11 matches found
EulerOS 2.0 SP13 : xz (EulerOS-SA-2026-2319)
According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an...
JLSEC-2026-462
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...
ALPINE-CVE-2026-34743
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...
CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...
CVE-2026-34743
XZ Utils contains a vulnerability (CVE-2026-34743) in lzma_index_append() when decoding an empty index with lzma_index_decoder(), which could leave the index in a state that permits a buffer overflow. The issue affects versions prior to 5.8.3; a patch is available in 5.8.3. Affected component is ...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000383)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000383 advisory. A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impac...
DEBIAN-CVE-2022-21664
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...
WordPress plugin SQL注入漏洞
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress has a SQL injection vulnerability in versions prior to 5.8.3, which stems from the lack of validation of externally...
Linux kernel information disclosure vulnerability (CNVD-2020-51796)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An information disclosure vulnerability exists in Linux kernel before version 5.8.3, which stems from a TOCTOU mismatch in the NFS client code. An attacker can exploit...
Fork CMS Cross-Site Scripting Vulnerability (CNVD-2020-31119)
Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in Fork versions prior to 5.8.3. The vulnerability stems from the lack of proper validation of...
New Relic for iOS Agent Denial of Service Vulnerability
New Relic for iOS Agent is a suite of cloud-based application monitoring and management platforms running on iOS and based on SaaS Software as a Service from New Relic. A denial of service vulnerability exists in New Relic for iOS Agent versions prior to 5.8.3. An attacker could exploit this...