CVE-2026-5121 Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

CVE-2026-5121

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

CVE-2026-3945

Tinyproxy (up to 1.11.3) contains an integer overflow in the HTTP chunked transfer encoding parser. Chunk sizes are parsed with strtol() without proper overflow validation, allowing a crafted size (e.g., LONG_MAX) to bypass checks and overflow arithmetic (chunklen + 2). This can cause the proxy t...

CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

Security Bulletin: IBM Edge Data Collector uses bytes-1.10.0.crate which is vulnerable to CVE-2026-25541.

Summary IBM Edge Data Collector uses bytes-1.10.0.crate which is vulnerable to CVE-2026-25541. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25541 DESCRIPTION: Bytes is a utility library for working with bytes. From version 1.2.1 to before...

(Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Apple Security Advisory 03-24-2026-4

Apple Security Advisory 03-24-2026-4 - macOS Sequoia 15.7.5 addresses information leakage, integer overflow, null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

Tinyproxy 安全漏洞

Tinyproxy is a small, efficient HTTP/SSL proxy daemon developed by Tinyproxy. Versions of Tinyproxy 1.11.3 and earlier contain security vulnerabilities, which stem from integer overflows in the HTTP chunked transmission encoding parser, potentially leading to denial-of-service attacks...

Apple Security Advisory 03-24-2026-5

Apple Security Advisory 03-24-2026-5 - macOS Sonoma 14.8.5 addresses information leakage, integer overflow, null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

ANT-2026-EBDTPNVH · jq · Heap Buffer Overflow

heap-buffer-overflow medium CVE-2026-32316 Severity Claude medium · Security research firm medium · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Trail of Bits. ANT-2026-EBDTPNVH: Integer...

ANT-2026-ZZY4987K · wolfSSL · integer-overflow

integer-overflow high CVE-2026-5477 Severity Claude high · Security research firm high · Maintainer - Discovered by Claude Mythos Preview SECURITY RESEARCH FIRM ANALYSIS Triage and disclosure were performed by Calif. Verdict: true positive Severity: high TIMELINE Dates from discovery through publ...

CVE-2026-4985

A flaw was found in dloebl CGIF, a GIF image handler component. A remote attacker could exploit an integer overflow vulnerability by manipulating the width or height arguments when adding a frame. This could lead to a denial of service DoS, making the affected system or application unavailable...

Updated strongswan packages fix security vulnerability

strongSwan 4.5.0 6.0.5 EAP-TTLS AVP Parsing Integer Underflow. CVE-2026-25075...

MGASA-2026-0073 Updated python-ujson packages fix security vulnerabilities

CVE-2026-32874 ujson 5.4.0 to 5.11.0 inclusive contains an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. ujson 5.4.0 to 5.11.0 has an integer overflow while handling a large indent which leads to a buffer overflow or infinite loop...

MGASA-2026-0072 Updated strongswan packages fix security vulnerability

strongSwan 4.5.0 6.0.5 EAP-TTLS AVP Parsing Integer Underflow. CVE-2026-25075...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20427-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20427-1 advisory. Changes in chromium: - Chromium 146.0.7680.164 boo1260376 CVE-2026-4673: Heap buffer overflow in WebAudio CVE-2026-4674: Out of bounds read in C...

openSUSE 16 Security Update : exiv2 (openSUSE-SU-2026:20410-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20410-1 advisory. Update to exiv2 0.28.8: - CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder bsc1219870. - CVE-2024-25112: denial of service...