SUSE-SU-2026:2204-1 Security update for busybox

This update for busybox fixes the following issue - CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow in the DHCPv6 client bsc1263989...

Linux Distros Unpatched Vulnerability : CVE-2026-48686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function...

Astra Linux - уязвимость в qtbase-opensource-src

A issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. There is an incorrect HPack integer overflow check in network/access/http2/hpacktable.cpp...

CVE-2026-37530

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3...

Wireshark 2.4.x < 2.4.10 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.4.10. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.4.10 advisory. - In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was...

Wireshark 1.8.x < 1.8.10 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 1.8.10. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-1.8.10 advisory. - Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before...

BIT-ACTIVEMQ-2025-66168 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

CVE-2026-23833

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

CVE-2023-54329 Inbit Messenger 4.9.0 - Unauthenticated Remote Command Execution (RCE)

Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload t...

PT-2026-2419

Name of the Vulnerable Software and Affected Versions Inbit Messenger versions 4.6.0 through 4.9.0 Description Inbit Messenger versions 4.6.0 through 4.9.0 have a remote command execution issue. Unauthenticated attackers can execute arbitrary commands by exploiting a stack overflow in the...

CVE-2026-21634

A malicious actor with access to the adjacent network could overflow the UniFi Protect Application Version 6.1.79 and earlier discovery protocol causing it to restart. Affected Products: UniFi Protect Application Version 6.1.79 and earlier. Mitigation: Update your UniFi Protect Application to...

PT-2026-1309

Name of the Vulnerable Software and Affected Versions UniFi Protect Application versions 6.1.79 and earlier Description A malicious actor with access to the adjacent network could cause the UniFi Protect Application discovery protocol to overflow, leading to a restart of the application...

CVE-2025-27918

CVE-2025-27918 affects AnyDesk clients prior to the following platform versions: Windows &lt; 9.0.5, macOS &lt; 9.0.1, Linux &lt; 7.0.0, iOS &lt; 7.1.2, and Android

Linux Distros Unpatched Vulnerability : CVE-2020-8597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597 Note that Nessus relies on...

SUSE-SU-2025:20284-1 Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: - CVE-2024-56600: net: inet6: Fixed dangling sk pointer in inet6create bsc1235218. - CVE-2024-57882: mptcp: Fixed TCP options overflow bsc1235916...

Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow

Summary The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is...

UBUNTU-CVE-2023-0666

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark...

PT-2019-4726 · Wind River · Vxworks

Name of the Vulnerable Software and Affected Versions: Wind River VxWorks versions 6.9 through vx7 Description: The issue is related to a buffer overflow in the IPv4 component, specifically a stack overflow when parsing IPv4 packets' IP options. This can be exploited by a remote attacker to execu...

Fuji Electric V-Server Input Validation Error Vulnerability

Fuji Electric V-Server is a suite of software for collecting and managing real-time field data from Fuji Electric Japan. An input validation error vulnerability exists in Fuji Electric V-Server versions prior to 6.0.33.0. The vulnerability originates from a network system or product that does not...

tcpdump: multiple overflow issues in protocol decoding

Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...