5114 matches found
PT-2026-47106
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as...
PT-2026-43273
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A stack-based buffer overflow exists in the BGP NLRI Network Layer Reachability Information decoder. The function decode bgp subnet encoding ipv4 raw in src/bgp protocol.cpp rea...
PT-2026-46875
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516319578 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv 422sp to 420p ihevcd fmt conv ihevcd decode...
EUVD-2026-31745
A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...
PT-2026-46106
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515994900 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv ihevcd process thread start thread...
PT-2026-45894
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515832483 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv ihevcd decode ihevcd cxa api function...
DEBIAN-CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
UBUNTU-CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
EUVD-2026-31449
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
Incorrect Type Conversion or Cast
Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to the improper handling of crafted input data in the ed25519.PrivateKey component. An attacker can cause the client to panic by supplying malformed wire bytes. Remediation Upgrade...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to the improper handling of crafted input data in the ed25519.PrivateKey component. An attacker can cause the client to panic by supplying malformed wire bytes. Remediation Upgrade...
GO-2026-5026 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
SUSE CVE-2026-44070
An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from creating ed25519.PrivateKey by forced conversion of format-errorsed bytes in the...
CVE-2026-44070
A flaw was found in Netatalk. An attacker with low privileges could exploit an unbounded reallocation realloc vulnerability during charset conversion. This could lead to a Denial of Service DoS due to excessive memory consumption...
CVE-2026-44070
An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...
EUVD-2026-31217
An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...