290 matches found
UBUNTU-CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/edid: In the function connectorbadedid, numblocks was read as numofext. In the commit e11f5bd8228f “drm: Add support for DP 1.4 Compliance edid corruption test”, the function connectorbadedid assumed that the memory allocated...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Set numsyncs to a limit to prevent excessively large allocations. The exec and vmBind ioctls allow userspace to specify an arbitrary value for numsyncs. Without bounds checking, a very large value of numsyncs can result i...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dma-buf: A memory barrier should be inserted before updating numfences. smpstoremb inserts a memory barrier after storing data. This differs from what the comment originally intended; a null pointer dereferencing can occur if the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: qcom: bamdma: Fixed error handling for num-channels/ees When there is no clock specified in the device tree, there is no way to ensure that BAM is enabled. This often occurs for remotely controlled or remotely power...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: corrected the incorrect validation of the numaces field in smbacl. parsedcal now validates numaces to allocate an array of posixacestatearray. If numaces is greater than ULONGMAX / sizeofstruct smbace++, it results in a...
CVE-2026-6255
The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owlswrapper' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-43205
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate numifs to prevent out-of-bounds write The driver obtains swattr.numifs from firmware via dpswgetattributes but never validates it against DPSWMAXIF 64. This value controls iteration in...
CVE-2026-6255
Summary: CVE-2026-6255 affects the WordPress plugin Simple Owl Shortcodes, with a Stored Cross-Site Scripting vulnerability via the num attribute of the owls_wrapper shortcode in all versions up to and including 2.1.1. The issue stems from insufficient input sanitization and output escaping on us...
SUSE CVE-2026-31711
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix activenumconn leak on transport allocation failure Commit 77ffbcac4e56 "smb: server: fix leak of activenumconn in ksmbdtcpnewconnection" addressed the kthreadrun failure path. The earlier alloctransport == NULL...
CVE-2026-31706
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...
PT-2026-36336
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the smb inherit dacl function trusts the num aces value from a parent directory's DACL xattr to determine the size of a heap allocation. An...
CVE-2026-31602
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CTPTPNUM from 1 to 4 to support 256 playback streams, but the additional pages are not used by the card correctly. The CT20K2 hardware already has multiple...
CVE-2026-31464
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD response that exceeds maxtargets. This value is stored directly in...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of the numwritten value. This vulnerability could allow malicious VIO...
Linux Distros Unpatched Vulnerability : CVE-2026-31505
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iavf: fix out-of-bounds writes in iavfgetethtoolstats iavf incorrectly uses realnumtxqueues for ETHSSSTATS. Since the value could change in runtime, we should u...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013743)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013743 advisory. In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled...
CVE-2026-3600
The CVE concerns the WordPress plugin Investi . It is vulnerable to Stored Cross-Site Scripting via the shortcode attribute maximum-num-years in the investi-announcements-accordion shortcode, affecting versions up to and including 1.0.26 . The root cause is insufficient input sanitization and out...
CVE-2026-3600 Investi <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006757)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006757 advisory. In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter numrdy Getting below error when using KCSAN to...