CVE-2026-10047 Out-of-bounds write in Napoca real-mode hook handler via guest-controlled SS:SP (VA-13905)

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...

CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Ipados

No d...

CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

CLSA-2026-1778260679 vim: Fix of 7 CVEs

CVE-2021-3875: fix mlget error after search with range; clamp ea-line2 to the buffer length in getaddress so out-of-range addresses do not produce an out-of-bounds read exdocmd.c, upstream patch 8.2.3489 - CVE-2022-4293: fix crash when dividing the largest negative integer by -1 in numdivide;...

PT-2026-37606

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the GHES/CPER logic of the Linux kernel regarding the handling of ARM processor CPER records. The system fails to detect when the section length is excessively large. ...

Astra Linux - уязвимость в open-iscsi

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by...

php: Fix of 4 CVEs

CVE-2018-14883: fix integer overflow leading to heap buffer overflow in exifthumbnailextract - CVE-2019-19246: fix heap buffer overflow in oniguruma strlowercasematch - CVE-2018-19518: disable imap rsh/ssh by default to prevent argument injection imap.enableinsecurersh INI added - CVE-2018-20783:...

CVE-2026-31708 smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2ioctlqueryinfo QUERYINFO path smb2ioctlqueryinfo has two response-copy branches: PASSTHRUFSCTL and the default QUERYINFO path. The QUERYINFO branch clamps qi.inputbufferlength to the server-report...

JLSEC-2026-288 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo...

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0...

CVE-2026-41907

The CVE affects the uuid implementation used to create RFC9562 UUIDs. Prior to version 14.0.0, v3, v5, and v6 allow silent partial writes by accepting external output buffers without rejecting out-of-range writes (small buffers or large offsets), enabling potential corruption of caller-provided b...

CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided

uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes small buf or large offset. This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0...

CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided

uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes small buf or large offset. This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0...

EUVD-2026-25515

In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digitalinrecvsddres appends 3 or 4 bytes to target-nfcid1 on each round, but the number of cascade rounds is controlled...

GHSA-QMQ6-F8PR-CX5X Duplicate Advisory: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5hq-g745-h8pq. This link is maintained to preserve external references. Original Advisory uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6...

Duplicate Advisory: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5hq-g745-h8pq. This link is maintained to preserve external references. Original Advisory uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6...

GHSA-W5HQ-G745-H8PQ uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Summary The v3, v5, and v6 API methods not uuid release versions accept external output buffers but do not reject out-of-range writes small buf or large offset. By contrast, v4, v1, and v7 API methods explicitly throw RangeError on invalid bounds. This inconsistency allows silent partial writes...

uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Summary The v3, v5, and v6 API methods not uuid release versions accept external output buffers but do not reject out-of-range writes small buf or large offset. By contrast, v4, v1, and v7 API methods explicitly throw RangeError on invalid bounds. This inconsistency allows silent partial writes...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006988)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006988 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow The function...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006895)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006895 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usbparsessendpointcompanion...