capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

LibRaw security update

An update is available for LibRaw. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibRaw is a library for reading RAW files obtained from digital photo cameras...

RLSA-2026:13284 Important: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: LibRaw: Memory Corruption via Malicious File Processing CVE-2026-24660 LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG...

PT-2026-37816

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux parse theora extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...

RHEL 9 : firefox (RHSA-2026:13922)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13922 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libpng:...

RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:4089)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4089 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

RockyLinux 9 : golang (RLSA-2026:10219)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10219 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...

RockyLinux 8 : go-toolset:rhel8 (RLSA-2026:10704)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10704 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...

PT-2026-37984

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

PT-2026-38276

Name of the Vulnerable Software and Affected Versions JupyterLab versions prior to 4.5.7 Jupyter Notebook versions prior to 7.5.6 Description The HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements. Because CommandLinker listens for all click events...

PT-2026-37775

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

AlmaLinux 10 : systemd (ALSA-2026:13651)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:13651 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description blo...

RHEL 10 : golang (RHSA-2026:10217)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10217 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow...

Google Android ADB Authentication Bypass Vulnerability

Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...

PT-2026-37648

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection affected versions not specified Description Insufficient validation of user-supplied input in the web-based management interface allows an authenticated remote attacker to execute arbitrary code as root. This is achieved...

PT-2026-37778

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution...

Cisco Unity Connection（UC） 安全漏洞

Cisco Unity Connection UC is a voice messaging platform developed by the American company Cisco. This platform allows users to make calls or listen to voic messages using voice commands. There is a security vulnerability in Cisco Unity Connection UC, which stems from insufficient user input...

PT-2026-37776

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...

PT-2026-38023

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux parse theora extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...

PT-2026-37982

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...