EulerOS Virtualization 2.10.0 : glib2 (EulerOS-SA-2026-2046)

According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types...

EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2026-2039)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag...

Silicon Labs Gecko SDK和Silicon Labs Simplicity SDK 安全漏洞

The Silicon Labs Gecko SDK GSDK and Silicon Labs Simplicity SDK are both open-source products from Silicon Labs. The Silicon Labs Gecko SDK is a library that combines the Silicon Labs wireless software development kit SDK with the Gecko platform into an integrated software package. The Silicon La...

Updated gpsd packages fix security vulnerabilities

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

CVE-2026-1485

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access...

CLSA-2026-1769424492 gpsd-minimal: Fix of 2 CVEs

CVE-2025-67268: fix heap-based buffer overrun in NMEA2000 GNSS satellite handling - CVE-2025-67269: fix integer underflow in NAVCOM packet parsing to prevent excessive payload length and CPU-exhaustion...

CVE-2025-66217

AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Leng...

PT-2025-48360

Name of the Vulnerable Software and Affected Versions AIS-catcher versions prior to 0.64 Description AIS-catcher, a multi-platform AIS receiver, contains a flaw in its MQTT parsing logic. An integer underflow can be triggered by sending a crafted MQTT packet with a modified Topic Length field. Th...

CVE-2025-59729

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...

CLSA-2025-1744721593 c-ares: Fix of 4 CVEs

CVE-2024-25629: fix invalid memory read issue in aresreadline - CVE-2023-31130: fix buffer underflow in aresinetnetpton for certain ipv6 addresses - CVE-2023-31147: fix issue of using weak random numbers in DNS query ids by replacing rand with a modern OS-provided CSPRNG like arc4random -...

Mozilla: Underflow through code inspection (MFSA 2015-145)

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP...

Mozilla: Underflow through code inspection (MFSA 2015-145)

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP...