OESA-2026-1917 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1916 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

USN-8177-1 linux, linux-realtime vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

SUSE-SU-2026:21231-1 Security update for freeipmi

This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414...

SUSE-SU-2026:21212-1 Security update for freeipmi

This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414...

AlmaLinux 9 : .NET 8.0 (ALSA-2026:8469)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:8469 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203 dotnet:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007533)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007533 advisory. In the Linux kernel, the following vulnerability has been resolved: gadgetfs: epio - wait until IRQ finishes after usbepqueue if waitforcompletioninterruptible is...

Linux Distros Unpatched Vulnerability : CVE-2026-6069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NASM's disasm function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when slen...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007341)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007341 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix memory leak in ocfs2stackglueinit ocfs2tableheader should be free in ocfs2stackglueini...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007587 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libproxy (UTSA-2026-007216)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007216 advisory. url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007305 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup...

SUSE SLES12 Security Update : tiff (SUSE-SU-2026:1407-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1407-1 advisory. - CVE-2025-61143: Fixed NULL pointer dereference bsc1258798. - CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer bsc1258801...

SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2026:1408-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1408-1 advisory. - CVE-2025-61143: Fixed NULL pointer dereference bsc1258798. - CVE-2025-61144: Fixed stack overflow in...

SUSE CVE-2026-40918

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service DoS. This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted P...

K000160853: Multiple Vim vulnerabilities

Security Advisory Description CVE-2026-28417 Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an...

DEBIAN-CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

CVE-2026-40170

ngtcp2 (QUIC) vulnerability: in versions before 1.22.1, ngtcp2_qlog_parameters_set_transport_params() writes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking, enabling a stack buffer overflow when qlog is enabled and large untrusted parameters are received dur...

CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...