Crypt::OpenSSL::PKCS12 缓冲区错误漏洞

Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides interface calls to the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained a buffer error vulnerability. This vulnerability arises wh...

PostgreSQL server undersizes allocations, via integer wraparound

...

libyang: lyb_read_string() integer overflow → heap buffer overflow

...

CLSA-2026-1778895374 Fix CVE(s): CVE-2026-7598

SECURITY UPDATE: Fix integer overflow in userauthpassword usernamelen/passwordlen bounds checks - debian/patches/CVE-2026-7598.patch: Fix integer overflow in userauthpassword usernamelen/passwordlen bounds checks - CVE-2026-7598...

SUSE CVE-2026-42308

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...

SUSE CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

SUSE CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

SUSE CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

Chromium: CVE-2026-8577 Integer overflow in Fonts

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8573 Integer overflow in Codecs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8567 Integer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8559 Integer overflow in Internationalization

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8532 Integer overflow in XML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8519 Integer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium) < 148.0.3967.70 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 148.0.3967.70. It is, therefore, affected by multiple vulnerabilities as referenced in the May 15, 2026 advisory. - Microsoft Edge Chromium-based Remote Code Execution Vulnerability CVE-2026-45495 - Improper input...

openSUSE 16 Security Update : ffmpeg-4 (openSUSE-SU-2026:20726-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20726-1 advisory. Changes in ffmpeg-4: - CVE-2026-40962: Fixed inadequate CENC subsample bounds checks that could lead to an integer overflow bsc1262237. Tenable has...

[SECURITY] [DSA 6277-1] openjpeg2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6277-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2026 https://www.debian.org/security/faq -...

CVE-2026-44673

A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the lybreadstring function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer such as a...

CVE-2026-42308

A flaw was found in Pillow, a Python imaging library. If a font advances for each glyph by an exceeding large amount, an integer overflow can occur when Pillow tracks the current position. This could lead to a denial of service DoS condition, making the application unavailable. Mitigation To...

CVE-2026-6664

A flaw was found in PgBouncer. An integer overflow in the network packet parsing code allows an unauthenticated remote attacker to bypass a boundary check by sending a malformed SCRAM authentication packet. This can lead to a crash, resulting in a Denial of Service DoS for the PgBouncer instance...