RHEL 9 : golang (RHSA-2026:7883)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7883 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...

PT-2026-32278

Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

PT-2026-32244

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:7878)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7878 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...

PT-2026-32524

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-44 ImageMagick versions prior to 7.1.2-19 Description The viff encoder contains an integer truncation or wraparound issue on 32-bit builds. This can trigger an out of bounds heap write, potentially causing ...

PT-2026-32529

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-44 ImageMagick versions prior to 7.1.2-19 Description An integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds, resulting in an out-of-bounds write. Recommendations Upda...

PT-2026-32538

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19 Description A crafted image could result in an out of bounds heap write a memory corruption error where data is written outside the boundaries of an allocated heap memory block when writing a yaml or json...

Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1561)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1561 advisory. OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B4...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:7879)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7879 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the...

Linux Distros Unpatched Vulnerability : CVE-2026-40395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish Enterprise before 6.0.16r12 allows a workspace overflow denial of service daemon panic for shared VCL. The headerplus.writereq0 function from...

SUSE CVE-2026-35206

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

Exploit for CVE-2026-31413

CVE-2026-31413: One Byte in the BPF Verifier to Container Esca...

Varnish Enterprise 安全漏洞

Varnish Enterprise is a high-performance caching software developed by the Varnish company. It is designed for handling high-traffic scenarios and optimizing business operations. Versions of Varnish Enterprise prior to 6.0.16r12 contained security vulnerabilities. These vulnerabilities stemmed fr...

PT-2026-32184

Name of the Vulnerable Software and Affected Versions Varnish Enterprise versions prior to 6.0.16r12 Description Varnish Enterprise versions before 6.0.16r12 are susceptible to a denial of service daemon panic due to a workspace overflow when handling shared VCL. The headerplus.write req0 functio...

FreeBSD : (lib)tiff -- Integer Overflow or Wraparound (766bb9b5-357f-11f1-98f0-00a098b42aeb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 766bb9b5-357f-11f1-98f0-00a098b42aeb advisory. PrymEvol and Quang Luong reports: A flaw was found in the libtiff library. A remote attacker could...

OESA-2026-1843 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...

OESA-2026-1840 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...