CVE-2026-23323

CVE-2026-23323 concerns the Linux kernel macsmc-hwmon driver on Apple Silicon. The issue stems from two concrete bugs: (1) sensor population logic using the wrong prefix (volt- vs voltage-) and mis-assigning sensors from the voltage array to the temperature array, risking out-of-bounds access or ...

CVE-2026-23323 hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver

In the Linux kernel, the following vulnerability has been resolved: hwmon: macsmc Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sens...

EUVD-2019-19969

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command...

CVE-2019-25614

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command...

CVE-2019-25614 Free Float FTP 1.0 STOR Command Remote Buffer Overflow

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command...

CVE-2019-25614

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command...

CVE-2019-25614

Free Float FTP 1.0 has a remote buffer overflow in the STOR command handler that allows code execution via a crafted oversized STOR payload. An attacker can authenticate with anonymous credentials and send 247 bytes of padding followed by a return address and shellcode to trigger execution on the...

CVE-2019-25614 Free Float FTP 1.0 STOR Command Remote Buffer Overflow

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command...

PT-2026-27002

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command...

Free Float FTP 缓冲区错误漏洞

Free Float FTP is an FTP server software developed by Free Float Corporation. Version 1.0 of Free Float FTP contains a buffer overflow vulnerability. This vulnerability stems from the STOR command processor’s buffer overflow issue, which may allow remote attackers to execute arbitrary code by...

CVE-2026-23747

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The goliothpayloadasint and goliothpayloadasfloat helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived from...

CVE-2026-23747 Golioth Firmware SDK < 0.22.0 Payload Utils Stack-based Buffer Overflow

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The goliothpayloadasint and goliothpayloadasfloat helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived from...

PT-2026-22166

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth payload as int and golioth payload as float helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived...

CVE-2026-1837

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...

CVE-2026-1837 libjxl: Out-of-bounds write in grayscale color transformation when using LCMS2

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...

CVE-2026-25582

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow read vulnerability in CIccIO::WriteUInt16Float when converting malformed XML to ICC profiles via...

CVE-2026-25582 iccDEV vulnerable to Heap Buffer Overflow in CIccIO::WriteUInt16Float()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow read vulnerability in CIccIO::WriteUInt16Float when converting malformed XML to ICC profiles via...

CVE-2026-25582

iccDEV contains a heap-based read buffer overflow in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via the iccFromXml tool. Affected versions are prior to 2.3.1.3. The issue has been patched in version 2.3.1.3. Remediation is to upgrade to 2.3.1.3 or later. Exploitation...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.3 contained security vulnerabilities. These vulnerabilities were caused by a stack buffer overflow in the CIccTagFloatNum::GetValues function, which could...

DEBIAN-CVE-2025-69209

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...