CVE-2026-30984 iccDEV has a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence causing an application crash. This vulnerability is fixed in 2.3.1.5...

iccDEV 输入验证错误漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.5 contained a vulnerability related to input validation errors. This vulnerability stemmed from a heap out-of-bound read in the...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.5 contained security vulnerabilities. These vulnerabilities were caused by invalid or wild pointer readings in the CIccCalculatorFunc::ApplySequence functio...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

DEBIAN-CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

UBUNTU-CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-2967 Cesanta Mongoose TCP Sequence Number net_builtin.c getpeer verification of source

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-2967

The CVE-2026-2967 entry describes a vulnerability in Cesanta Mongoose up to version 7.20, specifically in the getpeer function of /src/net_builtin.c within the TCP Sequence Number Handler. The underlying issue is improper verification of the source of a communication channel, potentially enabling...

PT-2026-21494

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiat...

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...

Security Advisory 0134

Security Advisory 0134 PDF Date: February 17, 2026 Revision | Date | Changes ---|---|--- 1.0 | February 17, 2026 | Initial release The CVE-ID tracking this issue: CVE-2026-2379 CVSSv3.1 Base Score: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Common Weakness Enumeration: CWE-672: Operation on...

SUSE CVE-2026-23168

In the Linux kernel, the following vulnerability has been resolved: flexproportions: make fpropnewperiod hardirq safe Bernd has reported a lockdep splat from flexible proportions code that is essentially complaining about the following race: runtimersoftirq - we are in softirq context calltimerfn...

SUSE CVE-2026-23210

In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi-rxrings. The sequence was: 1. iceptpprepareforreset cancels PTP work 2...

CVE-2026-23202

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer in tegraqspicombinedseqxfer The currxfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing currxfer in the combined sequence transf...

UBUNTU-CVE-2026-23202

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer in tegraqspicombinedseqxfer The currxfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing currxfer in the combined sequence transf...

CVE-2026-23210

In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi-rxrings. The sequence was: 1. iceptpprepareforreset cancels PTP work 2...