Apple Security Advisory 03-24-2026-6

Apple Security Advisory 03-24-2026-6 - tvOS 26.4 addresses information leakage, null pointer, out of bounds access, and use-after-free vulnerabilities...

Apple Security Advisory 03-24-2026-5

Apple Security Advisory 03-24-2026-5 - macOS Sonoma 14.8.5 addresses information leakage, integer overflow, null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

Apple Security Advisory 03-24-2026-4

Apple Security Advisory 03-24-2026-4 - macOS Sequoia 15.7.5 addresses information leakage, integer overflow, null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

Apple Security Advisory 03-24-2026-3

Apple Security Advisory 03-24-2026-3 - macOS Tahoe 26.4 addresses buffer overflow, bypass, information leakage, null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

Apple Security Advisory 03-24-2026-2

Apple Security Advisory 03-24-2026-2 - iOS 18.7.7 and iPadOS 18.7.7 addresses bypass, null pointer, out of bounds access, and use-after-free vulnerabilities...

Apple Security Advisory 03-24-2026-1

Apple Security Advisory 03-24-2026-1 - iOS 26.4 and iPadOS 26.4 addresses buffer overflow, bypass, information leakage, null pointer, out of bounds access, and use-after-free vulnerabilities...

ROS-20260330-73-0002

A vulnerability in the media/dvb-frontends/dib7000p.c component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

PT-2026-29123

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http auth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

ANT-2026-TZQ1KH7E · libyang · Use-After-Free

use-after-free medium GHSA-9f49-8x56-jmjc Severity Claude medium · Security research firm medium · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Trail of Bits. ANT-2026-TZQ1KH7E: Heap...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the tunnelCloseHandler process. An attacker can cause repeated handler goroutine panics and resource leaks by attempting to close a reverse tunnel when the tunnel reference is nil. Remediation A fix was...

Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted

Summary A nil pointer dereference in tunnelCloseHandler causes the handler goroutine to panic whenever a reverse tunnel rportfwd close is attempted. Both the legitimate close path AND the unauthorized close path dereference tunnel.SessionID where tunnel is guaranteed nil. This means rportfwd...

GHSA-C279-989M-238F Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted

Summary A nil pointer dereference in tunnelCloseHandler causes the handler goroutine to panic whenever a reverse tunnel rportfwd close is attempted. Both the legitimate close path AND the unauthorized close path dereference tunnel.SessionID where tunnel is guaranteed nil. This means rportfwd...

LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

...

EUVD-2018-21702

SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute...

EUVD-2018-21698

Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwri...

EUVD-2016-10847

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpych...

EUVD-2016-10839

TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the...

CVE-2016-20043

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...

CVE-2016-20044

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...

UBUNTU-CVE-2018-25222

SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute...