EUVD-2026-33959

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

PT-2026-41791

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions 0.7.0 through 0.8.x Description An integer overflow exists in the memcached text protocol parser of OpenTelemetry eBPF Instrumentation OBI. When parsing memcached storage commands such as set, add,...

EUVD-2026-30412

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

CVE-2026-44637

CVE-2026-44637 affects libsixel (SIXEL encoder/decoder). A signed integer overflow in the parser’s image-buffer doubling loop (sixel_decode_raw_impl) occurs as context->pos_x is incremented by repeat_count with no upper bound check. When pos_x nears INT_MAX, pos_x + repeat_count overflows sign...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021387)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021387 advisory. GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...

Unity Linux 20.1060e / 20.1070e Security Update: expat (UTSA-2026-017357)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017357 advisory. lookup in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. Tenable has extracted the preceding description block directly from the Unity Linux...

CLSA-2026-1776438517 gstreamer1-plugins-bad-free: Fix of CVE-2026-3082

CVE-2026-3082: fix heap-based buffer overflow in JPEG parser READBYTES macro by adding sizeofbuf bounds check...

Linux Distros Unpatched Vulnerability : CVE-2026-33902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow...

OESA-2026-1900 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CLSA-2026-1775725743 ImageMagick: Fix of 3 CVEs

CVE-2025-66628: fix integer overflow in TIM parser - CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28693: fix integer overflow in DIB coder...

RLSA-2026:6259 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

RHEL 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RHSA-2026:6259)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6259 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

[SECURITY] [DLA 4514-1] gst-plugins-base1.0 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4514-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 29, 2026 https://wiki.debian.org/LTS -...

CVE-2026-2271

A flaw was found in GIMP's PSP Paint Shop Pro file parser. A remote attacker could exploit an integer overflow vulnerability in the readcreatorblock function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory...

Mozilla Thunderbird < 149.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 149.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-23 advisory. - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects...

EUVD-2026-13519

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

CVE-2026-32945

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

CVE-2026-32945 PJSIP is vulnerable to Heap-based Buffer Overflow through DNS parser

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

CVE-2006-10002

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters while SvPV gives...

CVE-2006-10002

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters while SvPV gives...