SUSE-SU-2026:1398-1 Security update for freerdp

This update for freerdp fixes the following issues: Security fixes: - CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing bsc1258979. - CVE-2026-26955: Out-of-bounds Write in freerdp bsc1258982. - CVE-2026-26965: Out-of-bounds Write in freerdp bsc1258985. - CVE-2026-31806: improper...

K000160822: Perl vulnerability CVE-2026-4177

Security Advisory Description YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could rea...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007183)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007183 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in freerdpimagecopyfromicondata libfreerdp/codec/color.c...

CVE-2026-26184

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

EUVD-2026-22430

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-26184

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-26169

Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally...

Windows Projected File System Elevation of Privilege Vulnerability

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

PT-2026-32746

Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description A buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose sensitive information locally, which may affect the system. A buffer over-read occurs when a progr...

ROS-20260414-73-0038

A vulnerability in the dbMount function in the fs/jfs/jfsdmap.c module of the JFS file system of the Linux operating system kernel is related to reading beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker to gain access to protected information or cause a denial of...

UBUNTU-CVE-2026-33999

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

ROS-20260414-73-0032

A vulnerability in the brcmfgetassocies function in the drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c module of the Broadcom wireless adapter driver of the Linux operating system kernel is related to reading beyond buffer boundaries. Exploitation of the vulnerability could allow an...

CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

OPENSUSE-SU-2026:20512-1 Security update for pcre2

This update for pcre2 fixes the following issue: - CVE-2025-58050: integer overflow leads to heap buffer overread in matchref due to missing boundary restoration in SCS bsc1248842...

SUSE-SU-2026:21094-1 Security update for pcre2

This update for pcre2 fixes the following issue: - CVE-2025-58050: integer overflow leads to heap buffer overread in matchref due to missing boundary restoration in SCS bsc1248842...

EUVD-2026-21218

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read in the MatchDomainName function during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. An attacker can cause a crash by supplying a crafted hostname that exhausts the entire string, resulting ...

DEBIAN-CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...