461 matches found
CVE-2026-57074
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...
CVE-2026-57073
HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read. Note that t...
EUVD-2026-44966
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...
EUVD-2026-44965
HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read. Note that t...
perl-XML-LibXML security update
An update is available for perl-XML-LibXML. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module implements a Perl interface to the GNOME libxml2 library...
RLSA-2026:39553 Important: perl-XML-LibXML security update
This module implements a Perl interface to the GNOME libxml2 library which provides interfaces for parsing and manipulating XML files. This module allows Perl programmers to make use of the highly capable validating XML parser and the high performance DOM implementation. Security Fixes:...
Important: Red Hat Security Advisory: perl-XML-LibXML security update
An update for perl-XML-LibXML is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names
A flaw was found in XML::LibXML for Perl. A remote attacker could exploit this vulnerability when processing specially crafted XML node names containing incomplete UTF-8 character sequences. This can lead to an out-of-bounds read in heap memory, potentially causing the application to crash and...
Important: Red Hat Security Advisory: perl-XML-LibXML security update
An update for perl-XML-LibXML is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
aardvark-dns security update
An update is available for aardvark-dns. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Authoritative DNS server for A/AAAA container records Forwards other...
PT-2026-57295
Name of the Vulnerable Software and Affected Versions FreeRDP versions 3.21.0 through 3.27.0 Description FreeRDP clients using the GFX pipeline contain an incomplete fix in the planar decompress plane rle only function within libfreerdp/codec/planar.c. This allows a malicious RDP server to send a...
aardvark-dns security update
An update is available for aardvark-dns. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Authoritative DNS server for A/AAAA container records Forwards other...
kernel: smb/client: fix out-of-bounds read in smb2_compound_op()
A flaw was found in the Linux kernel's Server Message Block SMB client. A remote attacker, acting as a malicious SMB server, could send a specially crafted, truncated response with an oversized buffer length. This could lead to an out-of-bounds read in the smb2compoundop function, allowing the...
ALSA-2026:36782 Moderate: aardvark-dns security update
Authoritative DNS server for A/AAAA container records Forwards other request to configured resolvers. Read more about configuration in src/backend/mod.rs. Security Fixes: aardvark-dns: Aardvark-dns: Denial of Service via truncated TCP DNS query and connection reset CVE-2026-35406 For more details...
aardvark-dns: Aardvark-dns: Denial of Service via truncated TCP DNS query and connection reset
A flaw was found in aardvark-dns where a specially crafted TCP DNS query followed by a connection reset can trigger an infinite error loop, leading to 100% CPU usage and a denial of service. As aardvark-dns is only accessible via internal Podman networks, this issue can be exploited by a local...
Moderate: Red Hat Security Advisory: aardvark-dns security update
An update for aardvark-dns is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
kernel: smb/client: fix out-of-bounds read in smb2_compound_op()
A flaw was found in the Linux kernel's Server Message Block SMB client. A remote attacker, acting as a malicious SMB server, could send a specially crafted, truncated response with an oversized buffer length. This could lead to an out-of-bounds read in the smb2compoundop function, allowing the...
OESA-2026-2833 python-zeroconf security update
Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Security Fixes: readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against...
OPENSUSE-SU-2026:21076-1 Security update for giflib
This update for giflib fixes the following issue - CVE-2026-26740: heap out-of-bounds read when processing a specially crafted GIF file containing a GCE block with a truncated extension byte count bsc1259836...
CVE-2026-58058
Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...