47 matches found
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algorithms and encapsulation structures. When copying data to user-space, we must ensure that only valid data is copied. Padding in structures may be filled with random possibly sensitive data and...
SUSE CVE-2026-45191
Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...
EUVD-2026-28999
Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...
CVE-2026-45191
Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...
EUVD-2026-26639
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndiscrauseropt to initialize nduseroptpadX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTMNEWNDUSEROPT netlink message. The nduseroptms...
DEBIAN-CVE-2026-31671
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...
CVE-2026-31671 xfrm_user: fix info leak in build_report()
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...
PT-2026-35023
In the Linux kernel, the following vulnerability has been resolved: xfrm user: fix info leak in build report struct xfrm user report is a u8 proto field followed by a struct xfrm selector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to...
GHSA-95H2-GJ7X-GX9W Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()
EVIDENCE | Disclosed to Vercel H1 | 2026-03-22 no response after 12 days | | Cross-reported here | 2026-04-03 | --- Summary useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol functio...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006613)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006613 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure...
GHSA-G2P6-HH5V-7HFM Poseidon V1 variable-length input collision via implicit zero-padding
Impact Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ..., mk, 0 because both produce identical pre-permutation states. This affects any use of PoseidonSpong...
Poseidon V1 variable-length input collision via implicit zero-padding
Impact Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ..., mk, 0 because both produce identical pre-permutation states. This affects any use of PoseidonSpong...
CVE-2026-32129 Poseidon V1 variable-length input collision via implicit zero-padding
soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......
CVE-2026-32129
The CVE-2026-32129 entry concerns soroban-poseidon PoseidonSponge (Poseidon V1) used in Soroban smart contracts. It states that PoseidonSponge accepts variable-length inputs without injective padding, and when inputs.len() k yields the same pre-permutation state as hashing [m1,...,mk,0], making ...
CVE-2026-32129 Poseidon V1 variable-length input collision via implicit zero-padding
soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......
PT-2026-25033
soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......
CVE-2025-40279
In the Linux kernel, the following vulnerability has been resolved: net: sched: actconnmark: initialize struct tcife to fix kernel leak In tcfconnmarkdump, the variable 'opt' was partially initialized using a designatied initializer. While the padding bytes are reamined uninitialized. nlaput copi...
SUSE CVE-2023-53684
In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random possibly sensitve data and should never be give...
CVE-2023-53684
In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random possibly sensitve data and should never be give...
UBUNTU-CVE-2023-53684
In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random possibly sensitve data and should never be give...