CVE-2026-38427

An issue in fetchjpg in xdrv10scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually read...

PT-2026-43711

An issue in fetch jpg in xdrv 10 scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16 t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually...

CVE-2026-38427

CVE-2026-38427 : In Tasmota up to 15.3.0.3, fetch_jpg() in xdrv_10_scripter.ino stores the JPEG Content-Length in a uint16_t. Values > 65535 wrap around, causing allocation of a smaller heap buffer than the data read and a heap buffer overflow. This enables a remote attacker over the network t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: This vulnerability prevents a wraparound in the schema length during the trace fill operation. The ioam6fillTraceData function stores the schema contribution to the trace length in an u8 type variable. When bit 2...

CVE-2026-31659

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the ...

CVE-2026-31659

The CVE-2026-31659 issue affects the batman-adv component in the Linux kernel. batadv_tt_prepare_tvlv_global_data() computes a 16‑bit allocation length for a global TT response; if a remote originator advertises a large TT, the TT payload length plus VLAN offset can exceed 65,535 and wrap before ...

CVE-2026-5188

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name SAN extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989709)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989709 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0...

SUSE CVE-2018-10195

lrzsz before version 0.12.21rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a sizet to wrap around...