102 matches found
CVE-2026-34554 iccDEV: HBO in CIccApplyCmmSearch::costFunc()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow HBO in CIccApplyCmmSearch::costFunc can be triggered via malformed JSON configuration input to the iccApplySearch tool. AddressSanitizer reports an...
CVE-2026-34537
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...
CVE-2026-34542
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...
CVE-2026-34537
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...
PT-2026-29386
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004211)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004211 advisory. A stack information leak flaw was found in s390/s390x in the Linux kernels memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout...
SUSE CVE-2020-10773
A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in Libxml2
Summary The following vulnerabilities in Libxml2 have been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2020-7595 DESCRIPTION: The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.
Summary The following vulnerability in PHP has been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2018-19518 DESCRIPTION: University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in PHP. Vulnerability Details CVEID: CVE-2019-9641 DESCRIPTION: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libssh2
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilties in libssh2. Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length a...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in SQLite (CVE-2018-20346)
Summary The following vulnerability in SQLite has been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2018-20346 DESCRIPTION: SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FT...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in glib2, libxml2 and ntp
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in glib2, libxml2 and ntp. Vulnerability Details CVEID: CVE-2018-16429 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by an out-of-bounds read in gmarkupparsecontextparse in...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in procps
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in procps. Vulnerability Details CVEID: CVE-2018-1126 DESCRIPTION: procps-ng procps is vulnerable to a buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2018-17082 CVE-2018-14883 CVE-2018-14851 CVE-2017-9118)
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in PHP. Vulnerability Details CVEID: CVE-2018-17082 DESCRIPTION: PHP is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Apache2 component. A remote...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in curl
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in curl. Vulnerability Details CVEID: CVE-2018-1000120 DESCRIPTION: curl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when handling FTP URLs. By persuading a vict...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in APR-util (CVE-2017-12613)
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerability in APR-util. Vulnerability Details CVEID: CVE-2017-12613 DESCRIPTION: Apache Portable Runtime APR could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds array...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in NTP (CVE-2018-12327)
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerability in NTP. Vulnerability Details CVEID: CVE-2018-12327 DESCRIPTION: NTP is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by ntpq and ntpdc. By sending an overly long stri...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in xorg-x11-libX11 (CVE-2018-14598 CVE-2018-14599 CVE-2018-14600)
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in xorg-x11-libX11. Vulnerability Details CVEID: CVE-2018-14600 DESCRIPTION: X.Org libx11 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919)
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid...