TencentOS Server 4: xorg-x11-server (TSSA-2026:0399)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0399 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2026-8541

Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from the QMD backend’s memoryget function, which allowed arbitrary file reading, potentially enabling caller...

CVE-2026-5907

Chromium/Google Chrome vulnerability CVE-2026-5907 involves insufficient data validation in the Media component, allowing out-of-bounds memory read via a crafted video file. Affected: Chromium/Chrome up to version 147.0.7727.55 (Chrome stable release). Public-branch disclosures in multiple adviso...

Linux Distros Unpatched Vulnerability : CVE-2026-5282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML...

PT-2026-4631

📱Critical Bluetooth vulnerability CVE-2025-13834 disclosed! This RFCOMM flaw is a "Bluetooth Heartbleed" allowing unauthenticated memory read on 2.8B devices via a single malformed packet. https://t.co/7tYyP9ixpK cybersecurity infosec CVE Bluetooth vulnerability...

MiracleLinux 7 : krb5-1.15.1-55.0.1.el7.AXS7 (AXSA:2024-8882:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8882:05 advisory. CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap token to avoid appearing truncated to application CVE-2024-37371: fix...

Security Bulletin: TSSC/IMC is vulnerable to an Out-of-bounds Read

Summary TSSC/IMC is vulnerable to an Out-of-bounds Read. A patch was released to update the libssh package. Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function...

PT-2025-43004

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.12 and 7.2.2 Description An issue exists in the qemuFwCfgMmioRead function within the Box/Devices/PC/DevQemuFwCfg.cpp component of Oracle VM VirtualBox. This relates to an integer overflow condition...

JLSEC-2025-72 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414425)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414425 advisory. An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpftailcall function with a key larger than the maxentries of...

TencentOS Server 2: kernel (TSSA-2024:1031)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1031 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

The vulnerability of the AirDrop wireless data transmission component allows a perpetrator to gain unauthorized access to protected information on operating systems such as iPadOS, iOS, tvOS, and MacOS.

The vulnerability of the AirDrop wireless data transmission component in operating systems such as iPadOS, iOS, tvOS, and MacOS lies in the reading of data beyond the allowed range in memory. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the CoreText component in iPadOS, iOS, tvOS, and MacOS operating systems allows attackers to gain unauthorized access to protected information.

The vulnerability of the CoreText component in iPadOS, iOS, tvOS, and MacOS operating systems relates to reading data beyond the permitted range of memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources

A vulnerability was found in the Linux kernel's USB Audio driver. This flaw can allow an attacker with physical access to the system to use a malicious USB device to gain additional access. This is possible by reading arbitrary system memory...

Azure Linux 3.0 Security Update: hyperv-daemons / kernel (CVE-2024-0565)

The version of hyperv-daemons / kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0565 advisory. - An out-of-bounds memory read flaw was found in receiveencryptedstandard in...

CVE-2024-27528

wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution...

kernel: use-after-free in read in vt_do_kdgkb_ioctl

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality...

kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client

An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...

SUSE-SU-2024:1312-1 Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-1504002463 fixes several issues. The following security issues were fixed: - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receiveencryptedstandard in fs/smb/client/smb2ops.c bsc1219078. - CVE-2023-42753: Fixed an array indexing vulnerability i...