FreeBSD : h2o -- stack overflow serving static files on musl libc (644d5e6c-1bd9-4904-8440-16c04100a2e1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 644d5e6c-1bd9-4904-8440-16c04100a2e1 advisory. h2o project reports: When serving static files, h2o can allocate a file path on the stack using alloca...

Software-Security-Exploits

Software Security: Privilege Escalation Attacks SEED Labs pro...

curl: curl/libcurl 8.20.0 NOPROXY bypass via uppercase-hex IPv4 aliases leaks off-proxy Basic credentials to the configured proxy

Summary: curl/libcurl 8.20.0 fails to enforce CURLOPTNOPROXY, --noproxy, and NOPROXY consistently for uppercase-hex IPv4 aliases such as 0X7f.1 on glibc-based systems that accept these legacy numeric IPv4 forms. When a canonical IP literal is excluded from proxying, curl sends the canonical form...

h2o -- stack overflow serving static files on musl libc

h2o project reports: When serving static files, h2o can allocate a file path on the stack using alloca. On systems using musl libc, a large allocation can exceed the default pthread stack size and crash the server, causing a denial of service...

Security update for glibc (important)

openSUSE security update: security update for glibc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20764-1 Rating: important References: bsc1261206 bsc1262464 bsc1262465 Cross-References: CVE-2026-4046 CVE-2026-5450 CVE-2026-5928 CVSS scores:...

[SECURITY] Fedora 43 Update: kernel-headers-7.0.6-100.fc43

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — Live Code Corruption via Page Cache A novel...

CLSA-2026-1778003565 Fix CVE(s): CVE-2026-40684, CVE-2026-40685, CVE-2026-40687

SECURITY UPDATE: out-of-bounds read in DNS reverse-lookup escape decoding when running against musl libc - debian/patches/CVE-2026-40684.patch: harden stringcopydnsdomain to consume 1, 2, or 3 digits incrementally instead of indexing past the input string when fewer than 3 digits follow a backsla...

CVE-2026-41927

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...

Astra Linux – Vulnerability in musl

In musl libc through 1.2.1, wcsnrtombs mishandles certain combinations of destination buffer size and source character limit, as demonstrated by an invalid write access buffer overflow...

Astra Linux – Vulnerability in musl

The musl libc version up to 1.1.23 has an x87 floating-point stack adjustment imbalance, which is related to the math/i386/ directory. In some cases, using this library may lead to out-of-bounds writes, which are not present in an application’s source code...

Astra Linux – Vulnerability in musl

Musl libc versions 0.9.13 through 1.2.5 before 1.2.6 have a out-of-bounds write vulnerability, which means that an attacker can trigger the iconv conversion of untrusted EUC-KR text to UTF-8...

SUSE SLES15 Security Update : glibc-livepatches (SUSE-SU-2026:1662-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1662-1 advisory. This update for glibc-livepatches fixes the following issue: Security fixes: - CVE-2026-4046: assertion failure when converting inputs may be used to...

Security update for glibc-livepatches

This update for glibc-livepatches fixes the following issue: Security fixes: CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application bsc1261209. Other fixes: Fix problems with livepatches targeting libc-2.31.so instead of libc.so.6 in 15.4 bsc1263035...

SUSE-SU-2026:1662-1 Security update for glibc-livepatches

This update for glibc-livepatches fixes the following issue: Security fixes: - CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application bsc1261209. Other fixes: - Fix problems with livepatches targeting libc-2.31.so instead of libc.so.6 in 15.4 bsc12630...

Exploit for CVE-2026-31431

Copy Fail Tiny ELF - CVE-2026-31431 This is a minimal 801 byt...

Exim 安全漏洞

Exim is an open-source message transfer agent MTA developed by Exim Foundation and running on Unix systems. It primarily handles the routing, forwarding, and delivery of emails. Prior to Exim 4.99.2, there was a security vulnerability. This vulnerability occurred due to an exception in the octal...

EUVD-2026-26442

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...