3541 matches found
EUVD-2026-39841
In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...
CVE-2026-53306
In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...
CVE-2026-53306
CVE-2026-53306 affects the Linux kernel tty/hvc_iucv path. The issue is an off-by-one in the number of supported devices: MAX_HVC_IUCV_LINES is 8, and hvc_iucv_devices can be 0–8. When devices == 8, a path that validates against the table size can access hvc_iucv_table[8], potentially triggering ...
CVE-2026-53306
In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...
CVE-2026-53036
A flaw was found in the Linux kernel. Specifically, an off-by-one error exists in the BPF Berkeley Packet Filter JIT Just-In-Time compiler when handling immediate values for branch instructions on ARM64 architectures. This vulnerability allows the system to process values outside their intended...
SUSE-SU-2026:2644-1 Security update for frr
This update for frr fixes the following issues - CVE-2026-28532: Denial of Service due to integer overflow in OSPF TLV parser functions bsc1263859. - CVE-2026-37457: An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR...
SUSE CVE-2026-53263
In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...
CVE-2026-53263
A flaw was found in the Linux kernel's 6lowpan component. An off-by-one error during multicast context address compression can lead to the transmission of uninitialized kernel stack memory over the network. This vulnerability results in information disclosure, potentially allowing an attacker to...
CVE-2026-53088
A flaw was found in the Linux kernel's bcmgenet network driver. An off-by-one error in the bcmgenetputtxcb function, related to the writeptr handling for transmit control blocks txcb, could lead to incorrect cleanup of these blocks. This issue may result in system instability or unexpected behavi...
PT-2026-52948
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the dlm match regions function within the ocfs2/dlm component. The local-vs-remote region comparison loop incorrectly uses the = operator instead of , which...
PT-2026-52945
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the hvc iucv tty driver. The issue occurs when the hvc iucv devices counter equals 8, which is the maximum value defined by MAX HVC IUCV LINES. Due to an...
CVE-2026-45358
A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. A remote attacker could exploit an off-by-one error in the meta encoder to read a single byte outside of allocated memory. This out-of-bounds read could lead to the disclosure of sensitiv...
CVE-2026-56787
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...
CVE-2026-56790
CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...
UBUNTU-CVE-2026-56787
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...
gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling
A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...
CVE-2026-56790 CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()
CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...
CVE-2026-56790
CANBoat (up to version 6.22) contains an off-by-one global buffer overflow in analyzer/pgn.c:searchForPgn() that can crash the application when processing a crafted NMEA-2000 message with an out-of-range PGN sent over CAN bus or N2K-over-IP. The root cause is an out-of-bounds array access. The is...
CVE-2026-56787 RTKLIB 2.4.3 - Off-by-One Out-of-Bounds Read in decode_ssr3 via RTCM3 SSR Message
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...
EUVD-2026-39529
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...