73875 matches found
CVE-2026-48715
radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...
CVE-2026-51846
In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution...
CVE-2026-51844
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter...
CVE-2026-51845
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter...
CVE-2026-51843
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: qca – fixed an issue where information was leaked when fetching the fw build id. Added missing sanity checks and moved the 255-byte build-id buffer off the stack to prevent the leakage of stack data through debugfs,...
Astra Linux – Vulnerability in libwoodstox-java
Those who use Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow. This vulnerability could potentially all...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service—only by manipulating the processed input stream when XStream is configured to use th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scs: A wrong parameter was fixed in scsmagic. The scsmagic function requires a void variable, but a struct taskstruct is provided instead. taskscstsk represents the starting address of the task’s shadow call stack, and...
Astra Linux – Vulnerability in Linux 5.15
In the efirtasmwrapper of efi-rt-wrapper.S, there is a possible way to bypass shadow stack protection due to a logical error in the code. This could result in a local escalation of privileges without the need for additional execution privileges. User interaction is not required for exploitation...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an out-of-bounds write in triegetnextkey The triegetnextkey function allocates a node stack with a size of trie-maxprefixlen. However, it writes trie-maxprefixlen + 1 nodes to the stack when the stack is full. For...
Astra Linux – Vulnerability in Linux
In the file drivers/pci/hotplug/rpadlpar/sysfs.c within the Linux kernel up to version 5.11.8, the RPA PCI Hotplug driver suffers a user-tolerable buffer overflow when writing a new device name to the driver from user space. This allows user space to write data directly to the kernel stack frame...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iio: backend: make sure to NULL terminate the stack buffer Make sure to NULL terminate the buffer in iiobackend DebugfsWriteReg before passing it to sscanf. It is a stack variable, so we should not assume that it will be...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection, as a cycle in the process could lead to a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also iterates through the maps via t...
Astra Linux – Vulnerability in Apache2
Apache HTTP Server versions 2.4.0 to 2.4.46: A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor can the Apache HTTP Server team have created such a report. However, certain compilers and/or compilation options...
Astra Linux – Vulnerability in Corosync
Corosync versions up to 3.1.9 suffer from a stack-based buffer overflow in the orftokenendianconvert function, in the exec/totemsrp.c file. This vulnerability exists when encryption is disabled or if the attacker knows the encryption key. The issue is caused by a large UDP packet...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Networks: Fixed a stack overflow issue when LRO is disabled for virtual interfaces. When the features of a virtual interface are updated, the updated features are synchronized with its underlying interfaces. This synchronization...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fixed a socket memory leak in the handling of TCP-AO failures for IPv6. When tcpaocopyallmatching fails in tcpv6synrecvsock, the function simply exits. This results in a memory leak: unreferenced object 0xffff0000281a820...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: Fixed a stack buffer overflow in hcilebigcreatesync. The function hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack, with 0x11 17 bytes of space for BIS entries...