PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. PJSIP versions 2.16 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010956)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010956 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stac...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-006985)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006985 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to rcuirqenterchecktick being kprobe-ed Registering a kprobe on...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011085)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011085 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6miditransmit Correctly calculate available space includin...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-011338)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011338 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011400)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011400 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to rcuirqenterchecktick being kprobe-ed Registering a kprobe on...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012960)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012960 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stac...

Security update for freeipmi (important)

openSUSE security update: security update for freeipmi ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20556-1 Rating: important References: bsc1260414 Cross-References: CVE-2026-33554 CVSS scores: CVE-2026-33554 SUSE : 7.6...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40324

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

JLSEC-2026-154

Stack overflow in the parsetag function in libass/assparse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file...

CVE-2026-26951

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this...

CVE-2026-26951

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this...

CVE-2026-26951

CVE-2026-26951 affects Dell PowerProtect Data Domain. The advisory states a stack-based buffer overflow in the product affecting: 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. The vulnerability could be exploited by a high-privilege attacker with local access to achieve a...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. CVE-2026-28494: missing bounds checks in the morphology...

SUSE-SU-2026:1497-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds checks in the...

Security update for opensc

This update for opensc fixes the following issues: CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds heap...

SUSE-SU-2026:1477-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. - CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds he...

EUVD-2026-23786

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...

curl: Stack exhaustion in MIME multipart reading with deeply nested subparts

Summary: The MIME read path uses mutually recursive helpers for nested multipart structures without enforcing a recursion depth limit. A sufficiently deep tree of nested curlmimesubparts objects causes stack exhaustion when libcurl starts reading the MIME body. The attached PoC builds a deeply...