EulerOS Virtualization 2.12.0 : nghttp2 (EulerOS-SA-2026-2107)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

EulerOS Virtualization 2.10.0 : nghttp2 (EulerOS-SA-2026-2057)

According to the versions of the nghttp2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

CVE-2026-47333

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in invalid data...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux versions 6.8, 6.17, and 7.0 have security vulnerabilities. These vulnerabilities stem from an incorrect calculation of the internal buffer size, which may lead to out-of-bound...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary BM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: added retry logic in net6rtnotify inet6rtnotify can only be called under RCU protection. This means that the route may be changed concurrently, and rt6fillnode may return -EMSGSIZE. Resize the skb when this occurs and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Use the correct buffer size when parsing configfs lists This commit fixes the support for the uvc gadget on 32-bit platforms. The commit 0df28607c5cb “usb: gadget: uvc: Generalize helper functions for reuse”...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: - Deleting the last element does not require moving elements. In fact, the element at position i+1 is out of bounds. The...

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1647)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1647 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API...

CVE-2026-43476

A flaw was found in the Linux kernel, specifically within a module responsible for handling sensor data. This vulnerability is caused by an error in calculating the correct size for a data buffer. An attacker could potentially exploit this issue to corrupt memory, which might lead to the system...

CVE-2026-43461

A flaw was found in the Linux kernel, specifically within the spi: amlogic: spifc-a4 module. This vulnerability involves errors in the handling of Direct Memory Access DMA mapping within the amlsfcdmabuffersetup function. These errors include a double-unmap bug and an incorrect unmap size, which...

CVE-2025-71289

A flaw was found in the Linux kernel's NTFS3 file system driver. When a file is truncated, and an error occurs during the process of setting the attribute size, the system silently ignores this error. This oversight can lead to the file's inode, which stores critical file system metadata, being...

EUVD-2025-209678

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files If attrsetsize fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state...

CVE-2025-71291

The CVE-2025-71291 issue affects the Linux kernel bcm_vk_read() function, where a NULL entry dereference could occur if entry is NULL and rc is -EMSGSIZE, potentially causing system instability or DoS. The fix copies fields (to_h_msg, usr_msg_id, to_h_blks) from the iterator into temporary variab...

CVE-2026-37535

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac 2021-08-09 contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious...

PT-2026-34853

CVE-2026-1949 Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. https://t.co/NRUjOzyfyB...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: nghttp2 (UTSA-2026-014315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014315 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when use...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

Amazon Linux 2 : nghttp2, --advisory ALAS2-2026-3232 (ALAS-2026-3232)

The version of nghttp2 installed on the remote host is prior to 1.41.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3232 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...