3355 matches found
Security Bulletin: Integer Overflow Leading to Packet Corruption in Eclipse Paho Go MQTT, affects watsonx.data
Summary Eclipse Paho Go MQTT version 1.5.0 contains an integer overflow issue when handling UTF-8 strings longer than 65535 bytes. Improper length conversion can cause malformed MQTT packets, potentially leading to data leakage between fields e.g., topic data leaking into message body. This can...
OpenSSL 3.0.0 < 3.0.20 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.20 advisory. - Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bi...
CVE-2026-35167
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...
PYSEC-2026-71
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...
CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...
EUVD-2026-19416
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...
CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...
CVE-2026-35167
CVE-2026-35167 affects Kedro. The _get_versioned_path() function constructs filesystem paths by directly interpolating user-supplied version strings, preserving traversal sequences like ../ and enabling access outside the intended versioned dataset directory. This affects multiple entry points (c...
BIT-NODE-MIN-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
BIT-NODE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
Watchr 安全漏洞
Watchr is a video recording application developed by Watchr Inc. Version 1.1.0.0 of Watchr contains a security vulnerability. This vulnerability arises from the search function’s improper handling of excessively long strings, which may allow local attackers to cause the application to crash by...
One Search 安全漏洞
One Search is a quick-start search tool developed by One Search Inc. Version 1.1.0.0 of One Search contains a security vulnerability. This vulnerability arises from the search function’s improper handling of extremely long input strings, which may allow local attackers to cause the application to...
FastTube 安全漏洞
FastTube is a third-party client provided by FastTube Corporation for watching YouTube videos. Version 1.0.1.0 of FastTube contains a security vulnerability. This vulnerability stems from the search function’s improper handling of overly long strings, which may allow local attackers to cause the...
CVE-2026-34979
A flaw was found in OpenPrinting CUPS. A remote attacker could exploit a heap-based buffer overflow by sending specially crafted job attributes when building filter option strings. This could lead to a denial of service, making the printing system unavailable. Mitigation Mitigation for this issue...
CVE-2026-34593
Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...
DEBIAN-CVE-2026-34979
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...
CVE-2026-34979
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...
Kedro: Path Traversal in versioned dataset loading via unsanitized version string
Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...
GHSA-6326-W46W-PPJW Kedro: Path Traversal in versioned dataset loading via unsanitized version string
Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...
Belden GarrettCom Magnum 6K和Belden GarrettCom Magnum 10K 信任管理问题漏洞
Both the Belden GarrettCom Magnum 6K and the Belden GarrettCom Magnum 10K are modular industrial Ethernet switches produced by the American company Belden. Both devices have vulnerabilities related to trust management. These vulnerabilities stem from hardcoded strings within the authentication...