PT-2026-48304

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

ROS-20260609-73-0012

The vulnerability of the ngxhttpscgimodule and ngxhttpuwsgimodule modules in NGINX Plus and NGINX Open Source web servers is related to uncontrolled memory consumption. Exploiting this vulnerability can allow a malicious actor to perform a “man-in-the-middle” attack remotely...

ROS-20260609-73-0018

The vulnerability of the WebRender component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

PT-2026-48217

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.53.2 Description Memory corruption issues exist in the FTS5 full-text search extension. An attacker can cause process crashes, memory exhaustion, or arbitrary code execution by providing a crafted database containing...

RHEL 9 : thunderbird (RHSA-2026:24721)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24721 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox ES...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2213)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in th...

EulerOS 2.0 SP11 : python-pyasn1 (EulerOS-SA-2026-2225)

According to the versions of the python-pyasn1 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from...

PT-2026-48143

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a...

PT-2026-48241

This update for xen fixes the following issues: - CVE-2026-42487: x86 HVM I/O port list traversal bsc1266952. - CVE-2026-42488: x86: mismatched mapcache metadata bsc1266955. - CVE-2026-42489,CVE-2026-42490: domctl lock open to abuse bsc1266953...

FreeBSD-SA-26:35.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:35.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2026-06-09 Credits:...

ROS-20260609-73-0011

The vulnerability of the ngxhttpcharsetmodule module in NGINX Plus and NGINX Open Source web servers is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and accessibility of the protected...

ROS-20260609-73-0006

The vulnerability of the jpegimageload function in the image loading library GdkPixbuf is related to the situation where the operation exits the buffer boundaries in memory when processing a specially created JPEG image. Exploiting this vulnerability could allow a malicious actor to cause service...

PT-2026-48127

Name of the Vulnerable Software and Affected Versions AMD Secure Processor affected versions not specified Description Improper access control for the register interface in the input-output memory management unit IOMMU allows a privileged attacker, such as a malicious hypervisor, to cause...

PT-2026-47715

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description An unrestricted upload of files with dangerous types allows an authenticated user to cause a server process crash. This occurs when a crafted TIFF image triggers excessive memory allocation...

PT-2026-47691

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions:...

OpenSSL Security Advisory 20260609

OpenSSL is susceptible to multiple security vulnerabilities. A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. The Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag...

RHEL 8 : thunderbird (RHSA-2026:24717)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24717 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox ES...

Linux Distros Unpatched Vulnerability : CVE-2026-46321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp...

Linux Distros Unpatched Vulnerability : CVE-2026-11788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an...

EulerOS 2.0 SP11 : polkit (EulerOS-SA-2026-2222)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1...