DEBIAN-CVE-2026-10528

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...

CVE-2026-0044

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-10268 janet-lang janet marsh.c unmarshal_one_fiber integer overflow

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

PT-2026-45510

FlexRIC v2.0.0 uses a uint16 t counter for xapp id assignment but stores the value in uint32 t message fields. After 65,530+ E42 SETUP REQUESTs, the 16-bit counter wraps around and produces duplicate xapp ids. The iApp port 36422 crashes when attempting to register a duplicate ID in its internal...

CVE-2026-10120

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewallname results in stack-based buffer overflow. The attack can be executed remotely. The exploit is...

CVE-2018-25426 WinMTR 0.91 Denial of Service via Buffer Overflow

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow...

PT-2026-45100

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword list/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The explo...

CVE-2026-46384

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

PT-2026-44340

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. cherry picked from commit 3c5367d950140d4ec7af830b2268a5a6fdaa3885...

EUVD-2026-32581

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds read operations within the ANGLE library, which could allow remote attackers to extract sensitive...

CVE-2026-9382

A flaw has been found in Edimax BR-6675nD 1.12. Affected by this issue is the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Executing a manipulation of the argument pptpUserName can lead to buffer overflow. The attack may be launched remotely. The...

corosync: Corosync: Denial of Service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol UDP packets. This can cause the service to crash, leading to a denial of service. This vulnerability...

dnsmasq security update

2.79-36 - Prevent overflow in extractname function CVE-2026-2291 - Prevent DoS in DNSSEC validation CVE-2026-4890 - Prevent out-of-bounds read in DNSSEC validation CVE-2026-4891 - Prevent out-of-bounds write in DHCPv6 server CVE-2026-4892 - Prevent source check avoidance by RFC 7871 client-subnet...

SUSE-SU-2026:2053-1 Security update for busybox

This update for busybox fixes the following issue - CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c bsc1263989...

PT-2026-43220

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can trigger a denial of service by pasting a 5000-byte payload into the name input field within the Geom...

PT-2026-43130

A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress R2004 section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available...

EUVD-2018-21868

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Rejected malicious packets in ipv6gsoSegment. syzbot was able to create a packet with very long IPv6 extension headers, leading to an overflow of the skb-transportheader field. This 16-bit field has a limited range. Add...

Astra Linux - уязвимость в libfcgi

FastCGI’s fgi2 also known as fgi versions from 2.2 through 2.4.4 have a integer overflow vulnerability, which can lead to a heap-based buffer overflow when crafted nameLen or valueLen values are passed to the IPC socket. This issue occurs in the ReadParams function in the fcgiapp.c file...