PT-2026-26463

Name of the Vulnerable Software and Affected Versions tinytag versions 2.2.0 Description tinytag version 2.2.0 contains an issue where an attacker who can supply MP3 files for parsing can trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-si...

CVE-2025-68195

CVE-2025-68195 is a Linux kernel issue in x86/CPU/AMD related to Zen5 rdseed microcode. The vulnerability stems from a missing terminator for zen5_rdseed_microcode, which can cause an out-of-bounds access tripping KASAN during x86_match_min_microcode_rev() on Zen5 CPUs. Upstream and downstream ad...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing terminator and could lead to out-of-bounds access...

AZL-71393 CVE-2025-40252 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend The loops in 'qedetpacont' and 'qedetpaend', iterate over 'cqe-lenlist' using only a zero-length terminator as the stopping condition. If the...

Linux Distros Unpatched Vulnerability : CVE-2025-40252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend The loops in 'qedetpacont' and 'qedetpaend', iterate over 'cqe-lenlist' using...

Denial Of Service (DoS)

SixLabors.ImageSharp is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed GIF comment extension blocks due to a missing block terminator, causing the GIF decoder to enter an infinite loop when processing specially crafted files...

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

UBUNTU-CVE-2022-3170

An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id-name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl interface and crash the system or potentially escalate their...