CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

CVE-2026-28525

SWUpdate contains an integer underflow in the multipart upload parser (mongoose_multipart.c) that enables unauthenticated remote denial of service. An attacker can trigger an underflow in mg_http_multipart_continue_wait_for_chunk() by sending a crafted HTTP POST to /upload with a malformed multip...

CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

CVE-2026-33999

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

CVE-2026-33999

CVE-2026-33999 affects the X.Org X server, specifically an integer underflow in the XKB compatibility map handling, allowing a local or remote X11 server user to trigger a buffer read overrun. The result is memory-safety violations and potential DoS or other impacts as described in the connected ...

CVE-2026-33999

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

PT-2026-34748

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

X.Org X Server 数字错误漏洞

X.Org X Server is an X Window system display server developed by the X.Org Foundation. X.Org X Server has a numerical error vulnerability, which stems from integer underflow in the XKB compatibility mapping process. This vulnerability may allow attackers to trigger a buffer overflow, leading to...

SWUpdate 缓冲区错误漏洞

SWUpdate is an embedded Linux system update tool developed by Stefano Babic. SWUpdate has a buffer error vulnerability, which stems from an integer underflow in the multipart upload parser in the mongoosemultipart.c file. This vulnerability allows unauthenticated attackers to cause...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libexif (UTSA-2026-014285)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014285 advisory. libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten du...

CVE-2026-35330

Integer Underflow When Handling EAP-SIM/AKA Attributes...

CVE-2026-35333

Integer Underflow When Handling RADIUS Attributes...

UBUNTU-CVE-2026-35333

Integer Underflow When Handling RADIUS Attributes...

UBUNTU-CVE-2026-35330

Integer Underflow When Handling EAP-SIM/AKA Attributes...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013816)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013816 advisory. In the Linux kernel, the following vulnerability has been resolved: regulator: core: Prevent integer underflow By using a ratio of delay to pollenabledtime that is n...

JLSEC-2026-163

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service schemainit.c serialNumberAndIssuerCheck...

JLSEC-2026-170

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011315 advisory. In the Linux kernel, the following vulnerability has been resolved: regulator: core: Prevent integer underflow By using a ratio of delay to pollenabledtime that is n...