libheif 信息泄露漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contained a vulnerability known as information leakage. This vulnerability occurred when decoding grid images, where tile regions that failed to...

CVE-2026-5265 Ovn: ovn: heap over-read in icmp error response generation

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

CVE-2026-5367

A flaw was found in OVN Open Virtual Network. A remote attacker, by sending crafted DHCPv6 Dynamic Host Configuration Protocol for IPv6 SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the...

DEBIAN-CVE-2026-5445

An out-of-bounds read vulnerability exists in the DecodeLookupTable function within DicomImageDecoder.cpp. The lookup-table decoding logic used for PALETTE COLOR images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002608 advisory. Linux Kernel version 3.18 to 4.16 incorrectly handles an SGIO ioctl on /dev/sg0 with dxferdirection=SGDXFERFROMDEV and an empty 6-byte cmdp. This may lead to copying...

EUVD-2017-14650

Malware in sbrugna...

EUVD-2011-1210

Malware in sbrugna...

EUVD-2024-54131

Malicious code in bioql PyPI...

CVE-2024-10838

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes ...

CVE-2024-10838

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes ...

CVE-2024-10838

CVE-2024-10838 — Concrete details : The vulnerability affects Eclipse Cyclone DDS (DDS) and is due to an integer underflow in the DDS_Security_Deserialize_ methods during deserialization, which can enable an unauthenticated attacker to read out-of-bounds heap memory. The impact per documents incl...

Cesanta Mongoose Web Server 安全漏洞

Cesanta Mongoose Web Server is a cross-platform embedded server and web library written in C from Cesanta Ireland. A security vulnerability exists in Cesanta Mongoose Web Server version v7.14, which stems from the presence of out-of-range pointer offsets, which could allow an attacker to send...

EUVD-2019-4123

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...

MGASA-2016-0094 Updated samba packages fix security vulnerabilities

Updated ldb and samba packages fix security vulnerabilities: A malicious client can send packets that cause the LDAP server in the samba daemon process to become unresponsive, preventing the server from servicing any other requests CVE-2015-3223. Versions of Samba from 3.0.0 to 4.3.2 inclusive ar...