CVE-2026-29776

FreeRDP Core Library has an integer underflow in update_read_cache_bitmap_order prior to 3.24.0. This vulnerability is network-exposed and requires user interaction with high attack complexity, per CVSS: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L. It is fixed in 3.24.0 (see GHSA advisory and related com...

CVE-2026-29776 FreeRDP has an Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in updatereadcachebitmaporder Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0...

CVE-2026-29776

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in updatereadcachebitmaporder Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0...

CVE-2026-29776

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in updatereadcachebitmaporder Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0...

CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

CVE-2026-29078

Lexbor CVE-2026-29078 affects the ISO-2022-JP encoder prior to version 2.7.0. The bug is caused by not resetting the temporary size variable between iterations, so ctx->buffer_used -= size with a stale size (3) underflows to SIZE_MAX. This underflow leads to memcpy called with a negative lengt...

Lexbor 缓冲区错误漏洞

Lexbor is an open-source C language library for processing HTML and CSS. Versions of Lexbor prior to 2.7.0 contained a buffer error vulnerability. This vulnerability stemmed from an integer underflow in the ISO-2022-JP encoder, which could lead to out-of-bounds reading and writing...

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.24.0 contained security vulnerabilities, which were caused by integer underflow in the updatereadcachebitmaporder function...

PT-2026-25330

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-buffer used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE MAX. Afterwards, memcpy is called wit...

SUSE CVE-2026-3084

GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

Unity Linux 20.1070e Security Update: xorg-x11-server (UTSA-2026-005922)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005922 advisory. A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest...

Moxa VPort Cameras Integer Underflow (CVE-2021-25849)

An integer underflow was discovered in userdisk/vportlldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Moxa VPort Cameras Integer Underflow (CVE-2021-25846)

Improper validation of the ChassisID TLV in userdisk/vportlldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet. This plugin only works with Tenable.ot. Please visit...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005424)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005424 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40eclearhw When the device sends a specific...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005595)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005595 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethashnetportnet.c The missing...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005698)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005698 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40eclearhw When the device sends a specific...

CVE-2026-27596 Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

CVE-2026-27596

The CVE-2026-27596 issue affects Exiv2 prior to 0.28.8, with an out-of-bounds read triggered in the preview component when running with extra args (e.g., -pp). The CVE is fixed in Exiv2 0.28.8; advisories note the vulnerability in both the CRW image parser and the preview path, where a 4GB offset...