SUSE CVE-2026-50259

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...

CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...

CVE-2026-50259

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...

EUVD-2026-34814

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...

EUVD-2026-33944

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...

ANT-2026-HN9XZXJ9 · freerdp · heap

heap-buffer-overflow medium GHSA-mpxh-8fq3-x8mh GHSA-mvpx-xj7r-3p3r GHSA-p6r2-4hgm-m6ff Severity Claude critical · Security research firm medium · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by...

BIT-TENSORFLOW-2021-29558 Heap buffer overflow in `SparseSplit`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

PYSEC-2021-486

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

PT-2021-18309 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: An attacker can cause a heap buffer overflow in tf.raw ops.SparseSplit because the...

Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728 External Method 36 of IOUSBInterfaceUserClient is AbortStreamPipe. It takes two scalar inputs and uses the second one as an array index to read a pointer to a C++ object without checking the bounds then calls a virtual method...