59920 matches found
libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...
CVE-2026-42959
A flaw was found in Unbound's DNSSEC validator when constructing chase-reply messages for validation. The code uses the wrong counter to calculate write offsets for ADDITIONAL section resource record sets. When a DNAME chain is combined with authority filtering, an uninitialized array slot is...
libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...
CVE-2026-42959
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...
CLSA-2026-1779271865 vim: Fix of 2 CVEs
CVE-2026-35177: fix path traversal in zip.vim — block .. components via simplify in zipWrite and zipExtract upstream vim 9.2.0280 + CVE-2025-53906 prereq combined...
CLSA-2026-1779271299 vim: Fix of 2 CVEs
CVE-2026-35177: fix path traversal in zip.vim — block .. components via simplify in zipWrite and zipExtract upstream vim 9.2.0280 + CVE-2025-53906 prereq combined...
CVE-2026-42959 Crash during DNSSEC validation of malicious content
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...
CVE-2026-42959 Crash during DNSSEC validation of malicious content
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...
EUVD-2026-31084
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...
Malicious code in local-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...
MAL-2026-4601 Malicious code in local-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...
Astra Linux - уязвимость в djvulibre
A flaw was discovered in djvulibre-3.5.28 and earlier. An out-of-bounds write operation in the DJVU::filterbv function, through a crafted djvu file, may cause the application to crash and lead to other issues...
Astra Linux – Vulnerability in virglrenderer
A heap-based buffer overflow in the vrendrenderertransferwriteiov function in vrendrenderer.c in virglrenderer from version 0.8.0 allows guest OS users to cause a denial of service through VIRGLCCMDRESOURCEINLINEWRITE commands...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Clean up only the newly added IRQ mapping when requestirq fails. The mlx5irqalloc function may inadvertently free the entire rmap, leading to a crash when other threads attempt to access it. This issue occurs when...
Astra Linux - уязвимость в firefox, thunderbird
Methods AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding, and AppendEncodedCharacters may experience integer overflows, resulting in underallocation of an output buffer and thus causing out-of-bounds write attacks. This vulnerability affects Firefox 124, Firefox ESR 115.9, and...
Astra Linux - уязвимость в chromium
The use of after-free in Blink in Google Chrome before version 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в vim
Out-of-bounds write in the GitHub repository for Vim/Vim before version 9.0...
Astra Linux - уязвимость в chromium
In Mojo within Google Chrome, before version 99.0.4844.51, unauthorized memory access allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: HID: mcp2221: prevented a buffer overflow in mcpsmbuswrite Match Warning: drivers/hid/hid-mcp2221.c:388 mcpsmbuswrite error: memcpy ‘&mcp-txbuf5’ is too small 59 vs 255 drivers/hid/hid-mcp2221.c:388 mcpsmbuswrite error: memcpy...