10 matches found
CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
EUVD-2026-30978
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...
ALPINE-CVE-2026-32738
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...
PT-2026-41995
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description An unsigned integer underflow occurs in the Chunk constructor when processing a crafted HEIF sequence file containing samples per chunk=0 in the stsc box. This causes all samples to map to an empty...
ALPINE-CVE-2026-40170
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...
PT-2026-33102
Name of the Vulnerable Software and Affected Versions xwayland versions prior to 24.1.9-2.1 xorg-x11-server versions prior to 21.1.21-5.1 Description Security issues were identified in xwayland and xorg-x11-server. Recommendations Update xwayland to version 24.1.9-2.1. Update xorg-x11-server to...
CVE-2025-45242
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php...
OESA-2024-2096 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: The WebAudio OscillatorNode object was susceptible to a stack buffer overflow. This could have led to a potentially...
Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
PT-2022-13632 · Softing · Softing Secure Integration Server
Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server version V1.22 Description: A denial-of-service condition can be created in the software by sending a crafted HTTP packet with a large content-length header. This issue affects the Softing Secure Integration...