39 matches found
CVE-2026-46639
Twig 3.24.0–3.26.0 contains a sandbox bypass in object-destructuring assignment: CoreExtension::getAttribute() is called with sandboxed flag set to false, bypassing security policy checks and allowing a sandboxed template to read public properties or call public getters on objects. The issue is f...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the POJOPropertiesCollector.renameProperties and BeanDeserializerFactory.addBeanProps methods, which rename rather than drop a property whose getter carri...
CVE-2026-44710
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisksdrivegetserial, udisksdrivegetvendor, and udisksdrivegetmodel directly to strcmp without NULL checks. The GIO/UDisks API documentation states these...
EUVD-2026-32370
In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: fix recursive pcilockrescanremove locking in EEH event handling The recent commit 1010b4c012b0 "powerpc/eeh: Make EEH driver device hotplug safe" restructured the EEH driver to improve synchronization with the PCI...
CVE-2026-45904
The CVE-2026-45904 issue affects the Linux kernel’s PowerPC EEH driver, where a restructuring workaround caused a recursive lock scenario around pci_lock_rescan_remove. The problem arose when EEH event handling briefly acquired the PCI bus lock while eeh_pe_bus_get() could also attempt the same l...
CLSA-2026-1779127797 libpng15: Fix of CVE-2026-34757
CVE-2026-34757: Use snapshot-before-free and defer-free patterns to prevent use-after-free when a caller passes a pointer obtained from pnggetPLTE, pnggettRNS, pnggethIST, pnggettext, pnggetsPLT, or pnggetunknownchunks back into the corresponding setter issues 836 and 837...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.2 had a security vulnerability. This vulnerability stemmed from the neutralizeArraySpeciesBatch method...
CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...
CLSA-2026-1773830791 libssh: Fix of CVE-2026-3731
CVE-2026-3731: fix out-of-bounds read in sftpextensionsgetname and sftpextensionsgetdata when idx equals the extension count...
kernel: smb: client: Add check for next_buffer in receive_encrypted_standard()
In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...
CVE-2025-39693
CVE-2025-39693: In the Linux kernel, the vuln affects the DRM AMD display path (drm/amd/display) where NULL pointers could be dereferenced via drm_atomic_get_new_connector_state() or drm_atomic_get_old_connector_state(). The description states the root cause is that these functions can return NUL...
CVE-2025-21844 smb: client: Add check for next_buffer in receive_encrypted_standard()
In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...
DEBIAN-CVE-2024-38573
In the Linux kernel, the following vulnerability has been resolved: cppccpufreq: Fix possible null pointer dereference cppccpufreqgetrate and hisicppccpufreqgetrate can be called from different places with various parameters. So cpufreqcpuget can return null as 'policy' in some circumstances. Fix...
UBUNTU-CVE-2023-52680
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to ctlget The ctlget functions which call scarlett2update were not checking the return value. Fix to check the return value and pass to the caller...
Prototype Pollution
plotly.js is vulnerable to Prototype pollution. The vulnerability is caused due to missing validation against the proto attribute and other internal getters and setters. An attacker can pollute the prototype with properties containing harmful values, which is subsequently used by application...
Information Disclosure
@strapi/utils, @strapi/strapi and @strapi/database is vulnerable to Information Disclosure. The vulnerability exists due to the use of getters for private attributes which allows an attacker to view sensitive attributes because the privateAttributes may be removed unintentionally...
SUSE CVE-2013-1737
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass...
SUSE CVE-2014-1481
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines...
SUSE CVE-2016-1679
The ToV8Value function in content/child/v8valueconverterimpl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via...
UniswapConfig getters return wrong token config if token config does not exist
Handle @cmichelio Vulnerability details Vulnerability Details The UniswapConfig.getTokenConfigBySymbolHash function does not work as getSymbolHashIndex returns 0 if there is no config token for that symbol uninitialized map value, but the outer function implements the non-existence check with -1...