Lucene search
+L

641 matches found

OSV
OSV
added 2026/04/17 6:59 p.m.3 views

CVE-2026-35215 Firebird: DoS via malicious slice descriptor in slice packet

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS7AI score0.00466EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/17 6:5 p.m.3 views

CVE-2026-28212

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...

7.5CVSS5.7AI score0.00503EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/17 6:5 p.m.4 views

EUVD-2026-23462

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...

7.5CVSS5.7AI score0.00503EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.6 views

PT-2026-33484

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl desc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causin...

7.5CVSS5.7AI score0.00466EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-35444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are us...

7.1CVSS7.1AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/04/06 10:16 p.m.5 views

DEBIAN-CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

6.1CVSS5.4AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 9:44 p.m.80 views

CVE-2026-35444

The CVE-2026-35444 issue affects SDL_image’s XCF loader (src/IMG_xcf.c). In do_layer_surface(), pixel indices from decoded XCF tile data are used directly as colormap indices without validating against cm_num, enabling heap out-of-bounds reads (up to 762 bytes past the colormap allocation) for bo...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 9:44 p.m.2 views

CVE-2026-35444 SDL_image has a heap buffer overflow READ via unchecked colormap index in XCF loader

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/06 9:44 p.m.8 views

CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/06 9:34 p.m.1 views

CVE-2026-35413 Directus GraphQL Schema SDL Disclosure Setting

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQLINTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries schema, type. However, the serverspecsgraphql resolver on the /graphql/system endpoint...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References1
OSV
OSV
added 2026/04/06 9:34 p.m.3 views

CVE-2026-35413 Directus GraphQL Schema SDL Disclosure Setting

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQLINTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries schema, type. However, the serverspecsgraphql resolver on the /graphql/system endpoint...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References3
CVE
CVE
added 2026/04/06 9:34 p.m.32 views

CVE-2026-35413

Directus CVE-2026-35413 exposes schema structure via the server_specs_graphql resolver on /graphql/system when GRAPHQL_INTROSPECTION is false. Multiple trusted sources (Directus advisories, Red Hat, OSV, Snyk, etc.) confirm that before version 11.16.1, SDL-style schema data could be retrieved by ...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/06 9:34 p.m.28 views

CVE-2026-35413 Directus GraphQL Schema SDL Disclosure Setting

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQLINTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries schema, type. However, the serverspecsgraphql resolver on the /graphql/system endpoint...

5.3CVSS0.00314EPSS
Exploits0References1
OSV
OSV
added 2026/04/04 6:10 a.m.21 views

GHSA-WXWM-3FXV-MRVX Directus: GraphQL Schema SDL Disclosure Setting

Summary When GRAPHQLINTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries schema, type. However, the serverspecsgraphql resolver on the /graphql/system endpoint returns an equivalent SDL representation of the schema and was not subject to the same...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References3
Fedora
Fedora
added 2026/03/14 2:20 a.m.6 views

[SECURITY] Fedora 43 Update: SDL3_sound-3.0.0~20260117gitb00e4a3-1.fc43

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

5.5CVSS5.8AI score0.00147EPSS
Exploits0
Fedora
Fedora
added 2026/03/14 12:17 a.m.7 views

[SECURITY] Fedora 44 Update: SDL2_sound-2.0.5^20260117git1be041b-1.fc44

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

5.5CVSS5.8AI score0.00147EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.15 views

openSUSE 16 Security Update : freerdp (openSUSE-SU-2026:20339-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20339-1 advisory. Update to version 3.22.0 jscPED-15526: - Major bugfix release: Complete overhaul of SDL client Introduction of new WINPRATTRNODISCARD macro...

9.8CVSS6.9AI score0.0375EPSS
Exploits22References120
OSV
OSV
added 2026/03/10 12:34 p.m.3 views

OPENSUSE-SU-2026:20339-1 Security update for freerdp

This update for freerdp fixes the following issues: Update to version 3.22.0 jscPED-15526: + Major bugfix release: Complete overhaul of SDL client Introduction of new WINPRATTRNODISCARD macro wrapping compiler or C language version specific nodiscard attributes Addition of WINPRATTRNODISCARD to...

9.8CVSS6AI score0.0375EPSS
Exploits22References76
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.8 views

Fedora 45 : SDL3_sound (2026-6887ad5a22)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6887ad5a22 advisory. Automatic update for SDL3sound-3.0.020260117gitb00e4a3-1.fc45. Changelog Thu Mar 5 2026 Dominik 'Rathann' Mierzejewski - 3.0.020260117gitb00e4a3-1 - update t...

5.5CVSS5.9AI score0.00147EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-27950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is...

8.7CVSS5.9AI score0.00427EPSS
Exploits0References4
Rows per page
Query Builder