CVE-2026-27144

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime...

CVE-2026-27144

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006575)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006575 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: install stub fence into potential unused fence pointers When using cpu to update page...

PT-2026-31060

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The compiler failed to correctly determine non-overlapping memory moves due to a no-op interface conversion, potentially leading to memory corruption during runtime. This issue involves unwrapping...

CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unvalidated extension header type index. This vulnerability may lead to out-of-bound reads and...

PT-2026-30374

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and...

OpenEXR: integer overflow to OOB write in uncompress_b44_impl()

Summary The B44/B44A decoder in OpenEXR reconstructs row pointers into a scratch buffer using int. When the channel width nx is large enough, the product y nx overflows int, causing the row pointer to wrap before the start of the scratch buffer. Subsequent memcpy calls then write decoded pixel...

CVE-2026-23443

A flaw was found in the Linux kernel's ACPI Advanced Configuration and Power Interface processor errata handling. This vulnerability occurs when device pointers are dereferenced after their corresponding device objects have been freed. This can lead to a use-after-free condition, potentially...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checking for empty pointers, potentially leading to dereferencing of empty pointers...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper setting of event pointers, potentially leading to null pointer dereferencing...

CVE-2026-23416

A flaw was found in the Linux kernel. An issue in the memory management mm/mseal component, specifically during the merging of Virtual Memory Areas VMAs, could lead to incorrect updates of VMA end pointers. This could result in stale memory pointers and incorrect starting points for subsequent...

EUVD-2026-17755

The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...

CVE-2026-3777

The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...

CVE-2026-3777

The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...

PT-2026-29437

The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...

PT-2026-36447

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Google Chrome affected versions not specified Description A bug in the Linux kernel's regsafe function occurs when rold-reg-range is BEYOND PKT END and rcur-reg-range is N, potentially causing the...

CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag high nibble and value length low nibble. With a 1-byte buffer 0x0A, the encoded element claims tag=0...

libarchive 安全漏洞

Libarchive is an open-source multi-format archiving and compression library developed by Libarchive. There is a security vulnerability in Libarchive, which stems from the integer overflow in the zisofs block pointer allocation logic on 32-bit systems. This vulnerability may lead to heap buffer...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the pngsettRNS and pngsetPLTE functions, where a heap-allocated buffer is aliased between two structures with independent lifetimes. An attacker can cause memory corruption or potentially execute arbitrary code by...