20111 matches found
[SECURITY] [DSA 6271-1] gsasl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6271-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2026 https://www.debian.org/security/faq -...
Absinthe: Unbounded atom creation from parsed directive name
Summary When Absinthe parses a GraphQL SDL document, every directive @ definition is converted into a freshly created atom without any allow-list or length cap. Because atoms are never garbage-collected and the BEAM has a hard 1,048,576 atom-table limit, any application that feeds...
CLSA-2026-1778750122 Fix CVE(s): CVE-2026-27857
SECURITY UPDATE: imap-login excessive memory usage DoS ELSCVE-123445 - debian/patches/CVE-2026-27857.patch: limit IMAP parser open list count via new imapparserparams struct; cap pre-auth IMAPLOGINLISTCOUNTLIMIT to 1. Squashes upstream commits 825bc297, d0f67b52, af1fb4da, 3435e0d44. -...
PT-2026-41033
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixel decode raw impl. context-pos x grows by repeat count on every sixel characte...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021387)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021387 advisory. GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...
Ruby CSS Parser 信任管理问题漏洞
Ruby CSS Parser is an open-source tool developed by premailer, used for loading, parsing, and cascading CSS rule sets. Versions of Ruby CSS Parser prior to 2.1.0 and 1.22.0 had a trust management vulnerability. This vulnerability stemmed from unvalidated HTTPS connections, where connections were...
libsixel 输入验证错误漏洞
Libsixel is a software package developed by Hayaki Saito, which provides encoding/decoding implementations for DEC SIXEL graphics and other conversion programs. Versions of Libsixel 1.8.7-r1 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from ...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-good (UTSA-2026-021392)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021392 advisory. GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...
Linux Distros Unpatched Vulnerability : CVE-2026-44312
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to...
CVE-2026-42355
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...
CVE-2026-42442
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...
CVE-2026-44215
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...
RLSA-2026:15969 Moderate: glib2 security update
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...
glib2 security update
An update is available for glib2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GLib provides the core application building blocks for libraries and...
RLSA-2026:15971 Moderate: glib2 security update
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...
glib2 security update
An update is available for glib2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GLib provides the core application building blocks for libraries and applicatio...
dovecot: Fix of CVE-2026-27857
CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...
CLSA-2026-1778250399 dovecot: Fix of CVE-2026-27857
CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...
CLSA-2026-1778661102 ruby: Fix of CVE-2023-28756
CVE-2023-28756: fix ReDoS in Time.rfc2822 by linearizing the RFC2822 parser regex in lib/time.rb to prevent quadratic backtracking on crafted invalid input...
RLSA-2026:15953 Moderate: glib2 security update
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...