4 matches found
CVE-2026-53550
js-yaml vulnerability CVE-2026-53550 stems from the merge-key handling (<<) in lib/loader.js, causing quadratic parse-time DoS when processing crafted YAML with repeated aliases prior to version 4.2.0. Affected: js-yaml
EUVD-2026-23496
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...
Azure Linux 3.0 Security Update: kernel (CVE-2024-47742)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47742 advisory. - In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Mos...
RW-4040 driver installer may insecurely load Dynamic Link Libraries
Overview RW-4040 driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reporte...