Lexbor 缓冲区错误漏洞

Lexbor is an open-source C language library for processing HTML and CSS. Versions of Lexbor prior to 2.7.0 contained a buffer error vulnerability. This vulnerability stemmed from an integer underflow in the ISO-2022-JP encoder, which could lead to out-of-bounds reading and writing...

SUSE CVE-2026-3084

GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

Unity Linux 20.1070e Security Update: xorg-x11-server (UTSA-2026-005922)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005922 advisory. A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest...

Moxa VPort Cameras Integer Underflow (CVE-2021-25846)

Improper validation of the ChassisID TLV in userdisk/vportlldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet. This plugin only works with Tenable.ot. Please visit...

Moxa VPort Cameras Integer Underflow (CVE-2021-25849)

An integer underflow was discovered in userdisk/vportlldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005424)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005424 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40eclearhw When the device sends a specific...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005698)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005698 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40eclearhw When the device sends a specific...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005595)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005595 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethashnetportnet.c The missing...

CVE-2026-27596 Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

CVE-2026-27596

Exiv2 (C++ library/CLI for EXIF/IPTC/XMP metadata) has a vulnerability in the preview component (triggered with an extra command-line arg such as -pp) where an integer underflow in LoaderNative::getData() leads to a heap buffer overflow. This affects versions prior to 0.28.8 and typically causes ...

CVE-2026-27596 Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

SUSE-SU-2026:0703-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418. - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-32049: denial of Service attack to websocket server bsc1240751. -...

CVE-2026-27710

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s .NET Single File Application parser. A crafted bundle can force an integer underflow in header-size calculation and trigger...

CVE-2026-27710

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s .NET Single File Application parser. A crafted bundle can force an integer underflow in header-size calculation and trigger...

CVE-2026-27710

CVE-2026-27710 affects NanaZip prior to fixed versions 6.0.1638.0 and 6.5.1638.0, where the ".NET Single File Application" parser is vulnerable to a denial-of-service due to an integer underflow in header-size calculation, which can trigger an unbounded memory allocation when opening a crafted bu...

CVE-2026-27710 NanaZip .NET Single-File Parser Integer Underflow Leads to Unbounded Allocation (DoS)

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s .NET Single File Application parser. A crafted bundle can force an integer underflow in header-size calculation and trigger...

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions 3.3.0 to 3.3.6 and 3.4.0 to 3.4.4 of OpenEXR contain security vulnerabilities. These vulnerabilities stem from integer underflow during the parsing of malformed EXR...

CVE-2025-14547

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service...

CVE-2025-14055

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...

CVE-2025-14055

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...