219826 matches found
EUVD-2025-209631
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size...
CVE-2025-47406
CVE-2025-47406 is a DSP Service buffer over-read vulnerability where information disclosure can occur during processing of IOCTL handler callbacks without verifying the input buffer size. The NVD entries describe the issue as Information Disclosure with a CVSSv3.1 base score of 6.1 (Medium), with...
CVE-2025-47406 Buffer Over-read in DSP Service
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size...
CVE-2025-47406
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size...
CVE-2025-47405
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
EUVD-2025-209630
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
CVE-2025-47405
CVE-2025-47405 describes memory corruption that occurs when processing camera sensor IO controls with invalid output buffers. The connected CVE records call it an untrusted pointer dereference in the camera path, linking root cause to dereferencing pointers derived from untrusted inputs during IO...
CVE-2025-47405 Untrusted Pointer Dereference in Camera
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
CVE-2025-47405 Untrusted Pointer Dereference in Camera
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-security-web (CVE-2026-22732)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-22732 reported for spring-security-web-6.4.12.jar. Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring Security, there is the...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jasperreports (CVE-2025-10492)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-10492 reported for jasperreports-7.0.2.jar. Vulnerability Details CVEID:CVE-2025-10492 DESCRIPTION: A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2025-66168)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-66168 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2025-66168 DESCRIPTION: WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2026-2332)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-2332 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "fun...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-server (CVE-2026-1605)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-1605 reported for jetty-server-12.0.25.jar. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-34197)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-34197 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-34197 DESCRIPTION: Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broke...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-39304)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-39304 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-39304 DESCRIPTION: Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ...
JLSEC-2026-397
When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...
CVE-2026-3120
Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...
Improper Access Control
Apache Storm is vulnerable to Improper Access Control. The vulnerability is due to fail-open handling of TLS client authentication in TlsTransportPlugin, where SSLPeerUnverifiedException is suppressed and a fallback principal CN=ANONYMOUS is assigned, allowing unauthenticated clients to obtain a...
CVE-2026-7246
A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit function, allows an attacker with an unprivileged account to execute arbitrary operating system OS commands. This could lead to unauthorized control over the affected system...