184 matches found
CVE-2026-58379
The CVE-2026-58379 vulnerability affects GIMP 's Paint Shop Pro (PSP) file format parser. It is a heap buffer overflow caused by incorrect buffer size calculations when processing low bit-depth PSP images , which can lead to arbitrary code execution or DoS when a user opens a crafted image. The p...
PYSEC-2026-361 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...
EulerOS 2.0 SP15 : nghttp2 (EulerOS-SA-2026-2494)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...
CVE-2026-53044
In the Linux kernel, the following vulnerability has been resolved: soc/tegra: cbb: Fix incorrect ARRAYSIZE in fabric lookup tables Fix incorrect ARRAYSIZE usage in fabric lookup tables which could cause out-of-bounds access during target timeout lookup...
CVE-2026-53044
In the Linux kernel, the issue affects the soc/tegra: cbb fabric lookup tables due to incorrect ARRAY_SIZE usage. The root cause is an ARRAY_SIZE miscalculation that could lead to out-of-bounds access during target timeout lookup. This has been fixed in the referenced commits; the vulnerability i...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: 1. Deleting the last element does not require moving elements. In fact, the element at position i+1 is out of bounds. 2...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...
EulerOS 2.0 SP13 : nghttp2 (EulerOS-SA-2026-2303)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...
EulerOS 2.0 SP13 : nghttp2 (EulerOS-SA-2026-2346)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...
CVE-2026-11792
A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...
EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2026-2219)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...
EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2026-2256)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...
EulerOS Virtualization 2.12.0 : nghttp2 (EulerOS-SA-2026-2107)
According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...
EulerOS Virtualization 2.10.0 : nghttp2 (EulerOS-SA-2026-2057)
According to the versions of the nghttp2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...
CVE-2026-47333
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in invalid data...
Canonical Ubuntu Linux 安全漏洞
Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux versions 6.8, 6.17, and 7.0 have security vulnerabilities. These vulnerabilities stem from an incorrect calculation of the internal buffer size, which may lead to out-of-bound...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Use the correct buffer size when parsing configfs lists This commit fixes the support for the uvc gadget on 32-bit platforms. The commit 0df28607c5cb “usb: gadget: uvc: Generalize helper functions for reuse”...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: A retry logic was added in net6rtnotify. inet6rtnotify can only be called under RCU protection. This means that the route may be changed concurrently, and rt6fillnode might return -EMSGSIZE. The skb should be resized whe...
Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1647)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1647 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API...
CVE-2026-43476
A flaw was found in the Linux kernel, specifically within a module responsible for handling sensor data. This vulnerability is caused by an error in calculating the correct size for a data buffer. An attacker could potentially exploit this issue to corrupt memory, which might lead to the system...