524 matches found
CVE-2026-28532
FRRouting before 10.5.3 is affected by an integer overflow in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. A uint16_t accumulator truncates uint32_t values returned by TLV_SIZE(), causing the loop termination condition to fail while pointer advancement continues. An at...
PT-2026-36172
Name of the Vulnerable Software and Affected Versions FRRouting versions prior to 10.5.3 Description An integer overflow exists in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. A uint16 t accumulator variable truncates uint32 t values returned by the TLV SIZE macro, whi...
CVE-2026-31683
A flaw was found in the batman-adv module of the Linux kernel. This vulnerability arises when the Optimized Global Messaging OGM aggregation state is dynamically altered, leading to insufficient buffer space skb tailroom for network packets. A remote attacker could exploit this condition by sendi...
PT-2026-38560
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description When using the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory, leading to a crash. This occurs specifically when utilizing th...
CVE-2026-33780
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service DoS. In an EVPN-MPLS...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the internalexrundopiz process. An attacker can cause out-of-bounds memory access, leading to potential memory corruption or process crash, by supplying a specially crafted EXR file that triggers signed integ...
DEBIAN-CVE-2026-34379
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...
CVE-2026-34764
The CVE-2026-34764 issue affects Electron apps that use offscreen rendering with GPU shared textures (webPreferences.offscreen: { useSharedTexture: true }). The root cause is a use-after-free where the release() callback for a paint-event texture can outlive its backing native state, causing a de...
CVE-2026-34764 Electron has a use-after-free in offscreen shared texture release() callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...
Electron 资源管理错误漏洞
Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 38.8.6, 39.8.0,...
SUSE SLED15 / SLES15 Security Update : wireshark (SUSE-SU-2026:1169-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1169-1 advisory. Update Wireshark to version 4.6.4 jscPED-15400. - CVE-2024-9780: ITS dissector crash bsc1231475. -...
GHSA-8X5Q-PVF5-64MP Electron: Use-after-free in offscreen shared texture release() callback
Impact Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main...
Allocation of Resources Without Limits or Throttling
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of a frame count limit in the loadbase64 function when processing video/jpeg...
CVE-2026-34535
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...
CVE-2026-27879
A flaw was found in Grafana. A remote attacker with low privileges can exploit this vulnerability by sending a specially crafted resample query. This can trigger out-of-memory crashes, leading to a Denial of Service DoS for the affected system. Mitigation Mitigation for this issue is either not...
CVE-2026-27880
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...
OESA-2026-1725 libxslt security update
Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regula...
OESA-2026-1724 libxslt security update
Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regula...
PT-2026-28371
Name of the Vulnerable Software and Affected Versions Grafana versions prior to 11.6.14+security01-1 Description A resample query can be used to trigger out-of-memory crashes. Recommendations Update to version 11.6.14+security01-1...
Grafana 安全漏洞
Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability that can lead to a memory insufficiency...