Amazon Linux 2 : exiv2, --advisory ALAS2-2026-3201 (ALAS-2026-3201)

The version of exiv2 installed on the remote host is prior to 0.27.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3201 advisory. Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata...

CVE-2026-31970

A flaw was found in HTSlib, a library used for handling bioinformatics file formats. A remote attacker could exploit an integer overflow vulnerability when a user opens a specially crafted GZI GZIP Index file. Exploiting this bug causes a heap buffer overflow. If a user opens a file crafted to...

[SECURITY] [DSA 6168-1] freetype security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6168-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2026 https://www.debian.org/security/faq -...

CVE-2026-31970

Summary: HTSlib’s GZI index loading path (bgzf_index_load_hfile) may overflow a heap buffer due to an integer overflow, causing a heap buffer overflow. This can crash the application, corrupt data, or potentially allow arbitrary code execution when a crafted GZI file is opened. Affected component...

UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop

Summary ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent parameter and the nested depth of the input exceeds INT32MAX. It can also get stuck in an infinite loop if the indent is a large negative number. Both are caused by an integer overflow/underflow...

Integer Overflow or Wraparound

Overview ujson is an Ultra fast JSON encoder and decoder for Python Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the indent parameter in the dumps, dump, or encode functions. An attacker can cause a crash or infinite loop by supplying large or negative...

CLSA-2026-1773831456 openexr: Fix of CVE-2026-27622

CVE-2026-27622: fix integer overflow in CompositeDeepScanLine leading to heap buffer overflow...

pixman security update

An update is available for pixman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Pixman is a pixel manipulation library for the X Window System and Cairo...

RLSA-2023:7754 Moderate: pixman security update

Pixman is a pixel manipulation library for the X Window System and Cairo. Security Fixes: pixman: Integer overflow in pixmansamplefloory leading to heap out-of-bounds write CVE-2022-44638 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

RockyLinux 9 : pixman (RLSA-2023:7754)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:7754 advisory. pixman: Integer overflow in pixmansamplefloory leading to heap out-of-bounds write CVE-2022-44638 Tenable has extracted the preceding description block directly...

Debian dsa-6168 : freetype2-demos - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6168 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6168-1 [email protected] https://www.debian.org/security/ Moritz...

HTSlib 安全漏洞

HTSlib is a C-language library file developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 have security vulnerabilities. These vulnerabilities stem from the bgzfindexloadhfile function, which involves integer overflows, potentially leading to heap buffer overflows...

chromium -- security fixes

Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...

Linux Distros Unpatched Vulnerability : CVE-2025-34297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kissfftalloc in kissfft.c on platforms where sizet is 32-bit. The nfft paramete...

Security Bulletin: AIX/VIOS Perl is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Perl could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4, XMLExternalEntityParserCreate does n...

Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Python could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4,...

EUVD-2026-12641

Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow a privileged user to trigger an integer overflow within the DLL Injector, leading to a Blue-Screen-of-Death BSOD. Successful...

[SECURITY] [DSA 6167-1] gst-plugins-base1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6167-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2026 https://www.debian.org/security/faq -...

CVE-2025-15584 Endpoint DLP Driver Filter Communication Port Integer Overflow

Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an integer overflow within the filter communication port, leading to a Blue-Screen-of-Death...

CVE-2025-15584

The CVE-2025-15584 entry concerns the Windows Netskope Client Endpoint DLP Module, where an integer overflow in the filter communication port is possible when the module is enabled. Successful exploitation could cause a BSOD and local denial-of-service. The description does not specify affected v...