46 matches found
CVE-2026-13587
A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parsebyblocktype of the file lightpcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument capturedpacketlength results in heap-based buffer overflow. It is possible to...
Linux Distros Unpatched Vulnerability : CVE-2026-53173
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ethosu: fix OOB write in ethosugemcmdstreamcopyandvalidate The command stream parsing loop increments the index variable a second time when a 64-bit comma...
SUSE-SU-2026:2396-1 Security update for openssl-1_0_0
This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delt...
ALPINE-CVE-2026-42536
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
Important: gnutls
Issue Overview: A remotely triggerable underflow in the DTLS reassembly code led to a heap overrun. The issue was reported in the issue tracker as 1811 by Joshua Rogers of AISLE Research Team. CVE-2026-33845 GnuTLS didn't check that DTLS fragments claimed a consistent messagelength value...
SUSE CVE-2026-10230
A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::readanimations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally...
CVE-2026-38427
An issue in fetchjpg in xdrv10scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually read...
CVE-2026-9256
A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...
CLSA-2026-1779296292 httpd: Fix of 5 CVEs
CVE-2026-28780: modproxyajp 4-byte heap buffer overflow when contacting a malicious AJP backend off-by-AJPHEADERLEN check in ajpmsgcheckheader - CVE-2026-34059: modproxyajp heap over-read in ajpparsedata on short AJP replies - CVE-2026-33006: modauthdigest used non-constant-time strcmp for...
CVE-2026-32741 libheif has a heap buffer overflow in decode_mask_image()
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decodemaskimage. When decoding a HEIF file containing a mask image mski, the function copies the full iloc extent data into a pixel buffer using memcpydst,...
OPENSUSE-SU-2026:20755-1 Security update for openexr
This update for openexr fixes the following issues - CVE-2026-41142: integer overflow in ImageChannel: resize can lead to a heap out-of-bounds write via OpenEXRUtil public API bsc1264356. - CVE-2026-42216: missing checks in IDManifest: init can lead to out-of-bounds read during prefix expansion...
MGASA-2026-0135 Updated dnsmasq packages fix security vulnerabilities
CVE-2026-2291: dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-4890: A Denial of Service DoS...
CLSA-2026-1777999670 binutils: Fix of CVE-2025-7545
CVE-2025-7545: Fix heap-based buffer overflow in copysection caused by the --interleave option extending the output section size beyond the input section size...
Linux Distros Unpatched Vulnerability : CVE-2026-42483
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code vi...
UBUNTU-CVE-2026-24450
An integer overflow vulnerability exists in the uncompressedfpdngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
Important: gegl
Issue Overview: The rgbereadnewrle function in gegl/libs/rgbe/rgbe.c has a heap buffer overflow vulnerability during HDR image parsing that may allow remote code execution. CVE-2026-2049 When parsing an HDR image file, the function rgbereadnewrle gegl/libs/rgbe/rgbe.c contains HEAP Based Buffer...
SUSE SLED15: libpng16-16 / libpng16-16-32bit / libpng16-compat-devel / etc (SUSE-SU-2026:0597-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0597-1 advisory. - CVE-2026-25646: heap buffer overflow vulnerability in pngsetdither/pngsetquantize bsc1258020. Tenable h...
Mageia: Security Advisory (MGASA-2026-0022)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libpng: LIBPNG heap buffer overflow
A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated...
MiracleLinux 8 : libvncserver-0.9.11-9.el8.2 (AXSA:2020-247:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-247:01 advisory. libvncserver: HandleCursorShape integer overflow resulting in heap-based buffer overflow CVE-2019-15690 Tenable has extracted the preceding description block...