SUSE-SU-2026:20940-1 Security update for net-tools

This update for net-tools fixes the following issues: - Fix stack buffer overflow in parsehex bsc1248687, GHSA-h667-qrp8-gj58. - Fix stack-based buffer overflow in procgenfmt bsc1248687, GHSA-w7jq-cmw2-cq59. - Avoid unsafe memcpy in ifconfig bsc1248687. - Prevent overflow in ax25 and netrom...

CVE-2026-32707

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

RHEL 9 : kernel (RHSA-2026:4745)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4745 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: RDMA/rxe: Fix the qp flush...

CVE-2026-32707

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

CVE-2026-32707

CVE-2026-32707 affects PX4 Autopilot with the tattu_can module. A stack buffer overflow results from an unbounded memcpy in the multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In affected deployments where tattu_can is enabled, a CAN-injection cap...

CVE-2026-32707 PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

PT-2026-25390

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu can is enabled and running, a CAN-injection-capabl...

EUVD-2026-10373

ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays...

CLSA-2026-1773048865 kernel: Fix of 53 CVEs

xhci: Remove device endpoints from bandwidth list when freeing the device CVE-2022-50470 - HID: multitouch: Add NULL check in mtinputconfigured CVE-2024-58020 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - fs: writeback: fix use-after-free in markinodedirty...

Moxa VPort Cameras Integer Underflow (CVE-2021-25846)

Improper validation of the ChassisID TLV in userdisk/vportlldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet. This plugin only works with Tenable.ot. Please visit...

ROS-20260306-73-0024

A vulnerability in the memcpy function of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005569)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005569 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexcmd80211scanext Replace...

SUSE-SU-2026:20555-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40147: blk-throttle: fix access race during throttle policy activation bsc1253344. - CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer...

AZL-79502 CVE-2026-28364 affecting package ocaml 4.13.1-2

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...

CVE-2026-28364

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...

EUVD-2026-8868

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The goliothpayloadasint and goliothpayloadasfloat helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived from...

CVE-2026-23747

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The goliothpayloadasint and goliothpayloadasfloat helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived from...

CVE-2026-23747 Golioth Firmware SDK < 0.22.0 Payload Utils Stack-based Buffer Overflow

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The goliothpayloadasint and goliothpayloadasfloat helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived from...

PT-2026-22166

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth payload as int and golioth payload as float helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived...

AlmaLinux 9 : kernel (ALSA-2026:2722)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2722 advisory. kernel: ntbhwswitchtec: Fix shift-out-of-bounds in switchtecntbmwsettrans CVE-2023-53034 kernel: smc: Fix use-after-free in pnetfindbasendev CVE-2025-4006...