475 matches found
CVE-2026-35381 uutils coreutils cut Local Logic Error and Data Integrity Issue in Output Filtering
A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when using the -z null-terminated and -d '' empty delimiter options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code...
SUSE CVE-2026-40334
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...
CVE-2026-40334
A flaw was found in libgphoto2, a camera access and control library. A missing null terminator in the ptpunpackCanonFE function, when processing a specially crafted 13-byte filename, can lead to an out-of-bounds read. This vulnerability may allow a local attacker with physical access to cause...
CVE-2026-40334
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...
DEBIAN-CVE-2026-40334
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...
libgphoto2 安全漏洞
libgphoto2 is an open-source camera access and control library developed by gPhoto. Versions of libgphoto2 prior to 2.5.33 contained security vulnerabilities. These vulnerabilities stemmed from the ptpunpackCanonFE function lacking a null terminator, which could lead to out-of-bounds read attacks...
Linux Distros Unpatched Vulnerability : CVE-2026-40334
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in...
CVE-2026-40334
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...
CVE-2026-40334
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...
EUVD-2026-23583
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...
CVE-2026-40334 libgphoto2 missing null termination in ptp_unpack_Canon_FE() filename buffer in ptp-pack.c
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...
CLSA-2026-1776438719 Fix CVE(s): CVE-2026-32636
SECURITY UPDATE: heap buffer overflow in UTF-16 to UTF-8 conversion - debian/patches/CVE-2026-32636.patch: allocate length+1 instead of length in ConvertUTF16ToUTF8 in magick/xml-tree.c to make room for the null terminator. - CVE-2026-32636...
PT-2026-33524
Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description A missing null terminator exists in the ptp unpack Canon FE function within the camlibs/ptp2/ptp-pack.c file. The function uses strncpy to copy a filename into a 13-byte buffer without ensuring t...
SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh
Impact A crafted hostAlias argument such as -oProxyCommand=... was passed to ssh/scp without an argument terminator. SSH interprets arguments starting with - as options regardless of position, so the option-injection caused SSH to execute the attacker-supplied ProxyCommand locally on the machine...
GHSA-P4H8-56QP-HPGV SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh
Impact A crafted hostAlias argument such as -oProxyCommand=... was passed to ssh/scp without an argument terminator. SSH interprets arguments starting with - as options regardless of position, so the option-injection caused SSH to execute the attacker-supplied ProxyCommand locally on the machine...
CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...
Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007098)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007098 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...
[SECURITY] [DLA 4525-1] libyaml-syck-perl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4525-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura April 09, 2026 https://wiki.debian.org/LTS -...
SUSE CVE-2026-34601
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...
CVE-2026-34601
A flaw was found in xmldom. A remote attacker can exploit this by inserting specific character sequences, known as the CDATA Character Data terminator , into a CDATASection node. When the XML is serialized, these sequences are not properly handled, allowing them to be interpreted as active XML...