CVE-2026-33666

Zserio has a vulnerability in BitStreamReader.h readBytes()/readString() prior to 2.18.1 where setBitPosition() bounds checking can be bypassed on overflow, causing the code to read a large len (up to 512 MB) from a very small buffer and trigger a segmentation fault. The issue is fixed in 2.18.1....

EUVD-2026-25593

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes / readString, the setBitPosition bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes 512 MB fr...

CVE-2026-33666 Zserio: Integer Overflow in BitStreamReader on 32-bit platforms

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes / readString, the setBitPosition bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes 512 MB fr...

PT-2026-35056

Name of the Vulnerable Software and Affected Versions Zserio versions prior to 2.18.1 Description An issue exists in the readBytes and readString functions within BitStreamReader.h where the setBitPosition bounds check receives an overflowed value and is bypassed. This allows the system to attemp...

zserio 输入验证错误漏洞

Zserio is an open-source framework for efficiently serializing structured data by Navigation Data Standard e.V. Versions of Zserio prior to 2.18.1 contained a vulnerability related to input validation errors. This vulnerability occurred due to the setBitPosition boundary check in the...

SUSE CVE-2026-6844

A flaw was found in the readelf utility of the binutils package. A local attacker could exploit two Denial of Service DoS vulnerabilities by providing a specially crafted Executable and Linkable Format ELF file. One vulnerability, a resource exhaustion CWE-400, can lead to an out-of-memory...

PT-2026-34742

Name of the Vulnerable Software and Affected Versions Carlson VASCO-B GNSS Receiver affected versions not specified Description The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism. This allows an attacker with network access to directly access and modify its configuration and...

EUVD-2026-24710

A flaw was found in the readelf utility of the binutils package. A local attacker could exploit two Denial of Service DoS vulnerabilities by providing a specially crafted Executable and Linkable Format ELF file. One vulnerability, a resource exhaustion CWE-400, can lead to an out-of-memory...

EUVD-2026-24708

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

CVE-2026-6843

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

CVE-2026-6844

A flaw was found in the readelf utility of the binutils package. A local attacker could exploit two Denial of Service DoS vulnerabilities by providing a specially crafted Executable and Linkable Format ELF file. One vulnerability, a resource exhaustion CWE-400, can lead to an out-of-memory...

CVE-2026-6844

A flaw was found in the readelf utility of the binutils package. A local attacker could exploit two Denial of Service DoS vulnerabilities by providing a specially crafted Executable and Linkable Format ELF file. One vulnerability, a resource exhaustion CWE-400, can lead to an out-of-memory...

CVE-2026-6844 Binutils: binutils: denial of service vulnerabilities in readelf via crafted elf files

A flaw was found in the readelf utility of the binutils package. A local attacker could exploit two Denial of Service DoS vulnerabilities by providing a specially crafted Executable and Linkable Format ELF file. One vulnerability, a resource exhaustion CWE-400, can lead to an out-of-memory...

CVE-2026-6843

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

PT-2026-34312

Name of the Vulnerable Software and Affected Versions nano affected versions not specified Description A local user can cause a Denial of Service in the application by exploiting a format string flaw in the statusline function. This occurs when the application attempts to display a directory name...

Denial-Of-Service (DoS)

libxmljs is vulnerable to a segmentation fault leading to denial-of-service DoS. The vulnerability is due to improper handling of the internal ref property in entityref and entitydecl nodes when parsing specially crafted XML documents, which allows an attacker to trigger a crash by supplying...

JLSEC-2026-158

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...

JLSEC-2026-157

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

EUVD-2026-23460

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14,, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

Security update for avahi

This update for avahi fixes the following issue: CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record bsc1257235. Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...