UBUNTU-CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

CVE-2026-33069

PJSIP (C library for SIP media) versions 2.16 and earlier are affected by a cascading out-of-bounds heap read in pjsip_multipart_parse. After matching a boundary, curptr is advanced past the delimiter without checking for buffer end, allowing reading 1–2 bytes of adjacent heap memory. This impact...

CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

CVE-2026-32947 Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS DoH vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like...

CVE-2026-32945

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

CVE-2025-65102

CVE-2025-65102 affects PJSIP with Opus in the receiving direction. Prior to version 2.16, Opus PLC may zero-fill the input frame if the decoder ptime differs from the input frame length (based on stream ptime), causing a memory overwrite and potential unexpected process termination. The issue is ...

EUVD-2002-0801

Malware in sbrugna...

EUVD-2022-49261

Malicious code in bioql PyPI...

NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.

...

PT-2023-26540 · Nasm +1 · Nasm +1

Name of the Vulnerable Software and Affected Versions: nasm version 2.16 Description: A stack-based buffer over-read issue in the disasm function allows attackers to cause a denial of service. Recommendations: For nasm version 2.16, at the moment, there is no information about a newer version tha...

PT-2023-26541 · Nasm +1 · Nasm +1

Name of the Vulnerable Software and Affected Versions: nasm version 2.16 Description: The issue is a stack-based buffer over-read in the disasm component, which allows attackers to cause a denial of service, resulting in a crash. Recommendations: For nasm version 2.16, at the moment, there is no...

PT-2023-2366 · Unknown +2 · Netwide Assembler +2

Name of the Vulnerable Software and Affected Versions: Netwide Assembler NASM version 2.16 Description: The issue is related to a heap buffer overflow in the quote for pmake function of the Netwide Assembler NASM. This overflow can occur due to the operation exceeding the memory buffer boundaries...

CVE-2023-0882

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16...

Kron Single Connect 安全漏洞

Kron Single Connect is a comprehensive Privileged Access Management Pam software suite from Kron Turkey. It is designed to create a flexible, centrally managed and layered defense security architecture against insider threats. A security vulnerability exists in Kron Single Connect version 2.16 th...

PT-2023-9325 · Unknown +2 · Netwide Assembler +2

Name of the Vulnerable Software and Affected Versions: Netwide Assembler NASM version 2.16 Description: The issue is related to a global buffer overflow in the dbgdbg typevalue component at /output/outdbg.c. This can potentially allow an attacker to disclose protected information or cause a denia...

PT-2022-20402 · Jenkins · Jenkins Mercurial Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.16 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enabl...

Information disclosure

Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for 1 message.php and 2 messages.php in modules/email/. NOTE: some of these details are obtained from third party information...

Vulnerability in Crypt::CBC Perl module, versions <= 2.16

Perl Module Security Advisory ------------------------------------------------------------------------------- Title: Crypt::CBC ciphertext weakness when using certain block algorithms Severity: High Versions: All versions = 2.16. Date: 23 February 2006...