EUVD-2026-15151

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service...

PT-2026-27582

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory...

PT-2026-27595

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service...

Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.173 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2023-53781: smc: Fix use-after-free in tcpwritetimerhandl...

PT-2026-27561

Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.5 macOS versions prior to 14.8.5 macOS versions prior to 26.4 Description An issue involving an out-of-bounds write was identified and addressed through improved bounds checking. This flaw could potentially allow a...

PT-2026-27606

Name of the Vulnerable Software and Affected Versions Xcode versions prior to 26.4 Description An out-of-bounds read issue was identified and addressed through improved bounds checking. This flaw could allow an application to trigger unexpected system termination. Recommendations Update to Xcode...

About the security content of visionOS 26.4

About the security content of visionOS 26.4 This document describes the security content of visionOS 26.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

PT-2026-27567

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sequoia 15.7.5 macOS versions prior to Sonoma 14.8.5 macOS versions prior to Tahoe 26.4 Description An out-of-bounds read issue existed due to insufficient bounds checking. This could allow an application to disclose...

capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

CLSA-2026-1774017701 postgresql: Fix of CVE-2026-2006

CVE-2026-2006: fix missing validation of multibyte character length in text manipulation; add proper length checks and bounds validation; prevent crafted queries from triggering buffer overrun and enabling arbitrary code execution...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : libssh vulnerability (USN-8093-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8093-1 advisory. It was discovered that libssh incorrectly performed bounds checking when processing SFTP extensions. If a...

USN-8093-1 libssh vulnerability

It was discovered that libssh incorrectly performed bounds checking when processing SFTP extensions. If a client application queried extension data out of bounds, it could cause the application to crash, resulting in a denial of service, or exhibit unintended behavior...

CVE-2026-31806

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. In affected versions the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read...

Google Pixel 安全漏洞

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability, which stems from incorrect bounds checking, leading to out-of-bounds write-ups and potentially allowing for remote code execution...

Google Pixel 安全漏洞

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability, which stems from incorrect bounds checking, leading to out-of-bounds write-ups and potentially allowing for remote code execution...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : GIMP vulnerabilities (USN-8075-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8075-1 advisory. Michael Randrianantenaina discovered that calculating the linear size of a DDS file could overflow on...

USN-8075-1: GIMP vulnerabilities

Michael Randrianantenaina discovered that calculating the linear size of a DDS file could overflow on 32-bit systems. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005511)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005511 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2xattrfindentry Add a paranoia check to make sure it doesn't...

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.

...