CLSA-2026-1777446517 squid: Fix of 3 CVEs

CVE-2019-12521: fix ESI parser off-by-one heap overflow by enforcing a stack-depth limit and throwing on overflow - CVE-2019-12524 already addressed by the CVE-2019-12520 backport same fix upstream; see Squid advisory SQUID-2019:4...

PT-2026-35929

Name of the Vulnerable Software and Affected Versions Text::CSV XS versions prior to 1.62 Description A use-after-free issue exists when registered callbacks extend the Perl argument stack, potentially leading to type confusion or memory corruption. The Parse, print, getline, and getline all...

PT-2026-35922

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU V3 versions prior to V3.0.0-B20220304.1804 Description A stack-based buffer overflow exists in the formMapDelDevice function. This issue occurs via the hostname parameter. A stack-based buffer overflow is a condition where a...

TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU is a wireless router product from TOTOLINK Corporation. Versions of TOTOLINK A3002RU such as V3.0.0-B20220304.1804 and earlier contain security vulnerabilities. These vulnerabilities stem from a stack-based buffer overflow vulnerability in the hostname parameter within the...

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

Allok Video Converter 安全漏洞

Allok Video Converter is a video encoding tool developed by Allok Corporation. Version 2.6.1217 of Allok Video Converter contains a security vulnerability. This vulnerability stems from a stack-based buffer overflow issue, which could allow local attackers to overwrite execution code by triggerin...

PT-2026-36007

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description When processing the header of an incoming message, libnv fails to properly validate the message size. This lack of validation allows a malicious program to write outside the bounds of a heap...

FreeBSD-SA-26:16.libnv

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:16.libnv Security Advisory The FreeBSD Project Topic: Stack overflow via select file descriptor set overflow Category: core Module: libnv Announced:...

FreeBSD -- Stack overflow via select() file descriptor set overflow

Problem Description: When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. Impact: An attacker who is able to force a libnv applicati...

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.8.0 to 4.14.4 contained security vulnerabilities. These...

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWALL SonicOS, which stems from a stack buffer overflow issue after authentication. This vulnerability may allow...

Unity Linux 20.1070e Security Update: binutils (UTSA-2026-015467)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015467 advisory. A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c...

PT-2026-36010

Name of the Vulnerable Software and Affected Versions dhclient affected versions not specified Description When building an environment to pass to dhclient-script, the software may resize the array of string pointers. The code responsible for expanding this array incorrectly calculates the new...

CVE-2026-36837

CVE-2026-36837 affects TOTOLINK A3002RU V3

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015461)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015461 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick...

FreeBSD Security Advisory - FreeBSD-SA-26:14.pf

FreeBSD Security Advisory - Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic...

PT-2026-36009

Name of the Vulnerable Software and Affected Versions FreeBSD dhclient affected versions not specified Description The FreeBSD DHCP client fails to escape embedded double-quotes when writing the BOOTP file field to the lease file. This allows a rogue DHCP server on the same network to inject...

PT-2026-36008

Name of the Vulnerable Software and Affected Versions libnv affected versions not specified Description When exchanging data over a socket, the software uses the select function to wait for data. It fails to verify if the provided socket descriptor exceeds the file descriptor set size limit of FD...

PT-2026-36011

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...