17015 matches found
CVE-2026-59860
Kiota is an OpenAPI-based HTTP client code generator. Prior to 1.32.3, it is affected by a code-generation injection in the C# XML documentation-comment sink when OpenAPI descriptions are written into single-line /// comments without stripping newline/Unicode terminators, allowing injection into ...
UBUNTU-CVE-2026-38753
A use-after-free in the awksub function editors/awk.c of Busybox...
CVE-2026-38752
A stack overflow in the evaluate function editors/awk.c of BusyBox commit 371fe9 allows attackers to cause a Denial of Service DoS via supplying a crafted AWK script...
PT-2026-60313
Name of the Vulnerable Software and Affected Versions Busybox version 1.38.0 Description A heap overflow occurs in the ifsbreakup function located in shell/ash.c. This issue allows attackers to cause a Denial of Service DoS by providing a specially crafted input. A heap overflow is a memory...
[SECURITY] Fedora 44 Update: log4cxx-1.7.0-2.fc44
Log4cxx is a popular logging package written in C++. One of its distinctive features is the notion of inheritance in loggers. Using a logger hierarchy it is possible to control which log statements are output at arbitrary granularity. This helps reduce the volume of logged output and minimize the...
[SECURITY] Fedora 44 Update: perl-HTML-Gumbo-0.19-1.fc44
Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies...
CVE-2026-40454 Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data
Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...
[SECURITY] Fedora 44 Update: c-ares-1.34.7-1.fc44
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
UBUNTU-CVE-2026-59858
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...
CVE-2026-59858
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...
CVE-2026-59858
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...
CVE-2026-59858
Vim prior to 9.2.0735 is affected by CVE-2026-59858 where the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: entry field into a :vimgrep pattern without escaping. This allows a crafted tag field to close the search pattern and append an arbitrary...
glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width
A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...
Moderate: Red Hat Security Advisory: compat-glibc security update
An update for compat-glibc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
CVE-2026-33630
A flaw was found in c-ares. A use-after-free / double-free vulnerability exists in the query-completion handling path, where a query callback is invoked while the query is still linked in internal lookup structures. A remote attacker can exploit this via aresgetaddrinfo over TCP by sending crafte...
EUVD-2026-42275
App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...
OPENSUSE-SU-2026:11210-1 cargo-c-0.10.23-1.1 on GA media
These are all security issues fixed in the cargo-c-0.10.23-1.1 package on the GA media of openSUSE Tumbleweed...
c-ares: c-ares: Use-after-free / double-free in query-completion handling
A flaw was found in c-ares. A use-after-free / double-free vulnerability exists in the query-completion handling path, where a query callback is invoked while the query is still linked in internal lookup structures. A remote attacker can exploit this via aresgetaddrinfo over TCP by sending crafte...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: c-ares: c-ares-1.34.7-1.hum1 aarch64, x8664 c-ares-devel-1.34.7-1.hum1 aarch64, x8664 c-ares-1.34.7-1.hum1.src src...
Linux Distros Unpatched Vulnerability : CVE-2026-33630
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - c-ares - None Red Hat Enterprise Linux - c-ares: c-ares: Use-after-free / double-free in query-completion handling Ubuntu Linux - Unknown...