USN-8414-1: OpenSSL vulnerabilities

Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or obtain sensitive information. CVE-2026-34180 Pavol Zacik and Alex Gaynor discovered that OpenSSL...

CVE-2026-46321

A flaw was found in the Linux kernel. A local attacker with access to the tun/tap device can exploit this vulnerability. By sending network frames shorter than the expected header length, the system fails to free allocated memory pages, leading to memory leaks. This can exhaust system memory,...

CVE-2026-45466

CVE-2026-45466 : Heap-based buffer overflow in Microsoft Word can allow a local attacker to disclose information. Affected product: Microsoft Word (Office). Vulnerability type: heap-based overflow in Word’s handling of content. Impact: confidentiality leakage (low), local access required with use...

CVE-2026-46316

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for ARM64, specifically within the vgic-its component. This vulnerability occurs when multiple concurrent operations incorrectly drop the translation cache's reference to an entry more than once during cache invalidation. Thi...

CVE-2026-46318

A flaw was found in the Linux kernel's hugetlbfs component. An issue in the mmapprepare stage incorrectly handled memory allocation, which could lead to a lock leak if an allocation failed. This resource leak could potentially be exploited by a local attacker to cause a Denial of Service DoS by...

CVE-2026-46322

A flaw was found in the Linux kernel's tun driver. This vulnerability occurs when the buildskb function fails within tunxdpone, leading to a failure to free an allocated memory page. Each such failure results in a memory leak, where a 'page-frag chunk' is not released. Over time, repeated...

CVE-2026-46320

A flaw was found in the Linux kernel's tap driver. This vulnerability occurs in the tapgetuserxdp function, where allocated memory pages are not properly freed when processing rejected network frames. Specifically, if a frame is shorter than the expected Ethernet header length or if memory...

CVE-2026-46332

A flaw was found in the Linux kernel's Greybus subsystem, specifically in the gb-beagleplay driver. The cc1352bootloaderrx function, responsible for receiving bootloader data, does not properly check the size of incoming data chunks before copying them into a fixed-size receive buffer. This...

CVE-2026-46326

A flaw was found in the Linux kernel, specifically within the iio: pressure: mprls0025pa driver. This vulnerability is due to improper initialization of the spitransfer structure, which is not consistently zeroed out before use. This could allow an attacker to potentially read sensitive informati...

CVE-2026-46330

A flaw was found in the Linux kernel's TCP User-Level Protocol ULP support for SMC. This vulnerability arises when an active TCP socket is converted into an SMC socket, as the implementation attempts to modify core Virtual File System VFS structures in-place. This action violates fundamental VFS...

CVE-2026-46325

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe component. This vulnerability arises from an incorrect conversion of I/O Virtual Addresses iova to Virtual Addresses va when Memory Regions MRs have page sizes that differ from the...

CVE-2026-52904

A flaw was found in the Linux kernel's drm/nouveau component. This issue arises during device initialization when a specific function fails to properly release allocated memory resources. This memory leak can be triggered by a local user, potentially leading to system instability or a Denial of...

CVE-2026-46329

A flaw was found in the Linux kernel's erofs filesystem. This vulnerability occurs due to improper handling of I/O requests that extend beyond the end of a file-backed filesystem. An attacker could potentially exploit this to read uninitialized memory, leading to information disclosure. This issu...

USN-8412-1 qemu vulnerabilities

Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly handled certain responses from an iSCSI server. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary...

USN-8412-1: QEMU vulnerabilities

Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly handled certain responses from an iSCSI server. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary...

CVE-2026-42570

CVE-2026-42570 affects the Svelte devalue library. devalue.parse could allocate excessive memory when deserializing sparse arrays in versions 5.6.3 through 5.8.0, due to engine quirks. The issue is fixed in version 5.8.1. Affected references include GitHub advisories GHSA-77vg-94rm-hx3p and OSV e...

CVE-2026-42570 Svelte devalue: DoS via sparse array deserialization

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

CVE-2026-42570 Svelte devalue: DoS via sparse array deserialization

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

EUVD-2026-35500

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...