RHEL 9 : php:8.2 (RHSA-2026:1187)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1187 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in...

ROS-20260126-73-0036

A vulnerability in the f2fs component of the Linux operating system kernel is related to unchecked array indexing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-24404 iccDEV has Null Pointer Deference and Undefined Behavior in CIccXmlArrayType()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely...

iccDEV security vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained security vulnerabilities. These vulnerabilities were caused by empty pointer dereferencing and undefined behaviors in CIccXmlArrayType, which...

SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2026:0245-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0245-1 advisory. Security fixes: - CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element count of packed arrays...

CLSA-2026-1769164564 php: Fix of CVE-2025-14178

CVE-2025-14178: fix heap buffer overflow in arraymerge by preventing integer overflow in precomputation of element counts...

CLSA-2026-1769164237 php: Fix of CVE-2025-14178

CVE-2025-14178: fix heap buffer overflow in arraymerge by correcting integer overflow in precomputation of element counts using zendhashnumelements...

SUSE CVE-2026-23957

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing...

Security update for php7

This update for php7 fixes the following issues: Security fixes: CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE bsc1255711. Other fixes: Add all php7 packages to PackageHUB unsupported, no source changes...

EUVD-2026-3668

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing...

CVE-2026-23957

Summary (CVE-2026-23957) : The vulnerability affects the Seroval library, where an attacker can cause notably increased processing time during deserialization by overriding encoded array lengths with an excessively large value. This leads to a Denial of Service condition for versions 1.4.0 and ea...

CVE-2026-23957 seroval is vulnerable to Denial of Service via array serialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing...

CVE-2026-23957 seroval is vulnerable to Denial of Service via array serialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56665)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56665 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid progarray access i...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38183)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38183 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of- boun...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37857)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37857 advisory. - In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in stsetup...

Seroval security vulnerabilities

Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the handling of overly large array length values during deserialization, which can significantly increase processing time...

PT-2026-3920

Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46859)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46859 advisory. - In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF...

Seroval affected by Denial of Service via Array serialization

Overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing time. Mitigation: Seroval no longer encodes array lengths. Instead, it computes length using Array.prototype.length during deserialization...