11 matches found
RLSA-2026:25051 Important: libyang security update
Libyang is YANG data modeling language parser and toolkit written and providing API in C. Security Fixes: libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 For more details about the security issues, including the impact, a CVSS...
libyang security update
An update is available for libyang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Libyang is YANG data modeling language parser and toolkit written and providi...
RLSA-2026:24758 Important: libyang security update
Libyang is YANG data modeling language parser and toolkit written and providing API in C. Security Fixes: libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 For more details about the security issues, including the impact, a CVSS...
RLSA-2026:24545 Important: libyang security update
Libyang is YANG data modeling language parser and toolkit written and providing API in C. Security Fixes: libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 For more details about the security issues, including the impact, a CVSS...
libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob
A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the lybreadstring function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer such as a...
libyang security update
1.0.184-2 - DoS or arbitrary code execution via maliciously crafted LYB binary blob - Resolves: RHEL-177017 - CVE-2026-44673...
ALSA-2026:24545 Important: libyang security update
Libyang is YANG data modeling language parser and toolkit written and providing API in C. Security Fixes: libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 For more details about the security issues, including the impact, a CVSS...
CVE-2026-42097
Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...
EUVD-2026-30931
Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...
PT-2026-41893
Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Authentication is required based on the requested URL. An attacker can bypass this check by omitting the model query parameter and providing the model name only within the...
CVE-2022-49006 tracing: Free buffers when a used dynamic event is removed
In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is available not currently used by other events...