CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

CVE-2026-0826

In CVE-2026-0826, the issue is a stack-based buffer overflow in the Poly Voice device parser for ICE SDP attributes. When ICE is enabled, parsing the a=candidate: line copies input into a 256-byte stack buffer without length checks, enabling crafted SDP to overflow and achieve unauthenticated rem...

CVE-2026-10259

A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has be...

Advisory ROSA-SA-2026-3313

Component: xz 5.2.9 OS: ROSA-CHROME Unaffected versions: = xz-5.2.9-2 Affected versions: xz-5.2.9-2 CVE-ID: CVE-2026-34743 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The buffer overflow vulnerability in XZ Utils allows an attacker to cause memory corruption by using the lzmaindexdecoder...

Advisory ROSA-SA-2026-3312

Software: ffmpeg 4.4.6 OS: ROSA-CHROME Unaffected versions: = ffmpeg-4.4.6-4 Affected versions: ffmpeg-4.4.6-4 CVE-ID: CVE-2026-40962 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability related to integer overflow in FFmpeg allows an attacker to execute write operations beyond the...

Advisory ROSA-SA-2026-3310

CVE-ID: CVE-2021-33454 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: Vulnerability related to the pointer manipulation in yasm version 1.3.0, within the function yasmexprgetintnum in libyasm/expr.c. CVE-STATUS: The vulnerability has been fixed. CVE-REVIEW: To address this vulnerability, execute...

Advisory ROSA-SA-2026-3303

Component: libpano13 2.9.20 OS: ROSA-CHROME Unaffected versions: = libpano13-2.9.20-4 Affected versions: libpano13-2.9.20-4 CVE-ID: CVE-2021-33293 BDU-ID: None CVE-Crit: CRITICAL CVE-DESCRIPTION: A vulnerability exists in Panorama Tools libpano13 v2.9.20, specifically in the panoParserFindOLine...

Advisory ROSA-SA-2026-3301

Component: libconfuse 3.3 Operating System: ROSA-CHROME Unaffected versions: = libconfuse-3.3-3 Affected versions: libconfuse-3.3-3 CVE-ID: CVE-2022-40320 BDU-ID: 2022-05795 CVE-Crit: LOW CVE-DESC.: The vulnerability in the cfgtildeexpand function of the configuration file parser library libConfu...

SUSE-SU-2026:21943-1 Security update for busybox

This update for busybox fixes the following issue - CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow in the DHCPv6 client bsc1263989...

UBUNTU-CVE-2026-10231

A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extractanimvalue of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be...

Advisory ROSA-SA-2026-3296

CVE-ID: CVE-2020-10809 BDU-ID: 2024-07119 CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in the Decompress function in the decompress.c file. This vulnerability is related to writing beyond the memory bounds. Exploitation of this vulnerability could allow an attacker to cause a service failure...

CVE-2026-10231 Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp extract_anim_value heap-based overflow

A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extractanimvalue of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be...

EUVD-2026-33563

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::readanimations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

CVE-2026-10230

Assimp up to 6.0.4 contains a heap-based buffer overflow in the Half-Life 1 MDL Loader, specifically in HL1MDLLoader::read_animations (HL1MDLLoader.cpp). The vulnerability is local in scope and can be triggered by manipulating the affected MDL data. Public PoC exploit is referenced in the CVE rec...

Windows Server 2003 & IIS 6.0 - Remote Code Execution

Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If http://" in a PROPFIND...

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

CVE-2026-10206

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used...

PT-2026-45604

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45636

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation...

PT-2026-45599

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description An integer overflow in the l2c fcr clone buf function of l2c fcr.cc allows for controlled heap corruption within the privileged Bluetooth process. This issue can lead to local escalati...