ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder

An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage...

GHSA-XG29-8GHV-V4XR ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption

A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed...

Moderate: Red Hat Security Advisory: vsftpd security update

An update for vsftpd is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...

vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...

vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...

Moderate: Red Hat Security Advisory: vsftpd security update

An update for vsftpd is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

SUSE-SU-2026:0880-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 140.8 MFSA 2026-17 bsc1258568: - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component - CVE-2026-2758: Use-after-free in the JavaScript: GC component - CVE-2026-2759: Incorrect boundary...

firefox: thunderbird: Integer overflow in the Libraries component in NSS

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the Libraries component in NSS...

firefox: thunderbird: Integer overflow in the Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the Audio/Video component...

firefox: thunderbird: Integer overflow in the JavaScript: Standard Library component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the JavaScript: Standard Library component...

llama.cpp 输入验证错误漏洞

Llama.cpp is a multimodal model developed by Georgi Gerganov. Prior versions of llama.cpp b8146 contained an input validation vulnerability; this vulnerability stemmed from an integer overflow in the ggufinitfromfileimpl function, which could lead to writing outside the buffer boundaries...

Fedora 44 : libmaxminddb (2026-814fe58971)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-814fe58971 advisory. libmaxminddb 1.13.1 - Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 - MMDBgetentrydatalist now validates that the claimed array/map size is...

RHEL 9 : vsftpd (RHSA-2026:4513)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4513 advisory. The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd:...

RHEL 8 : vsftpd (RHSA-2026:4550)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4550 advisory. The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd:...

RHEL 9 : vsftpd (RHSA-2026:4522)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4522 advisory. The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd:...

Google Chrome < 146.0.7680.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 146.0.7680.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop10 advisory. - Use after free in WebView in Google Chrome on Android prior to 146.0.7680....

RHEL 9 : vsftpd (RHSA-2026:4525)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4525 advisory. The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd:...

CVE-2026-3914

Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3914

Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.3.0 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an...