CVE-2026-53172

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value of 127. However regionsize and outputregion in struct...

CVE-2026-53172

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value of 127. However regionsize and outputregion in struct...

CVE-2026-53172

The CVE-2026-53172 issue in the Linux kernel’s accel/ethosu component is a local-privilege/heap corruption flaw caused by an incorrect mask (0x7f) when processing NPU_SET_IFM_REGION. This allows a userspace caller to supply a region index > 7, writing up to 1016 bytes past the start of region_...

CVE-2026-53172 accel/ethosu: fix IFM region index out-of-bounds in command stream parser

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value of 127. However regionsize and outputregion in struct...

PT-2026-49279

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A heap buffer overflow occurs in the Opus audio stream parser component. This issue allows attackers to cause a Denial of Service DoS, which is a condition where a system or service becomes unavailable to it...

SUSE CVE-2026-46102

In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skbhead leak in strpabortstrp When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp-skbhead. That skb is not...

CVE-2026-46102

A flaw was found in the Linux kernel's network stream parser. This vulnerability occurs when the stream parser is unexpectedly stopped, such as during a message assembly timeout. A partially processed network message is not properly released from memory, leading to a memory leak. An attacker coul...

UBUNTU-CVE-2026-45979

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: clean up the amdgpucsparserbos In low memory conditions, kmalloc can fail. In such conditions unlock the mutex for a clean exit. We do not need to amdgpubolistput as it's been handled in the amdgpucsparserfini...

UBUNTU-CVE-2026-46102

In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skbhead leak in strpabortstrp When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp-skbhead. That skb is not...

CVE-2026-46102 net: strparser: fix skb_head leak in strp_abort_strp()

In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skbhead leak in strpabortstrp When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp-skbhead. That skb is not...

EUVD-2026-32485

In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skbhead leak in strpabortstrp When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp-skbhead. That skb is not...

Linux Distros Unpatched Vulnerability : CVE-2026-46102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: strparser: fix skbhead leak in strpabortstrp When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference...

CVE-2026-29975

CVE-2026-29975 affects lwjson 1.8.1. The vulnerability is in the streaming JSON parser (lwjson_stream.c): end-of-string detection incorrectly checks only the immediately preceding character for escapes, instead of counting consecutive backslashes. This can cause valid JSON strings ending with an ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unassociated device during PPP transport, which could result in a stream parser warning...

OESA-2025-2347 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: A vulnerability was found in Apache James MIME4J up to 0.8.8. It has been rated as problematic.Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have...

CVE-2023-22291

An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

CVE-2023-38128

An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger...