CVE-2026-6839

The vulnerability CVE-2026-6839 affects Samsung ONE (Open Source ONE). Root cause: improper validation of STRING tensor offsets during constant tensor import, which can trigger out-of-bounds access. Affected versions are prior to commit 1.30.0. Impact described by CVSS: LOCAL attacker with low at...

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011252)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011252 advisory. In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offsetinbo of drmamdgpugemva This is motivated by OOB access in...

CVE-2026-40335

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622–629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...

CLEANSTART-2026-WA14162 Delete function fails to properly validate offsets when processing malformed JSON input

Multiple security vulnerabilities affect the prometheus package. The Delete function fails to properly validate offsets when processing malformed JSON input. See references for individual vulnerability details...

CLEANSTART-2026-JY63371 Delete function fails to properly validate offsets when processing malformed JSON input

Multiple security vulnerabilities affect the prometheus package. The Delete function fails to properly validate offsets when processing malformed JSON input. See references for individual vulnerability details...

SUSE CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

EUVD-2026-16345

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

CVE-2026-32285

CVE-2026-32285 concerns the Go JSON parser library bug in github.com/buger/jsonparser where the Delete function fails to validate offsets for malformed JSON input. This can yield a negative slice index and a runtime panic, resulting in a denial of service. The affected component is the Delete ope...

CVE-2026-32285 Denial of service in github.com/buger/jsonparser

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the failure to correctly validate offsets when processing JSON inputs with formattin...

CVE-2026-32829

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

CVE-2026-32829 lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

CVE-2026-32829 lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

EUVD-2026-13426

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

CVE-2026-32829 lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

RUSTSEC-2026-0041 Decompressing invalid data can leak information from uninitialized memory or reused output buffer

Decompressing invalid LZ4 data with the block API can leak data from uninitialized memory, or leak content from previous decompression operations when reusing an output buffer. The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from a...