CVE-2026-45083 Goobi viewer: Unauthenticated Solr Streaming Expression Proxy

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...

CVE-2026-45083

Goobi viewer (4.8.0–26.04.0/1) exposed a vulnerable REST endpoint POST /api/v1/index/stream that accepted arbitrary Solr streaming expressions from unauthenticated clients and forwarded them to the backend Solr server without restriction. This allowed reading the complete Solr index and, in defau...

rsync: Rsync: Out of bounds array access via negative index

An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue...

GHSA-2RGP-F66F-4499 Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy

Summary The Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction. An attacker could read the complete Solr index and, in default Solr deployments,...

PT-2026-40722

Name of the Vulnerable Software and Affected Versions Goobi viewer versions 4.8.0 through 26.04.0 Description The REST endpoint "POST /api/v1/index/stream" accepts arbitrary Solr streaming expressions from unauthenticated network clients and forwards them to the backend Solr server without...

PT-2025-8862

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.10 through 6.11 Description A vulnerability in the Linux kernel has been identified, specifically in the brcmfmac driver. The issue arises when the of property read string index function returns an uninitialized value,...

AZL-49977 CVE-2024-46821 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clkidex as an index into an array pptable-DpmDescriptor. V2: fix clkindex return check Tim Huang...

PT-2024-7191

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.8 Description The issue is related to a negative array index read in the Linux kernel, specifically in the drm/amd/pm module. The problem arises from using negative values for clk idex as an index into an...

SUSE CVE-2018-8099

Incorrect returning of an error code in the index.c:readentry function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file...

DEBIAN-CVE-2020-11019

In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOGTRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0...

CVE-2018-7794

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium see security notification for specific versions which could cause a Denial of Service when reading data with invalid index using Modbus TCP...

UBUNTU-CVE-2018-8098

Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service out-of-bounds read via a crafted repository index file...

Libgit2 Integer Overflow Vulnerability

libgit2 is a portable, pure C implementation of the Git core development kit , you can use it to write custom Git applications . An integer overflow vulnerability exists in the index.c:readentry function in versions of libgit2 prior to 0.26.2 when decompressing the length of a compressed prefix. ...

libgit2 Double Release Vulnerability

libgit2 is a portable, pure C implementation of the Git core development kit , you can use it to write custom Git applications . A double release vulnerability exists in versions of libgit2 prior to 0.26.2. The vulnerability arises because the index.c:readentry function fails to return the correc...

OracleVM 3.3 : xen (OVMSA-2015-0067)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86/traps: loop in the correct direction in compatiret This is XSA-136. CVE-2015-4164 - pcnet: force the buffer access to be in bounds during tx 4096 is the maximum length per TMD and it is also...