CVE-2026-5450

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

Race Condition in GNU Sed

...

SUSE CVE-2026-5358

REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold start cache...

SUSE CVE-2026-5450

Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow...

PT-2026-34513

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of and '. However, the uutils implementation incorrectl...

UBUNTU-CVE-2026-5358

The obsolete nislocalprincipal function in the GNU C Library version...

PT-2026-43136

Name of the Vulnerable Software and Affected Versions GNU LibreDWG versions prior to 0.15 Description A weakness in the Dwggrep Utility component allows an out-of-bounds read, which occurs when the system accesses memory outside the intended boundary of a buffer. This issue is located in the bit...

PT-2026-43126

Name of the Vulnerable Software and Affected Versions GNU LibreDWG versions prior to 0.15 Description The decompress R2004 section function within the src/decode.c file of the Dwgread Utility contains an uncontrolled reachable assertion. This issue allows a local attacker to cause a denial of...

Linux Distros Unpatched Vulnerability : CVE-2026-6861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS...

PT-2026-34449

Name of the Vulnerable Software and Affected Versions GNU Emacs affected versions not specified Description A memory corruption issue exists when processing specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to op...

PT-2026-34511

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to string lossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

Linux Distros Unpatched Vulnerability : CVE-2026-35378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the...

DEBIAN-CVE-2026-5358

The obsolete nislocalprincipal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application...

Linux Distros Unpatched Vulnerability : CVE-2026-5358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The obsolete nislocalprincipal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to...

Linux Distros Unpatched Vulnerability : CVE-2026-5450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an...

Linux Distros Unpatched Vulnerability : CVE-2026-5928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character...

EUVD-2026-23980

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

EUVD-2026-23977

The obsolete nislocalprincipal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application...

EUVD-2026-23978

Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow...

CVE-2026-5928

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...