SUSE CVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

CVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

DEBIAN-CVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

CVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

CVE-2026-27890 Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

CVE-2026-27890

Firebird CVE-2026-27890 is a pre-auth DoS flaw. In versions prior to 5.0.4, 4.0.7 and 3.0.14, during authentication the server assumes CNCT_specific_data segments arrive in strictly ascending order. If segments arrive out of order, the Array.grow() method computes a negative size, causing a SIGSE...

USN-8104-1 flask vulnerability

Shourya Jaiswal discovered that Flask did not correctly mark certain web responses as user-specific. A remote attacker could possibly use this issue to obtain sensitive information...

CVE-2025-14806 IBM Planning Analytics Information Disclosure

IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources...

CVE-2025-71230

In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...

EUVD-2019-16402

Malware in sbrugna...

CVE-2019-10541

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W,...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data during schema parsing. An attacker can execute arbitrary code by passing in malicious classes as ReflectData or SpecificData inputs to the schema parser. Details Serialization is a process of converting...

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A denial of service vulnerability exists in ChuanhuChatGPT version 20240918, which can be exploited by an attacker to cause the system to...

CVE-2024-35923

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-20333

A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An...

TeamPass information exposure vulnerability

TeamPass prior to 3.0.10 allows unauthenticated actors to view application-specific and user data and files by viewing an endpoint directory listing...

Information disclosure

SAP BusinessObjects Analysis edition for OLAP - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its...

CVE-2021-37216

QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data...

Cross site scripting

QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data...

Directory traversal

Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal no customer-specific data is exposed...