CVE-2026-29518

Rsync

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

CVE-2026-42959

A flaw was found in Unbound's DNSSEC validator when constructing chase-reply messages for validation. The code uses the wrong counter to calculate write offsets for ADDITIONAL section resource record sets. When a DNAME chain is combined with authority filtering, an uninitialized array slot is...

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

CLSA-2026-1779271865 vim: Fix of 2 CVEs

CVE-2026-35177: fix path traversal in zip.vim — block .. components via simplify in zipWrite and zipExtract upstream vim 9.2.0280 + CVE-2025-53906 prereq combined...

CLSA-2026-1779271299 vim: Fix of 2 CVEs

CVE-2026-35177: fix path traversal in zip.vim — block .. components via simplify in zipWrite and zipExtract upstream vim 9.2.0280 + CVE-2025-53906 prereq combined...

EUVD-2026-31084

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

CVE-2026-42959 Crash during DNSSEC validation of malicious content

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

CVE-2026-42959 Crash during DNSSEC validation of malicious content

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

MAL-2026-4601 Malicious code in local-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...

Malicious code in local-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ubifs: A fix was made to increment the reference count of a page once it is set as private. The MM structure defines a rule 1 very clearly: once a page is marked with the PGprivate flag, the reference count of that page should be...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: sm712fb: Fixed a crash in smtcfbwrite When the sm712fb driver writes three bytes to the framebuffer, the driver crashes. The issue is due to an inability to handle a page fault for the address: ffffc90001ffffff. RIP...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on ‘actiondata.varrefidx’ When generating a synthetic event with many parameters and then creating a trace action for it 1, a kernel panic occurred 2. This occurs because in traceactioncreate,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: safesetid: The size of policy writes is checked. syzbot attempts to write a buffer of a large size to a sysfs entry. The writing operation is handled by handlepolicyupdate, which triggers a warning in kmalloc. Check the size...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: udf: Fixed a slab-out-of-bounds write bug in udffindentry Syzbot reported a slab-out-of-bounds Write bug: loop0: A capacity change from 0 to 2048 was detected. ==================================================================...