411 matches found
CVE-2026-40454
CVE-2026-40454 affects the Apache IoTDB C++ client. The issue is an out-of-bounds read caused by improper input validation in the TsBlock deserializer, which can crash the client when processing malformed server data. Affected ranges are IoTDB C++ client: 1.3.5–1.3.7 and 2.0.5–2.0.9; upgrading to...
CVE-2026-40454 Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data
Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...
EUVD-2026-41005
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...
CVE-2026-2891
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...
PT-2026-52991
Name of the Vulnerable Software and Affected Versions H.View HV-500S6 IP Camera affected versions not specified Description Certificate-related upload interfaces allow authenticated users to store arbitrary file content in fixed, persistent filesystem locations. The system fails to validate the...
Astra Linux – Vulnerability in exim4
In Exim before 4.99.2, when utf8 operators are enabled, there is a vulnerability where an out-of-bounds read can occur if large UTF-8 trailing characters are present malformed UTF-8 header data. Information may be disclosed within an error message generated during the processing of an unrelated...
CVE-2026-10658
btisorecv in subsys/bluetooth/host/iso.c pulled the ISO SDU header 4 bytes or, when the timestamp flag is set, the timestamped SDU header 8 bytes from the inbound HCI ISO Data buffer via netbufpullmem without first checking buf-len. The upstream hciiso handler enforces buf-len == the...
CVE-2026-10658 Out-of-bounds access in Bluetooth ISO receive (`bt_iso_recv`) due to missing SDU-header length validation
btisorecv in subsys/bluetooth/host/iso.c pulled the ISO SDU header 4 bytes or, when the timestamp flag is set, the timestamped SDU header 8 bytes from the inbound HCI ISO Data buffer via netbufpullmem without first checking buf-len. The upstream hciiso handler enforces buf-len == the...
CVE-2026-54911 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...
PT-2026-48547
Name of the Vulnerable Software and Affected Versions russh versions 0.34.0 through 0.60.2 Description Several client and server message handlers decode attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer can...
CVE-2026-40951
CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service...
CVE-2021-4479
Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload...
CVE-2021-4479 Dräger Atlan A350 1.00 <= 1.01 DoS via Medibus Interface
Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload...
CVE-2019-25723
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...
CVE-2019-25723 Dräger Perseus A500 2.00-2.02 DoS via Medibus Interface
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...
CVE-2019-25723 Dräger Perseus A500 2.00-2.02 DoS via Medibus Interface
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...
PT-2026-45812
Name of the Vulnerable Software and Affected Versions Dräger Perseus A500 versions 2.00 through 2.02 Description Improper input handling allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. This can overlo...
GHSA-W5PP-99CH-QJ29 go-git: Malformed Git object data may cause panics or resource exhaustion
Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...