MontaVista CVE List and Response
MontaVista continually monitors the security community and customers for threats. We follow the community on CVE scoring (NVD) and set fix priority accordingly for affected products. Please view the following CVEs that have been remediated or are in process by clicking the CVE Year to the left or use the CVE Filters below.
For inquiries regarding Security Vulnerabilities, please see our Vulnerability Response Policy or email our PSIRT team security@mvista.com. Email messages and attachments can be encrypted using PGP and a MontaVista PSIRT PGP key, which is available for download here.
| CVE | Score | Severity | Package | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-35334 |
7.5 (i)
| HIGH | strongswan | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | 2026-06-01 |
| CVE-2026-5419 |
3.7 (i)
| LOW | gnutls | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | 2026-05-30 |
| CVE-2026-42014 |
4.0 (i)
| MEDIUM | gnutls | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | 2026-05-30 |
| CVE-2026-5260 |
5.9 (i)
| MEDIUM | gnutls | A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure. | 2026-05-26 |
| CVE-2026-42015 |
6.1 (i)
| MEDIUM | gnutls | A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts. | 2026-05-26 |
| CVE-2026-42013 |
6.5 (i)
| MEDIUM | gnutls | A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks. | 2026-05-26 |
| CVE-2026-42012 |
6.5 (i)
| MEDIUM | gnutls | A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information. | 2026-05-26 |
| CVE-2026-8376 |
5.7 (i)
| MEDIUM | perl | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer.A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time. | 2026-05-26 |
| CVE-2026-46300 |
8.8 (i)
| HIGH | kernel | In the Linux kernel, the following vulnerability has been resolved:net: skbuff: preserve shared-frag marker during coalescingskb_try_coalesce() can attach paged frags from @from to @to. If @fromhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the sameexternally-owned or page-cache-backed frags, but the shared-frag markeris currently lost.That breaks the invariant relied on by later in-place writers. Inparticular, ESP input checks skb_has_shared_frag() before decidingwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCPreceive coalescing has moved shared frags into an unmarked skb, ESP cansee skb_has_shared_frag() as false and decrypt in place over page-cachebacked frags.Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers pagedfrags. The tailroom copy path does not need the marker because it copiesbytes into @to's linear data rather than transferring frag descriptors. | 2026-05-23 |
| CVE-2026-9256 |
8.1 (i)
| HIGH | nginx | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2026-05-22 |