264 matches found
EulerOS 2.0 SP15 : kata-containers (EulerOS-SA-2026-2484)
"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...
CVE-2026-10512
The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...
EUVD-2026-39552
The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...
CVE-2026-10512 X25519 x86_64 assembly final reduction leaves non-canonical field element
The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...
CVE-2026-10512
The CVE-2026-10512 issue affects the X25519 x86_64 assembly implementation, where the final modular reduction fails to clear the most significant bit, leaving the 255-bit field element non-canonical. Consequently, the computed result from scalar multiplication may be incorrect, potentially yieldi...
CVE-2026-10512
The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...
CVE-2026-53184
In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...
CVE-2026-53184
The CVE-2026-53184 issue affects the Linux kernel UDP sockmap path. On UDP receive, skb->dev is repurposed as dev_scratch; when a SK_SKB verdict program uses BPF socket-lookup helpers (bpf_sk_lookup_tcp/udp, bpf_skc_lookup_tcp), skb->dev may still hold the dev_scratch value, and dev_net(skb...
PT-2026-52561
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The X25519 x86 64 assembly implementation fails to clear the most significant bit during the final modular reduction. This occurs because the final...
PT-2026-51847
Content removed...
Astra Linux – Vulnerability in glibc
Before version 2.32, the GNU C Library also known as glibc or libc6 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contained a non-canonical bit pattern. This issue was observed when passing a value of 0x5d414141414141410000 to the sinl...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: VMCI: Check context-notifypage after calling getuserpagesfast to avoid GPF. The call to getuserpagesfast in vmcihostunlockedioctl may return NULL for context-notifypage, causing a GPF. To avoid this, check that context-notifypage...
Hitachi Pentaho Business Analytics Server - Bypass Authorization
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. id: CVE-2022-43939 info: name: Hitachi Pentaho Business Analytics Server - Bypass Authorization author: daffainf...
EulerOS 2.0 SP13 : kata-containers (EulerOS-SA-2026-2335)
"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...
EulerOS 2.0 SP13 : kata-containers (EulerOS-SA-2026-2292)
"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...
CVE-2026-50258
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel XkbNumKbdGroups but CheckKeyTypes does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift...
EUVD-2026-34815
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel XkbNumKbdGroups but CheckKeyTypes does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift...
SUSE CVE-2024-50102
In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Litetm" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user...
EUVD-2026-32926
Hono: IP Restriction bypasses static deny rules for non-canonical IPv6...
GHSA-XRHX-7G5J-RCJ5 Hono: IP Restriction bypasses static deny rules for non-canonical IPv6
Summary The ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6 representations of an address already listed in a static rule — such as compressed forms,...