GNU

A heap-based buffer overflow vulnerability (CVE-2026-9605) exists in GNU libredwg up to version 0.13.4.8160 within the bit_read_RC function of the Dwgbmp Utility, potentially allowing a remote attacker to execute arbitrary code.

A remote attacker can trigger a heap overread in libgnutls by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, potentially leading to information disclosure.

A remote, anonymous attacker can exploit multiple vulnerabilities in GNU libc to manipulate DNS responses, potentially leading to redirection to malicious sites.

Multiple vulnerabilities in GNU InetUtils allow a remote attacker to execute arbitrary code and disclose sensitive information.

GNU released a security advisory addressing critical vulnerabilities in GNU InetUtils versions prior to 2.8, prompting users to apply necessary updates.

A remote, anonymous attacker can exploit multiple vulnerabilities in GNU libc to execute arbitrary program code, cause a denial-of-service condition, or disclose sensitive information.

A vulnerability in GNUTLS (CVE-2026-42010) allows a remote attacker to bypass authentication on servers configured with RSA-PSK by sending a specially crafted username containing a NUL character, leading to unauthorized access.