CVE-2026-31720 usb: gadget: f_uac1_legacy: validate control request size

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fuac1legacy: validate control request size faudiocomplete copies req-length bytes into a 4-byte stack variable: u32 data = 0; memcpy&data, req-buf, req-length; req-length is derived from the host-controlled USB reque...

CVE-2026-31720

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fuac1legacy: validate control request size faudiocomplete copies req-length bytes into a 4-byte stack variable: u32 data = 0; memcpy, req-buf, req-length; req-length is derived from the host-controlled USB request...

CVE-2026-31700

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the header via...

CVE-2026-39457

When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...

CVE-2026-42996

JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp...

EUVD-2026-26482

JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp...

CVE-2026-7546

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

[SECURITY] Fedora 43 Update: python3.6-3.6.15-57.fc43

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

CVE-2026-7546 Totolink NR1800X lighttpd find_host_ip stack-based overflow

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

CVE-2026-7546 Totolink NR1800X lighttpd find_host_ip stack-based overflow

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

CVE-2026-7546

Totolink NR1800X firmware 9.1.0u.6279_B20210910 contains a stack-based overflow in lighttpd’s find_host_ip when Host is manipulated. This remote vulnerability has a publicly disclosed exploit. No remediation details are provided in the supplied documents.

SUSE CVE-2026-7111

Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example afterparse, beforeprint, or...

[SECURITY] Fedora 42 Update: python3.6-3.6.15-57.fc42

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

CVE-2026-37536

The CVE-2026-37536 entry concerns miaofng/uds-c (commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a, 2016-10-05). A stack buffer overflow occurs in send_diagnostic_request: a 6-byte buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) is written via memcpy at offset 1+pid_length with payload_length bytes. The def...

Automotive Grade Linux agl-service-can-low-level 安全漏洞

Automotive Grade Linux agl-service-can-low-level is an in-vehicle communication service component from Automotive Grade Linux. A security vulnerability exists in Automotive Grade Linux agl-service-can-low-level version 17.1.12 and earlier, which stems from an uds-c inventory overflow in the stack...

PT-2026-36505

Name of the Vulnerable Software and Affected Versions agl-service-can-low-level versions prior to 17.1.12 Description A stack buffer overflow exists in the uds-c library. The send diagnostic request function in uds.c allocates a 6-byte stack buffer but copies up to 7 bytes via memcpy at an offset...

EUVD-2026-26677

A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr++anOffset without proper...

Apache Neethi 资源管理错误漏洞

Apache Neethi is a policy processing framework library developed by the Apache Foundation. There is a resource management vulnerability in Apache Neethi; this vulnerability stems from an improper detection of circular references in policy definitions. This can cause the policy normalization proce...

CVE-2026-42485

AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3 bytes,...

CVE-2026-42482

Hashcat CVE-2026-42482 affects v7.1.2, describing a stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c. The bound check does not account for 2x expansion when converting password bytes to hexadecimal, enabling a vulnerability that could allow denial of ...