3238 matches found
CVE-2026-53249
In the Linux kernel, CVE-2026-53249 affects the IPv4 handling of LSRR and SSRR options. The implemented patch restricts setting IPOPT_SSRR and IPOPT_LSRR to users with CAP_NET_RAW, preventing unprivileged applications from steering traffic through attacker-controlled nodes to leak TCP ISN and pot...
BIT-PYTHON-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...
EUVD-2026-38839
In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in gettimestamp Move the phc-active check and resp pointer assignment to after acquiring the spinlock. Previously, phc-active was checked without holding the lock, and resp was cached...
EUVD-2026-38120
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...
CVE-2026-56282
Capgo before 12.128.2 has an information-disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry (e.g., replication slot names, confirmed_flush_lsn, restart_lsn) and database error messages. Access to this endpoint does not requ...
PT-2026-51152
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the unauthenticated '/replication' endpoint. This allows attackers to retrieve internal PostgreSQL replication telemetry without authentication, exposing...
CVE-2026-49346
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...
CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: DCCP: Fixed out-of-bounds access in the DCCP error handler. There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only wanted to access the first 8...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix tcpinittransfer so that icskcainitialized is not reset. This commit fixes a bug identified by syzkaller that could cause spurious double-initializations for congestion control modules. This could lead to memory leaks or...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv – Properly handles the EBUSY error. Since seqiv only handles the special return value of EINPROGERSS, it means that in all other cases, it will free the data related to the request. However, since the caller of seqi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate sequence number of TX release report Hardware rarely reports abnormal sequence number in TX release report, which will access out-of-bounds of wdring-pages array, causing NULL pointer dereference. BUG:...
Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: tracing: Fixed an out-of-bounds write in traceseqtobuffer. syzbot reported this bug: ================================================================== Bug: KASAN: Out-of-bounds access in traceseqtobuffer in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: TCP: Fixed corruption in MPTCP’s DSS due to large PMTU transmissions. Syzkaller was able to trigger DSS corruption: - TCP: requestsocksubflowv4: Possible SYN flooding on port :::20002. Sending cookies. ------------ Cut here...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The commit mutex should not be released during the critical section between nftgcseqBegin and nftgcseqEnd. Otherwise, the async GC worker could collect expired objects and obtain the released commit lock with...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fixed a mismatch in the function prototype in sndseqexpandvarevent. With Clang’s Kernel Control Flow Integrity kCFI; CONFIGCFICLANG feature, indirect call targets are validated against the expected function pointer...
PT-2026-51028
Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.1.0 Description An open source implementation of the h.265 video codec contains a signed integer overflow in the de265 image get buffer function. This occurs when processing a crafted H.265 bitstream with 16-bit bi...
gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...
CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities
A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...
CVE-2025-11694
The CVE-2025-11694 issue affects 1769 CompactLogix controllers (CIP protocol). The root cause is missing validation of sequence numbers and source IP addresses, enabling an attacker to abuse exposed Connection IDs visible on the web interface to trigger denial-of-service conditions resulting in a...