40 matches found
CVE-2026-45678
The CVE-2026-45678 vulnerability affects OpenTelemetry eBPF Instrumentation before version 0.9.0, where the Postgres BIND parsing logic mishandles BIND payloads that are empty or unterminated. The issue arises in the Postgres protocol parser that assumes a NUL-terminated portal name; a crafted pa...
SUSE-SU-2026:21680-1 Security update for freeipmi
This update for freeipmi fixes the following issue - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414...
SUSE-SU-2026:1755-1 Security update for freeipmi
This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414...
Security update for freeipmi
This update for freeipmi fixes the following issue: CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414. Patch Instructions: To install this SUSE update use the SUSE recommended installation...
SUSE-SU-2026:1754-1 Security update for freeipmi
This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414...
CVE-2026-32952 go-ntlmssp NTLM challenges can panic on malformed payloads
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...
go-ntlmssp NTLM challenges can panic on malformed payloads
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...
SUSE SLES16 Security Update : freeipmi (SUSE-SU-2026:21212-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:21212-1 advisory. This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer...
Security update for freeipmi (important)
openSUSE security update: security update for freeipmi ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20556-1 Rating: important References: bsc1260414 Cross-References: CVE-2026-33554 CVSS scores: CVE-2026-33554 SUSE : 7.6...
GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the rtpqdm2depay component allows a remote attacker to execute arbitrary code. The flaw occurs due to insufficient validation of user-supplied data length during the processing of X-QDM Real-time Transport Protocol RT...
SUSE-SU-2026:21231-1 Security update for freeipmi
This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414...
SUSE-SU-2026:21212-1 Security update for freeipmi
This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414...
SUSE CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
BIT-COSIGN-2026-39395 Cosign's verify-blob-attestation reports false positive when payload parsing fails
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
EUVD-2026-19919
Cosign's verify-blob-attestation reports false positive when payload parsing fails...
Missing Report of Error Condition
Overview github.com/sigstore/cosign/cmd/cosign/cli/verify is a package that aims to make signatures invisible infrastructure. Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An...
Missing Report of Error Condition
Overview Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An attacker can cause the system to incorrectly report successful verification of attestations with malformed payloads or...
CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
DEBIAN-CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
UBUNTU-CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...