Lucene search
+L

475 matches found

cvelist
cvelist
added 2026/04/22 4:9 p.m.34 views

CVE-2026-35381 uutils coreutils cut Local Logic Error and Data Integrity Issue in Output Filtering

A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when using the -z null-terminated and -d '' empty delimiter options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code...

3.3CVSS0.00182EPSS
Exploits1References2
susecve
susecve
added 2026/04/22 1:36 a.m.5 views

SUSE CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

3.5CVSS5.8AI score0.00187EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/04/20 1:59 p.m.6 views

CVE-2026-40334

A flaw was found in libgphoto2, a camera access and control library. A missing null terminator in the ptpunpackCanonFE function, when processing a specially crafted 13-byte filename, can lead to an out-of-bounds read. This vulnerability may allow a local attacker with physical access to cause...

3.5CVSS5.5AI score0.00187EPSS
Exploits0References5
nvd
nvd
added 2026/04/18 12:16 a.m.8 views

CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

3.5CVSS0.00187EPSS
Exploits0References2
osv
osv
added 2026/04/18 12:16 a.m.19 views

DEBIAN-CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

3.5CVSS5.5AI score0.00187EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/18 12:0 a.m.12 views

libgphoto2 安全漏洞

libgphoto2 is an open-source camera access and control library developed by gPhoto. Versions of libgphoto2 prior to 2.5.33 contained security vulnerabilities. These vulnerabilities stemmed from the ptpunpackCanonFE function lacking a null terminator, which could lead to out-of-bounds read attacks...

3.5CVSS5.8AI score0.00187EPSS
Exploits0References1
nessus
nessus
added 2026/04/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-40334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in...

3.5CVSS6.1AI score0.00187EPSS
Exploits0References4
debiancve
debiancve
added 2026/04/17 11:16 p.m.6 views

CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

3.5CVSS5.4AI score0.00187EPSS
Exploits0
attackerkb
attackerkb
added 2026/04/17 11:16 p.m.5 views

CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

3.5CVSS5.8AI score0.00187EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/04/17 11:16 p.m.4 views

EUVD-2026-23583

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

3.5CVSS5.8AI score0.00187EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/17 11:16 p.m.35 views

CVE-2026-40334 libgphoto2 missing null termination in ptp_unpack_Canon_FE() filename buffer in ptp-pack.c

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

3.5CVSS0.00187EPSS
Exploits0References2
osv
osv
added 2026/04/17 3:12 p.m.7 views

CLSA-2026-1776438719 Fix CVE(s): CVE-2026-32636

SECURITY UPDATE: heap buffer overflow in UTF-16 to UTF-8 conversion - debian/patches/CVE-2026-32636.patch: allocate length+1 instead of length in ConvertUTF16ToUTF8 in magick/xml-tree.c to make room for the null terminator. - CVE-2026-32636...

7.5CVSS6AI score0.00475EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/17 12:0 a.m.17 views

PT-2026-33524

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description A missing null terminator exists in the ptp unpack Canon FE function within the camlibs/ptp2/ptp-pack.c file. The function uses strncpy to copy a filename into a 13-byte buffer without ensuring t...

6.1CVSS5.9AI score0.00218EPSS
Exploits0References34
github
github
added 2026/04/14 12:4 a.m.24 views

SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh

Impact A crafted hostAlias argument such as -oProxyCommand=... was passed to ssh/scp without an argument terminator. SSH interprets arguments starting with - as options regardless of position, so the option-injection caused SSH to execute the attacker-supplied ProxyCommand locally on the machine...

6.1AI score
Exploits0References4Affected Software1
osv
osv
added 2026/04/14 12:4 a.m.5 views

GHSA-P4H8-56QP-HPGV SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh

Impact A crafted hostAlias argument such as -oProxyCommand=... was passed to ssh/scp without an argument terminator. SSH interprets arguments starting with - as options regardless of position, so the option-injection caused SSH to execute the attacker-supplied ProxyCommand locally on the machine...

8.7CVSS6.1AI score
Exploits0References4
cvelist
cvelist
added 2026/04/13 10:18 p.m.27 views

CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

6.9CVSS0.00559EPSS
Exploits1References2
nessus
nessus
added 2026/04/10 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007098 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

9.1CVSS7AI score0.00778EPSS
Exploits0References4
debian
debian
added 2026/04/09 6:38 p.m.9 views

[SECURITY] [DLA 4525-1] libyaml-syck-perl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4525-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura April 09, 2026 https://wiki.debian.org/LTS -...

9.1CVSS6.1AI score0.00429EPSS
Exploits0
susecve
susecve
added 2026/04/03 11:25 p.m.9 views

SUSE CVE-2026-34601

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...

7.5CVSS5.7AI score0.00472EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/04/03 1:6 p.m.5 views

CVE-2026-34601

A flaw was found in xmldom. A remote attacker can exploit this by inserting specific character sequences, known as the CDATA Character Data terminator , into a CDATASection node. When the XML is serialized, these sequences are not properly handled, allowing them to be interpreted as active XML...

7.5CVSS5.9AI score0.00472EPSS
Exploits0References7
Rows per page
Query Builder