dovecot: Fix of CVE-2026-27857

CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...

CLSA-2026-1778250399 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...

CLSA-2026-1778661102 ruby: Fix of CVE-2023-28756

CVE-2023-28756: fix ReDoS in Time.rfc2822 by linearizing the RFC2822 parser regex in lib/time.rb to prevent quadratic backtracking on crafted invalid input...

RLSA-2026:15953 Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...

glib2 security update

An update is available for glib2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GLib provides the core application building blocks for libraries and applicatio...

fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and constructing XML documents without relying on C/C++-based libraries or callbacks. A security vulnerability exists in the version 1.1.5 of fast-xml-parser. This vulnerabilit...

CentOS 9 : glib2-2.68.4-20.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the glib2-2.68.4-20.el9 build changelog. - A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service ...

RockyLinux 8 : glib2 (RLSA-2026:15953)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:15953 advisory. glib: GLib: Buffer underflow in GVariant parser leads to heap corruption CVE-2025-14087 glib: Integer Overflow in GLib GIO Attribute Escaping Causes Hea...

AlmaLinux 10 : glib2 (ALSA-2026:15969)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:15969 advisory. glib: GLib: Buffer underflow in GVariant parser leads to heap corruption CVE-2025-14087 glib: Integer Overflow in GLib GIO Attribute Escaping Causes Hea...

Linux Distros Unpatched Vulnerability : CVE-2026-8159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser...

Netty 输入验证错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contain a vulnerability related to input validation errors...

CVE-2026-42854

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

CVE-2026-42854

Summary: The Arduino-ESP32 core is affected by a stack overflow in the WebServer multipart boundary parser. A boundary derived from the HTTP header (Content-Type: multipart/form-data; boundary=...) with length > ~8000 can overflow the 8192-byte loopTask stack, potentially enabling remote code ...

CVE-2026-44215

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

CVE-2026-42355

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

CVE-2026-42443

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

CVE-2026-42442

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

CVE-2026-42444

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

EUVD-2026-29793

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

CVE-2026-44215

Summary: NanaZip versions 5.0.1252.0 through before 6.0.1698.0 contain a bug in the UFS/UFS2 filesystem image parser that allows a one-byte heap out-of-bounds null write when opening a crafted UFS image. Vulnerability details: attacker-controlled byte offset within a ~254-byte window past the hea...