7 matches found
UBUNTU-CVE-2026-53307
In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...
CVE-2026-46721
The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...
CVE-2025-42895 Code Injection vulnerability in SAP HANA JDBC Client
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...
Mattermost fails to properly validate post props
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post...
Apache NiFi Insufficient Property Validation vulnerability
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...
Updated iceape package fixes security vulnerabilities
When the oxygen-gtk was active and iceape tried to draw a menu for example after a mouse down event on the menu bar, a segmentation fault was triggered causing iceape to crash. The oxygen-gtk theme engine contains a solution for this problem, this is now enabled for iceape. MGA 12978 Mozilla...