EUVD-2026-38863

In the Linux kernel, the following vulnerability has been resolved: net/rds: zero per-item info buffer before handing it to visitors rdsforeachconninfo and rdswalkconnpathinfo both hand a caller-allocated on-stack u64 buffer to a per-connection visitor and then copy the full itemlen bytes back to...

Astra Linux - уязвимость в glibc

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library’s DNS backend can lead to a situation where a zero-valued network is queried during operations in the GNU C Library versions 2.0 to 2.42. This could result in the leakage of stack contents to the...

CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

CVE-2026-43618

Rsync

Astra Linux – Vulnerability in connman

Before version 1.39, gdhcp in ConnMan could be exploited by network-adjacent attackers, allowing them to leak sensitive stack information and enabling further exploitation of bugs in gdhcp...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures in case of failure. Wipe all sensitive data from the stack for all IOCTLs that convert a clear-key into a protected-or-secure-key...

SUSE CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

EUVD-2026-21024

Wasmtime has host data leakage with 64-bit tables and Winch...

GHSA-M9W2-8782-2946 Wasmtime has host data leakage with 64-bit tables and Winch

Impact Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the host's stack to WebAssembly guests. The host's stack can possibly contain sensitive...

CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

CVE-2026-34945 Wasmtime leaks host data with 64-bit tables and Winch

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

Linux Distros Unpatched Vulnerability : CVE-2026-34945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001415)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001415 advisory. kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000686 advisory. The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structu...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001244 advisory. Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003639)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003639 advisory. In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags...

CVE-2026-0915

CVE-2026-0915 concerns glibc’s DNS handling: uninitialized stack buffer used as DNS query name when net==0 can leak stack contents to the DNS resolver. Connected advisories indicate affected packages (glibc) with fixes in versions &gt;= 2.35-9 (e.g., SUSE/OpenSUSE, Ubuntu, Rocky Linux, AlmaLinux,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003445)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003445 advisory. The x25negotiatefacilities function in net/x25/x25facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows...