5779 matches found
SUSE-SU-2026:0689-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2025-32049: denial of Service attack to websocket server bsc1240751. - CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources bsc1258120. - CVE-2026-2443: out-of-bounds read when processing specially...
EUVD-2026-8988
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...
AZL-79502 CVE-2026-28364 affecting package ocaml 4.13.1-2
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...
CVE-2026-28364
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...
CVE-2026-28364
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...
CVE-2026-28364
CVE-2026-28364 affects OCaml runtimes prior to 4.14.3 and 5.x prior to 5.4.1. The issue is a buffer over-read in Marshal deserialization (runtime/intern.c) caused by missing bounds validation in readblock(), which uses unbounded memcpy() calls with attacker-controlled lengths from crafted Marshal...
CVE-2026-28364
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...
CVE-2026-28364
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...
EUVD-2026-8867
Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payloadsize value less than 2 can cause a sizet underflow when computing the number of bytes to copy nbytes. The...
SUSE-SU-2026:0658-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2025-32049: denial of Service attack to websocket server bsc1240751. - CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources bsc1258120. - CVE-2026-2443: out-of-bounds read when processing specially...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-32049: denial of Service attack to websocket server bsc1240751. CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources bsc1258120. CVE-2026-2443: out-of-bounds read when processing specially crafted...
Security update for libsoup2
This update for libsoup2 fixes the following issues: CVE-2025-32049: denial of Service attack to websocket server bsc1240751. CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources bsc1258120. CVE-2026-2443: out-of-bounds read when processing specially crafted...
SUSE-SU-2026:0657-1 Security update for libsoup2
This update for libsoup2 fixes the following issues: - CVE-2025-32049: denial of Service attack to websocket server bsc1240751. - CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources bsc1258120. - CVE-2026-2443: out-of-bounds read when processing specially...
CVE-2026-27798
A flaw was found in ImageMagick. A local user could exploit a heap buffer over-read vulnerability by processing a specially crafted image with small dimensions using the -wavelet-denoise operator. This vulnerability may lead to the disclosure of sensitive information. Mitigation To reduce exposur...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
Summary There are multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows. All platforms are affected, and all previous versions may also be affected. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: In Eclipse OpenJ9 release versions prior to 0.44...
CVE-2026-27798
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the -wavelet-denoise operator. Versions 7.1.2-15 and 6.9.13-40...
CVE-2026-26271
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in freerdpimagecopyfromicondata libfreerdp/codec/color.c can be triggered by crafted RDP Window Icon TSICONINFO data. The bug is reachable over the network when a client processes icon data...
CVE-2026-26271
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in freerdpimagecopyfromicondata libfreerdp/codec/color.c can be triggered by crafted RDP Window Icon TSICONINFO data. The bug is reachable over the network when a client processes icon data...
UBUNTU-CVE-2026-26271
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in freerdpimagecopyfromicondata libfreerdp/codec/color.c can be triggered by crafted RDP Window Icon TSICONINFO data. The bug is reachable over the network when a client processes icon data...
CVE-2026-26271
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in freerdpimagecopyfromicondata libfreerdp/codec/color.c can be triggered by crafted RDP Window Icon TSICONINFO data. The bug is reachable over the network when a client processes icon data...