407 matches found
CVE-2026-40454
CVE-2026-40454 affects the Apache IoTDB C++ client. The issue is an out-of-bounds read caused by improper input validation in the TsBlock deserializer, which can crash the client when processing malformed server data. Affected ranges are IoTDB C++ client: 1.3.5–1.3.7 and 2.0.5–2.0.9; upgrading to...
CVE-2026-40454 Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data
Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...
EUVD-2026-41005
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...
CVE-2026-2891
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...
PT-2026-52991
Name of the Vulnerable Software and Affected Versions H.View HV-500S6 IP Camera affected versions not specified Description Certificate-related upload interfaces allow authenticated users to store arbitrary file content in fixed, persistent filesystem locations. The system fails to validate the...
CVE-2026-10658
A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In btisorecv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without firs...
CVE-2026-10658 Bluetooth Host ISO RX Missing SDU Header Length Validation in bt_iso_recv() Leads to DoS
A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In btisorecv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without firs...
PT-2026-48547
Name of the Vulnerable Software and Affected Versions russh versions 0.34.0 through 0.60.2 Description Several client and server message handlers decode attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer can...
CVE-2026-40951
CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service...
CVE-2021-4479
Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload...
CVE-2021-4479 Dräger Atlan A350 1.00 <= 1.01 DoS via Medibus Interface
Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload...
CVE-2019-25723
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...
CVE-2019-25723 Dräger Perseus A500 2.00-2.02 DoS via Medibus Interface
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...
CVE-2019-25723 Dräger Perseus A500 2.00-2.02 DoS via Medibus Interface
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...
Astra Linux – Vulnerability in exim4
In Exim before 4.99.2, when utf8 operators are enabled, there is a potential for out-of-bounds reading if large UTF-8 trailing characters are present malformed UTF-8 header data. Information may be disclosed within an error message generated during the processing of an unrelated email message...
PT-2026-45812
Name of the Vulnerable Software and Affected Versions Dräger Perseus A500 versions 2.00 through 2.02 Description Improper input handling allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. This can overlo...
GHSA-W5PP-99CH-QJ29 go-git: Malformed Git object data may cause panics or resource exhaustion
Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...
EUVD-2023-35620
Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...