Unity Linux 20.1060e / 20.1070e Security Update: cryptacular (UTSA-2026-016656)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016656 advisory. CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode...

CVE-2026-44637

CVE-2026-44637 affects libsixel (SIXEL encoder/decoder). A signed integer overflow in the parser’s image-buffer doubling loop (sixel_decode_raw_impl) occurs as context->pos_x is incremented by repeat_count with no upper bound check. When pos_x nears INT_MAX, pos_x + repeat_count overflows sign...

PT-2026-41033

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixel decode raw impl. context-pos x grows by repeat count on every sixel characte...

UBUNTU-CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function. An attacker can exhaust memory and CPU resources and cause a server crash by sending a specially crafted HTTP request containing highly compressed...

ROS-20260209-73-0007

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...

ROS-20260209-73-0008

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...

ROS-20260209-73-0006

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...

CVE-2025-62348

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

CVE-2019-16351

ffjpeg before 2019-08-18 has a NULL pointer dereference in huffmandecodestep at huffman.c...

EUVD-2013-1780

Malware in sbrugna...

CVE-2025-8760

A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64decode of the component fcgiserver. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely...

PT-2025-28444 · Qualcomm · Snapdragon +7

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to memory corruption that occurs when executing a timestamp video decode command with large input values. Recommendations: At the moment, there is no information about a...

Vulnerability of the H5O__layout_decode() function in the H5Olayout.c file of the HDF5 library, which allows a hacker to cause a service failure.

The vulnerability of the H5Olayoutdecode function in the H5Olayout.c file, a HDF5 library, involves reading data beyond the memory bounds. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the Decoder.Decode function in the Go programming language allows a hacker to trigger a service failure.

The vulnerability of the Decoder.Decode function in the Go programming language is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...

gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization

A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...

AZL-43083 CVE-2024-37298 affecting package telegraf for versions less than 1.31.0-2

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...

CVE-2023-46135 Panic in SignedPayload::from_payload

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.innerpayloadlen should not above 64. This vulnerability has been patched in version 0.0.8...

Vulnerability of the LZWDecode() function (libtiff/tif_lzw.c) in the LibTIFF library, which allows a hacker to cause a service failure

The vulnerability of the LZWDecode function libtiff/tiflzw.c in the LibTIFF library is related to the handling of the zero pointer. Exploiting this vulnerability could allow an attacker to trigger a service failure using specially created input data...