2513 matches found
Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.1-py3-none-any.whl, pyjwt-2.11.0-py3-none-any.whl which is vulnerable to CVE-2026-32597.
Summary IBM Edge Data Collector uses PyJWT-2.10.1-py3-none-any.whl, pyjwt-2.11.0-py3-none-any.whl which is vulnerable to CVE-2026-32597. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-32597 DESCRIPTION: PyJWT is a JSON Web Token implementatio...
Security Bulletin: IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063.
Summary IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versio...
Security Bulletin: IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800.
Summary IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800. This bulletin contains information addressing the vulnerabilities. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier...
Security Bulletin: IBM Edge Data Collector uses lodash-4.17.23.tgz, lodash-es-4.17.23.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800.
Summary IBM Edge Data Collector uses lodash-4.17.23.tgz, lodash-es-4.17.23.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800. This bulletin contains information addressing the vulnerabilities. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier...
The vulnerability of the GC component in the Firefox browser and the Thunderbird email client allows a hacker to trigger a service failure.
The vulnerability of the GC component in the Firefox browser and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the GC component in the Firefox web browser and the Thunderbird email client, which allows a hacker to trigger a service failure
The vulnerability of the GC component in the Firefox web browser and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to cause a service failure...
Security Bulletin: IBM Edge Data Collector uses black-24.10.0-py3-none-any.whl which is vulnerable to CVE-2026-31900, CVE-2026-32274.
Summary IBM Edge Data Collector uses black-24.10.0-py3-none-any.whl which is vulnerable to CVE-2026-31900, CVE-2026-32274. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-31900 DESCRIPTION: Black is the uncompromising Python code formatter...
Security Bulletin: IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904
Summary IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for...
Security Bulletin: IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2025-13465.
Summary IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2025-13465. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to...
Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471.
Summary Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-59471 DESCRIPTION: A denial of service vulnerability exists in self-hosted...
OneCollector exporter reads unbounded HTTP response bodies
Summary When exporting telemetry to a back-end/collector over HTTP using the OpenTelemetry.Exporter.OneCollector exporter, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause...
CVE-2026-26204 Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertData
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...
CVE-2026-26204
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...
CVE-2026-26204
Wazuh versions 1.0.0–4.14.3 are affected by a heap-based out-of-bounds write in GetAlertData that writes a NULL byte 1 byte before the start of the buffer allocated by strdup, due to an unsigned underflow. This corrupts heap metadata and can allow a compromised agent to cause denial of service or...
EUVD-2026-26259
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...
CVE-2026-26204 Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertData
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...
PT-2026-35961
Name of the Vulnerable Software and Affected Versions Wazuh versions 1.0.0 through 4.14.3 Description A heap-based out-of-bounds WRITE occurs in the GetAlertData function. This is caused by an unsigned integer underflow and pointer arithmetic wrapping, which results in a NULL byte being written...
SUSE CVE-2026-31455
In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...
CVE-2026-31455
In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...
CVE-2026-31455
CVE-2026-31455 pertains to the Linux kernel, specific to the XFS unmount path. During unmount, in xfs_unmount_flush_inodes(), the AIL is pushed while background reclaim and inodegc may still be running, which can lead to inodes being dirtied or re-queued into the AIL. The provided fix reorders th...