K000160822: Perl vulnerability CVE-2026-4177

Security Advisory Description YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could rea...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007183)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007183 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in freerdpimagecopyfromicondata libfreerdp/codec/color.c...

CVE-2026-26184

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

EUVD-2026-22430

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-26184

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-26169

Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally...

Windows Projected File System Elevation of Privilege Vulnerability

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

UBUNTU-CVE-2026-33999

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

ROS-20260414-73-0032

A vulnerability in the brcmfgetassocies function in the drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c module of the Broadcom wireless adapter driver of the Linux operating system kernel is related to reading beyond buffer boundaries. Exploitation of the vulnerability could allow an...

ROS-20260414-73-0038

A vulnerability in the dbMount function in the fs/jfs/jfsdmap.c module of the JFS file system of the Linux operating system kernel is related to reading beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker to gain access to protected information or cause a denial of...

PT-2026-32746

🪟 CVE-2026-26169 is basically Microsoft saying “trust us, but we’re also grading our certainty.” The confidence level matters more than the drama—patch accordingly, don’t vibes-only it. https://t.co/uG2R89X9Vj WindowsKernel InformationDisclosure SecurityUpdateGuide...

CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

OPENSUSE-SU-2026:20512-1 Security update for pcre2

This update for pcre2 fixes the following issue: - CVE-2025-58050: integer overflow leads to heap buffer overread in matchref due to missing boundary restoration in SCS bsc1248842...

SUSE-SU-2026:21094-1 Security update for pcre2

This update for pcre2 fixes the following issue: - CVE-2025-58050: integer overflow leads to heap buffer overread in matchref due to missing boundary restoration in SCS bsc1248842...

EUVD-2026-21218

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read in the MatchDomainName function during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. An attacker can cause a crash by supplying a crafted hostname that exhausts the entire string, resulting ...

CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

DEBIAN-CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...