squid: Fix of 3 CVEs

CVE-2019-12521: fix ESI parser off-by-one heap overflow by enforcing a stack-depth limit and throwing on overflow - CVE-2019-12524 already addressed by the CVE-2019-12520 backport same fix upstream; see Squid advisory SQUID-2019:4...

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.8.0 to 4.14.4 contained security vulnerabilities. These...

CVE-2026-36837

CVE-2026-36837 affects TOTOLINK A3002RU V3

PT-2026-35947

Name of the Vulnerable Software and Affected Versions SonicOS affected versions not specified Description A post-authentication stack-based buffer overflow allows a remote attacker to crash a firewall. A stack-based buffer overflow occurs when a program writes more data to a buffer located on the...

FreeBSD-SA-26:14.pf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:14.pf Security Advisory The FreeBSD Project Topic: pf can overflow the stack parsing crafted SCTP packets Category: core Module: pf Announced: 2026-04-29...

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

PT-2026-36009

Name of the Vulnerable Software and Affected Versions FreeBSD dhclient affected versions not specified Description The FreeBSD DHCP client fails to escape embedded double-quotes when writing the BOOTP file field to the lease file. This allows a rogue DHCP server on the same network to inject...

FreeBSD-SA-26:16.libnv

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:16.libnv Security Advisory The FreeBSD Project Topic: Stack overflow via select file descriptor set overflow Category: core Module: libnv Announced:...

TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU is a wireless router product from TOTOLINK Corporation. Versions of TOTOLINK A3002RU such as V3.0.0-B20220304.1804 and earlier contain security vulnerabilities. These vulnerabilities stem from a stack-based buffer overflow vulnerability in the hostname parameter within the...

PT-2026-36011

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

PT-2026-35922

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU V3 versions prior to V3.0.0-B20220304.1804 Description A stack-based buffer overflow exists in the formMapDelDevice function. This issue occurs via the hostname parameter. A stack-based buffer overflow is a condition where a...

Unity Linux 20.1070e Security Update: binutils (UTSA-2026-015467)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015467 advisory. A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c...

PT-2026-36008

Name of the Vulnerable Software and Affected Versions libnv affected versions not specified Description When exchanging data over a socket, the software uses the select function to wait for data. It fails to verify if the provided socket descriptor exceeds the file descriptor set size limit of FD...

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWALL SonicOS, which stems from a stack buffer overflow issue after authentication. This vulnerability may allow...

Allok Video Converter 安全漏洞

Allok Video Converter is a video encoding tool developed by Allok Corporation. Version 2.6.1217 of Allok Video Converter contains a security vulnerability. This vulnerability stems from a stack-based buffer overflow issue, which could allow local attackers to overwrite execution code by triggerin...

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

PT-2026-36010

Name of the Vulnerable Software and Affected Versions dhclient affected versions not specified Description When building an environment to pass to dhclient-script, the software may resize the array of string pointers. The code responsible for expanding this array incorrectly calculates the new...

FreeBSD Security Advisory - FreeBSD-SA-26:14.pf

FreeBSD Security Advisory - Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic...

PT-2026-36007

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description When processing the header of an incoming message, libnv fails to properly validate the message size. This lack of validation allows a malicious program to write outside the bounds of a heap...

EUVD-2026-26230

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...