11947 matches found
SUSE-SU-2026:1441-1 Security update for avahi
This update for avahi fixes the following issue: - CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record bsc1257235...
SUSE CVE-2026-30656
A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdpplicb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This resul...
Unity Linux 20.1070a Security Update: libpq (UTSA-2026-007266)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007266 advisory. Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocati...
CVE-2026-30656
A flaw was found in fio Flexible I/O Tester. A local user could exploit this vulnerability by providing a specially crafted job file that includes the fdppli option without an argument. This leads to a NULL pointer dereference, which occurs when the program attempts to access a memory location th...
EUVD-2026-23245
A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdpplicb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This resul...
CVE-2026-30656
A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdpplicb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This resul...
CLSA-2026-1776331045 binutils: Fix of 5 CVEs
CVE-2025-11082: fix heap buffer overflow in bfdelfparseehframe - CVE-2025-5244: fix NULL deref in elfgcsweep for empty SECGROUP - CVE-2025-5245: fix SEGV in debugtypesamep / debugwritetype - CVE-2025-7545: fix heap buffer issue in objcopy copysection - CVE-2025-7546: fix corrupted group section...
CVE-2026-30656
A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdpplicb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This resul...
CVE-2026-30656
A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdpplicb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This resul...
LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation
Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...
CVE-2026-30656
The CVE-2026-30656 entry affects fio (Flexible I/O Tester) v3.41. A NULL pointer dereference occurs when parsing job files that contain the fdp_pli option; the callback str_fdp_pli_cb() calls strdup() on a NULL input when the option is provided without an argument, causing a segmentation fault an...
CSLE: A Reinforcement Learning Platform for Autonomous Security Management
Reinforcement learning is a promising approach to autonomous and adaptive security management in networked systems. However, current reinforcement learning solutions for security management are mostly limited to simulation environments and it is unclear how they generalize to operational systems...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-007179)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007179 advisory. Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recove...
CLSA-2026-1776156000 binutils: Fix of 4 CVEs
CVE-2025-5244: fix NULL deref in elfgcsweep with empty groups - CVE-2025-5245: fix SEGV in debugtypesamep - CVE-2026-3441 CVE-2026-3442: fix out-of-bounds read in XCOFF relocation processing...
CVE-2026-22828
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large...
CVE-2026-22828
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large...
SUSE CVE-2019-20396
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lysparsepath parsing...
CVE-2026-33947
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...
CVE-2026-33947
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...