641 matches found
CVE-2026-35215 Firebird: DoS via malicious slice descriptor in slice packet
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...
CVE-2026-28212
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...
EUVD-2026-23462
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...
PT-2026-33484
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl desc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causin...
Linux Distros Unpatched Vulnerability : CVE-2026-35444
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are us...
DEBIAN-CVE-2026-35444
SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...
CVE-2026-35444
The CVE-2026-35444 issue affects SDL_image’s XCF loader (src/IMG_xcf.c). In do_layer_surface(), pixel indices from decoded XCF tile data are used directly as colormap indices without validating against cm_num, enabling heap out-of-bounds reads (up to 762 bytes past the colormap allocation) for bo...
CVE-2026-35444 SDL_image has a heap buffer overflow READ via unchecked colormap index in XCF loader
SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...
CVE-2026-35444
SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...
CVE-2026-35413 Directus GraphQL Schema SDL Disclosure Setting
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQLINTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries schema, type. However, the serverspecsgraphql resolver on the /graphql/system endpoint...
CVE-2026-35413 Directus GraphQL Schema SDL Disclosure Setting
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQLINTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries schema, type. However, the serverspecsgraphql resolver on the /graphql/system endpoint...
CVE-2026-35413
Directus CVE-2026-35413 exposes schema structure via the server_specs_graphql resolver on /graphql/system when GRAPHQL_INTROSPECTION is false. Multiple trusted sources (Directus advisories, Red Hat, OSV, Snyk, etc.) confirm that before version 11.16.1, SDL-style schema data could be retrieved by ...
CVE-2026-35413 Directus GraphQL Schema SDL Disclosure Setting
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQLINTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries schema, type. However, the serverspecsgraphql resolver on the /graphql/system endpoint...
GHSA-WXWM-3FXV-MRVX Directus: GraphQL Schema SDL Disclosure Setting
Summary When GRAPHQLINTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries schema, type. However, the serverspecsgraphql resolver on the /graphql/system endpoint returns an equivalent SDL representation of the schema and was not subject to the same...
[SECURITY] Fedora 43 Update: SDL3_sound-3.0.0~20260117gitb00e4a3-1.fc43
SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...
[SECURITY] Fedora 44 Update: SDL2_sound-2.0.5^20260117git1be041b-1.fc44
SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...
openSUSE 16 Security Update : freerdp (openSUSE-SU-2026:20339-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20339-1 advisory. Update to version 3.22.0 jscPED-15526: - Major bugfix release: Complete overhaul of SDL client Introduction of new WINPRATTRNODISCARD macro...
OPENSUSE-SU-2026:20339-1 Security update for freerdp
This update for freerdp fixes the following issues: Update to version 3.22.0 jscPED-15526: + Major bugfix release: Complete overhaul of SDL client Introduction of new WINPRATTRNODISCARD macro wrapping compiler or C language version specific nodiscard attributes Addition of WINPRATTRNODISCARD to...
Fedora 45 : SDL3_sound (2026-6887ad5a22)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6887ad5a22 advisory. Automatic update for SDL3sound-3.0.020260117gitb00e4a3-1.fc45. Changelog Thu Mar 5 2026 Dominik 'Rathann' Mierzejewski - 3.0.020260117gitb00e4a3-1 - update t...
Linux Distros Unpatched Vulnerability : CVE-2026-27950
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is...