116 matches found
SUSE CVE-2026-46190
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...
Linux Distros Unpatched Vulnerability : CVE-2026-46190
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed t...
CVE-2026-46190
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...
UBUNTU-CVE-2026-46190
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...
CVE-2026-46190
Summary (CVE-2026-46190) : A Linux kernel vulnerability in the MTD SPI-NOR debugfs code caused an out-of-bounds read in spi_nor_params_show() due to passing an array of pointers to spi_nor_print_flags() with sizeof(snor_f_names). Since sizeof on a pointer array yields bytes, not element count, th...
CVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...
CVE-2026-46190
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...
EUVD-2026-32817
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...
CVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...
CVE-2026-46190
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of the sizeofsnorfnames function in the spnornparamsshow function within the mtd spi-nor...
PT-2026-44313
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An out-of-bounds read exists in the spi nor params show function within the spi-nor debugfs component. The issue occurs...
CVE-2026-42334
A flaw was found in Mongoose, a MongoDB object modeling tool. A remote attacker could bypass the sanitizeFilter query sanitization mechanism by injecting malicious operators, such as $ne, $gt, or $regex, within a $nor clause. This vulnerability arises because the $nor operator was not properly...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: The issue of out-of-bounds shift during spinorseterasetype has been fixed. spinorseterasetype was used either to set or to mask an erase type. When it was used to mask an erase type, an out-of-bounds condition...
BIT-MONGOOSE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...
CVE-2026-42334
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...
CVE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...
CVE-2026-42334
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...
EUVD-2026-30349
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...
CVE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...