libcoap 安全漏洞

Libcoap is a lightweight application protocol implementation developed by ObgM. Libcoap has a security vulnerability, which stems from out-of-bounds read operations during the CBOR decapsulation processing in OSCORE Appendix B.2. This vulnerability may lead to a heap buffer overflow attack throug...

ROS-20260417-73-0050

Vulnerability in firefox related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

SUSE SLES15 / openSUSE 15 Security Update : corosync (SUSE-SU-2026:1394-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1394-1 advisory. - CVE-2026-35091: Denial of Service and information disclosure via crafted UDP packet bsc1261299. - CVE-2026-35092: Denial of...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-007393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007393 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the...

Fedora 43 : libcgif (2026-1a9f019f60)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1a9f019f60 advisory. Version 0.5.3 - Fix potential undefined behavior in cgifaddframe which could have led to an integer overflow CVE-2026-4985 Tenable has extracted the precedin...

MiniUPnP 安全漏洞

MiniUPnP is a set of UPnP tools developed by the Miniupnp project, which can be used in embedded systems. These tools enable devices in home and corporate networks to connect with each other. MiniUPnP has a security vulnerability, stemming from integer underflow in the parsing of SOAPAction...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007238)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007238 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: reject configurations that cause integer overflow Reject bogus configs where...

OpenEXR -- several integer overflow vulnerabilities

Cary Phillips reports: OpenEXR 3.4.10 is a patch release that addresses the following security vulnerabilities: CVE-2026-39886 HTJ2K Signed Integer Overflow in htundoimpl CVE-2026-40244 Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic missed variant of CVE-2026-34589...

PT-2026-33521

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007220)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007220 advisory. Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM md, raid, raid5 modules allows Forced Integer Overflow. Tenable has...

JLSEC-2026-122

Integer overflow in libaom internal function imgallochelper can lead to heap buffer overflow. This function can be reached via 3 callers: - Calling aomimgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and...

SUSE CVE-2026-40915

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel...

CVE-2026-40253

openCryptoki (PKCS#11 library) is affected in versions 3.26.0 and earlier due to BER/DER decoding in the shared asn1.c lacking a buffer length parameter and trusting BER lengths, enabling out-of-bounds reads when malformed BER objects are provided via C_CreateObject, C_UnwrapKey, token loading, o...

Foxit, LibRaw vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability...

libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

RLSA-2026:7682 Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

openexr security update

An update is available for openexr. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenEXR is an open-source high-dynamic-range floating-point image file forma...

libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

CLSA-2026-1776354546 jq: Fix of CVE-2024-23337

CVE-2024-23337: fix signed integer overflow in jvparraywrite and jvpobjectrehash that could lead to SEGV on growing arrays and objects...