107 matches found
SUSE-SU-2026:20822-1 Security update for systemd
This update for systemd fixes the following issues: Security issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. - CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. - udev: check for invalid...
EUVD-2026-12995
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...
CVE-2026-4407
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...
UBUNTU-CVE-2026-4407
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...
CVE-2026-4407
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...
CVE-2026-4407 Out-of-bounds array write in Xpdf 4.06 due to missing validation
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...
Xpdf 安全漏洞
Xpdf is a free PDF viewer and toolkit provided by Xpdf Inc., including text extractors, image converters, HTML converters, etc. Versions of Xpdf 4.06 and earlier have security vulnerabilities, which stem from improper validation of the N field in the ICC based color space, potentially leading to...
PT-2026-26161
CVE-2026-4407 Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces. https://t.co/6EPmHSJwhy...
CVE-2026-29085
CVE-2026-29085 – Hono SSE field-injection risk . IBM reports that the Hono-based Node.js module used by IBM App Connect Enterprise contains a vulnerability in streamSSE() within Streaming Helper prior to 4.12.4, where event, id, and retry fields were not validated for CR/LF characters. Since SSE ...
Hono Vulnerable to SSE Control Field Injection via CR/LF in writeSSE()
Summary When using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if...
Kruise 代码问题漏洞
Kruise is an open-source application developed by OpenKruise. Versions of Kruise prior to 1.8.3 and 1.7.5 contained code vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the Host field in the PodProbeMarker’s webhook validation, which could allow attackers with...
Unity Linux 20.1060e / 20.1070e Security Update: wireshark (UTSA-2026-005364)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005364 advisory. In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msgdlmap.c by...
CVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...
CVE-2024-2105
CVE-2024-2105 concerns JBL Bluetooth audio devices where an unauthorised nearby attacker can trigger a deadlock during BLE connection requests due to improper validation of the ICM field. Related records reference JBL products but do not disclose exact affected versions, exploit details, or remed...
CVE-2024-2105 JBL: Improper validation of ICM field in connection requests
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices...
CVE-2022-50671
CVE-2022-50671 : In the Linux kernel, the RDMA/rxe path had a NULL pointer dereference during rxe_queue_init failure. Specifically, when rxe_qp_init_req fails, qp->req.task.func and qp->req.task.arg may remain uninitialized. If qp creation subsequently fails, rxe_create_qp invokes rxe_qp_do...
Siemens RUGGEDCOM ROX II 注入漏洞
Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that stems from insufficient validation of SCEP client fields, which can be exploited by an attacker to cause execution of arbitrary...
BACnet Test Server 资源管理错误漏洞
BACnet Test Server is a testing tool for BACnet protocol devices from BACnet USA. A resource management error vulnerability exists in BACnet Test Server version 1.01 and prior versions that stems from failure to properly validate the BVLC Length field in BACnet/IP BVLC packet processing, which...
EUVD-2007-4357
Malware in sbrugna...
EUVD-2008-5373
Malware in sbrugna...