97 matches found
OPENSUSE-SU-2026:20812-1 Security update for cups
This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...
SUSE-SU-2026:21871-1 Security update for cups
This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...
CVE-2026-42446 NanaZip: Stack out-of-bounds read in NanaZip ZealFS bitmap parser
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the...
PT-2026-40360
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the...
CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
CVE-2026-43453
CVE-2026-43453 is a Linux kernel issue in the netfilter nft_set_pipapo path. The bug is a stack out-of-bounds read in pipapo_drop(), where rulemap[i+1].n is passed to pipapo_unmap() on every iteration, including the last when i == m->field_count-1. This reads past the end of the stack-allocate...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: objtool, nvmet: Fix out-of-bounds stack access in nvmetctrlstateshow The cstsstatenames array only has six sparse entries, but the iteration code in nvmetctrlstateshow iterates seven, resulting in a potential out-of-bounds stack...
Astra Linux - уязвимость в firefox
An attacker could read 32 bits of values that were spilled onto the stack in a JIT-compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...
MiracleLinux 9 : glibc-2.34-60.el9.7 (AXSA:2023-6486:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6486:05 advisory. glibc: buffer overflow in ld.so leading to privilege escalation CVE-2023-4911 glibc: Stack read overflow in getaddrinfo in no-aaaa mode CVE-2023-452...
MiracleLinux 8 : kernel-4.18.0-477.27.1.el8_8 (AXSA:2023-6444:26)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6444:26 advisory. kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: UAF in nftables when nftsetlookupglobal triggered after handling...
MiracleLinux 8 : glibc-2.28-225.el8.6 (AXSA:2023-6476:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6476:04 advisory. glibc: buffer overflow in ld.so leading to privilege escalation CVE-2023-4911 glibc: Stack read overflow in getaddrinfo in no-aaaa mode CVE-2023-452...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002792)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002792 advisory. The checkstackboundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or...
CVE-2025-12829
An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...
CVE-2025-12829
An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...
CVE-2025-12829
An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...
EUVD-2025-38328
An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...
CVE-2025-12829
An uninitialized stack read issue exists in Amazon Ion-C versions v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version...
PT-2025-45475
Name of the Vulnerable Software and Affected Versions Amazon Ion-C versions prior to 1.1.4 Description An uninitialized stack read issue exists that may allow an attacker to craft data and serialize it to Ion text. This could expose sensitive data in memory through UTF-8 escape sequences...
EUVD-2015-8776
Malware in sbrugna...
EUVD-2017-9004
Malware in sbrugna...