SUSE CVE-2026-40338

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

SUSE CVE-2026-40340

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530-563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48-56, up to 9 byt...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1532-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1532-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.3 fixes various security issues The following security issues were fixed: -...

Security update for the Linux Kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger bsc1258396. CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy managemen...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet9.0: aspnetcore-runtime-9.0-9.0.15-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-9.0-9.0.15-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-9.0-9.0.15-1.hum1 aarch64, x8664...

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM Engineering Test Management are affected by cross-site scripting (CVE-2025-12635)

Summary IBM WebSphere Application Server is affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. Following IBM® Engineering Lifecycle Management...

Security Bulletin: IBM Engineering Lifecycle Management products using IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting (CVE-2025-12635)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled, due to improper validation of user-supplied input. An attacker could...

Malicious code in @tushar-br/editing-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a4d5659346f95e443d4a8b6883c51f081de5eb6989f8f6731327eb34ed9c64 The package @tushar-br/editing-pack was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2936 Malicious code in @tushar-br/editing-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a4d5659346f95e443d4a8b6883c51f081de5eb6989f8f6731327eb34ed9c64 The package @tushar-br/editing-pack was found to contain malicious code. Source: ghsa-malware...

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Configuration Manager IP Edition (ITNCM)

Summary Multiple vulnerabilities were addressed in ITNCM version 6.4.2 Fix Pack 24 6.4.2.24 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

libgphoto2 安全漏洞

libgphoto2 is an open-source camera access and control library developed by gPhoto. Versions of libgphoto2 prior to 2.5.33 contained security vulnerabilities. These vulnerabilities stemmed from two functions in camlibs/ptp2/ptp-pack.c that allowed unbounded reading, potentially leading to...

CVE-2026-40339

libgphoto2

EUVD-2026-23607

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 842. The function reads the FormFlag byte via dtoh8odata, poffset without a prior bounds check. The standard ptpunpackDPD at lines...

CVE-2026-40339 libgphoto2 has OOB read in ptp_unpack_Sony_DPD() FormFlag parsing in ptp-pack.c

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 842. The function reads the FormFlag byte via dtoh8odata, poffset without a prior bounds check. The standard ptpunpackDPD at lines...

CVE-2026-40338 libgphoto2 has OOB read in ptp_unpack_Sony_DPD() enumeration count parsing in ptp-pack.c

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

CVE-2026-40338 libgphoto2 has OOB read in ptp_unpack_Sony_DPD() enumeration count parsing in ptp-pack.c

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

CVE-2026-40338

libgphoto2 up to 2.5.33 contains an out-of-bounds read in PTP_DPFF_Enumeration within ptp_unpack_Sony_DPD() in camlibs/ptp2/ptp-pack.c (line 856). The function reads a 2-byte enumeration count N via dtoh16o(data, *poffset) without ensuring enough bytes remain. The standard ptp_unpack_DPD() (line ...

CVE-2026-40336 libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondary enumeration list in ptp-pack.c

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines 884–885. When processing a secondary enumeration list introduced in 2024+ Sony cameras, the function overwrites dpd-FORM.Enum.SupportedVal...