-54285 opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:52 p.m.5 views

CVE-2026-54285

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 4:52 p.m.35 views

CVE-2026-54285

Opentelemetry-js (OpenTelemetry JavaScript client) is affected by CVE-2026-54285 through the W3CBaggagePropagator.extract() path in @opentelemetry/core prior to 2.8.0, where inbound baggage headers were not capped and could trigger memory allocation proportional to header size. The issue is fixed...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.4 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.5AI score0.004EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 6:10 a.m.5 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 6:5 a.m.5 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/20 12:28 a.m.7 views

kernel: crypto: caam - fix overflow on long hmac keys

A flaw was found in the Linux kernel's caam cryptographic accelerator driver. When processing a Hash-based Message Authentication Code HMAC key that exceeds the block size, the driver incorrectly handles memory allocation and copying. This can lead to an overflow, where the system attempts to rea...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/19 4:23 p.m.39 views

CVE-2026-3196 Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation

An integer overflow vulnerability was found in the virtio-snd device via PCMINFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition...

5.5CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 4:23 p.m.54 views

CVE-2026-3196

CVE-2026-3196 describes an integer overflow in the virtio-snd device triggered by PCM_INFO requests from a guest, causing unbounded host memory allocation and potential denial-of-service. Documented in multiple feeds (CVE listing, AttackersKB, OSV/Nessus advisories) indicates the vulnerability af...

5.5CVSS5.9AI score0.00102EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 4:23 p.m.6 views

EUVD-2026-38042

An integer overflow vulnerability was found in the virtio-snd device via PCMINFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition...

5.5CVSS5.9AI score0.00102EPSS
Exploits0References2
Rows per page
Query Builder