3435 matches found
CVE-2026-53263
In Linux kernel CVE-2026-53263, the 6lowpan multicast context address compression had an off‑by‑one in the second memcpy of lowpan_iphc_mcast_ctx_addr_compress(), using data[1] and ipaddr->s6_addr[11] instead of data[2] and ipaddr->s6_addr[12]. This caused data[1] to be overwritten (RIID co...
EUVD-2026-39214
In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...
CVE-2026-52804
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3...
CVE-2026-52804
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3...
CVE-2026-52804
Summary (concrete details from provided sources): CVE-2026-52804 affects Gogs prior to 0.14.3, enabling a repository admin collaborator to escalate to owner-level access through an off-by-one error in ChangeCollaborationAccessMode. The vulnerability is triggered via mode=4 (Owner) being accepted ...
EUVD-2026-38956
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix off-by-one in bcmgenetputtxcb The writeptr points to the next open txcb. We want to return the txcb that gets rewinded, so we must rewind the pointer first then return the txcb that it points to. That way the...
Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation
Summary A repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. Vulnerable Code In internal/database/repocollaboration.go, line 129: go func r Repository ChangeCollaborationAccessModeuserI...
PT-2026-51622
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A repository admin collaborator can escalate their privileges to owner-level access due to an off-by-one error in the ChangeCollaborationAccessMode function. This occurs because the validation...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed another “off-by-one” issue with the fsmap for 1k-block file systems. It seems that syzbot discovered that issuing the FSMAP call as follows: c struct fsmaphead cmd = .fmhcount = ...; .fmhkeys = .fmrdevice = / ext4...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Fixed a potential VPE leak upon error. In itsvpeirqdomainalloc, when itsvpeinit returns an error, there is an off-by-one issue with the number of VPEs that need to be freed. This issue was fixed by simply...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue arises from an off-by-one error that causes out-of-bounds memory access when...
Astra Linux – Vulnerability in Chromium
A single error in V8 in Google Chrome prior to version 141.0.7390.54 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fslupm: A bug in the funexecop function was fixed; a “off-by-one” test was corrected. The “op-cs” values are copied into “fun-mchipnumber”, which is used to access the “mchipoffsets” and “rnbgpio” arrays. These arra...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: scsi: sd: A “off-by-one” error has been fixed in sdreadBlockcharacteristics. If the device returns page 0xb1 with a length of 8 this occurs with QEMU v2.x, for example, sdReadBlockCharacteristics may attempt an out-of-bounds...
Astra Linux – Vulnerability in GIMP
GIMP PSP File Parsing: An Off-by-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicio...
gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling
A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...
gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...
gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...
CVE-2026-54410
nanoMODBUS (through v1.23.0) contains an off-by-one buffer overflow in the recv_msg_header() of the Modbus/TCP server. An unauthenticated remote attacker can craft an MBAP Length=255 to force writing one attacker-controlled byte past the 260-byte receive buffer, corrupting the adjacent state stru...
SUSE CVE-2026-45358
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47...