Advisory ROSA-SA-2026-3275

software: libssh 0.9.8 OS: ROSA-CHROME unaffected versions = libssh-0.9.8-4 affected versions libssh-0.9.8-4 CVE-ID: CVE-2026-3731 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A read outside allocated buffer vulnerability in the SFTP Extension Name Handler component of the libssh library allows a...

ROS-20260401-73-0016

A vulnerability in the pngdoquantize function of the pngrtran.c component of the PNG Libpng bitmap graphics library is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability may allow an attacker to gain access to confidential data and cause a denial of...

Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.150 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2023-53781: smc: Fix use-after-free in tcpwritetimerhandl...

CVE-2026-4371

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...

Advisory ROSA-SA-2026-3190

Software: libsndfile 1.0.28 OS: ROSA Virtualization 2.1 unaffected versions = libsndfile-1.0.28-16.0.2.rv3 affected versions libsndfile-1.0.28-16.0.2.rv3 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library is...

The vulnerability of the FortiOS operating systems, related to operations beyond the buffer in memory, allows attackers to execute arbitrary code or commands.

The vulnerability of the FortiOS operating systems is related to operations that occur outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands by sending specially crafted HTTP requests...

The vulnerability of the virglrenderer library for ChromeOS allows a hacker to gain unauthorized access to protected information.

The vulnerability of the virglrenderer library for ChromeOS relates to operations that occur outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using a specially created malicious file...

The vulnerability of MediaTek’s microprogramming software relates to the execution of operations outside of the buffer in memory, allowing attackers to exploit their privileges.

The vulnerability of MediaTek’s microprogramming software lies in the fact that operations are performed outside the buffer in memory when processing DA files. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the CSC (Client-Side Caching) service in Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the CSC Client-Side Caching service in Windows operating systems lies in the fact that operations are performed outside the buffer in memory. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside the buffer in memory. This allows attackers to bypass security restrictions and execute arbitrary code.

The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitrary code...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software, related to the occurrence of operations outside the buffer in memory, allows attackers to disclose protected information.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing functionality is related to the occurrence of operations outside the buffer during the processing of AcroForms forms. Exploiting this vulnerability can allow attackers to disclose sensitive information...

The vulnerability of microprogrammed software in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters allows a hacker to execute arbitrary code.

The vulnerability of the Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2020/Adobe Acrobat Reader 2020 involve an exploit where operations are performed outside the buffer in memory, allowing attackers to execute arbitrary code.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to the execution of operations beyond the buffer in memory. Exploiting these vulnerabilities can allow...

The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers allows a hacker to execute arbitrary code.

The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers involves reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of SiPass integrated software for security and access control systems arises from operations that go beyond the buffer in memory, allowing attackers to cause system failures.

The vulnerability of SiPass integrated software for security and access control systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the DDP microprogramming software-based wireless access points from D-Link, model DAP-2622, allows a intruder to execute any arbitrary code.

The vulnerability of the DDP microprogramming software used in D-Link DAP-2622 wireless access points lies in the fact that the execution of commands is carried out outside of the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the built-in software of the ARIS controller, related to reading data outside the buffer in memory, allows a intruder to perform a service failure.

The vulnerability of the built-in software of the ARIS controller is related to reading data outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to perform a service failure through a specially crafted request...

PT-2023-15026 · Arm · Arm Mali Gpu Kernel Driver

Name of the Vulnerable Software and Affected Versions: Arm Mali GPU Kernel Driver versions Valhall r29p0 through r41p0 Arm Mali GPU Kernel Driver versions Avalon r41p0 before r42p0 Description: An issue was discovered in the Arm Mali GPU Kernel Driver, allowing a non-privileged user to make...

The vulnerability of the AMD Secure Encrypted Virtualization (SEV) technology in microprogramming software for AMD processors allows attackers to disclose protected information.

The vulnerability of AMD Secure Encrypted Virtualization SEV microprogramming software for processors is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to disclose protected information...