SUSE SLED15 / SLES15 Security Update : postgresql17 (SUSE-SU-2026:1943-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1943-1 advisory. This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: -...

SUSE-SU-2026:1944-1 Security update for postgresql18

This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard agains...

BIT-JAVA-2024-47606 GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ptp: Add a upper bound on maxvclocks syzbot reported WARNING in maxvclocksstore. This occurs when the argument max is too large for kcalloc to handle. Extend the guard to guard against values that are too large for kcalloc...

CVE-2026-2271 Gimp: gimp: denial of service via crafted psp image file

A flaw was found in GIMP's PSP Paint Shop Pro file parser. A remote attacker could exploit an integer overflow vulnerability in the readcreatorblock function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory...

CVE-2026-25794

A flaw was found in ImageMagick. When processing images with large dimensions, the WriteUHDRImage function in coders/uhdr.c uses integer arithmetic that can overflow. This overflow leads to an undersized memory allocation, followed by an out-of-bounds write. A remote attacker could exploit this...

OPENSUSE-SU-2026:20130-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: Security fixes: - CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts bsc1253332 - CVE-2025-12818...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989817)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989817 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmpdma: In struct zynqmpdmachan fix descsize data type In...

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.

...

Linux Distros Unpatched Vulnerability : CVE-2023-47995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImageAllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of...

CVE-2025-54472

Unlimited memory allocation in redis protocol parser in Apache bRPC all versions 1.14.1 on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers re...

Linux Distros Unpatched Vulnerability : CVE-2024-57258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdifft ...

OESA-2025-1210 uboot-tools security update

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: An integer overflow in sqfsinodesize in Das U-Boot before 2025.01-rc1 occurs in the symlink siz...

SUSE CVE-2024-47606

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...

Important: kernel

Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 In the Linux kernel, the following vulnerability has been...

SUSE CVE-2020-11904

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write...

OESA-2021-1271 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value involving strdupa and alloca for a pathname controlled by a local attacker that results i...

CVE-2020-13603

Integer Overflow in memory allocating functions. Zephyr versions = 1.14.2, = 2.4.0 contain Integer Overflow or Wraparound CWE-190. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45...

UBUNTU-CVE-2021-3420

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nanomemalign, nanovalloc, nanopvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow...

CVE-2020-14382

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2jsonmetadata.c' in function...