3037 matches found
EUVD-2026-17713
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in the XML conversion tooling path iccToXml caused by an implicit conversion from a negative signed integer to icUInt32Number unsigned...
CVE-2026-34548 iccDEV: UB at IccUtilXml.cpp
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in the XML conversion tooling path iccToXml caused by an implicit conversion from a negative signed integer to icUInt32Number unsigned...
CVE-2026-34548
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in the XML conversion tooling path iccToXml caused by an implicit conversion from a negative signed integer to icUInt32Number unsigned...
EUVD-2026-17614
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
CVE-2026-1579
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
CVE-2026-1579
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
CVE-2026-1579
The CVE-2026-1579 issue affects PX4 Autopilot via the MAVLink protocol. Without MAVLink 2.0 message signing, unauthenticated entities with access to the MAVLink interface can send messages (including SERIAL_CONTROL, which can grant interactive shell access), potentially compromising devices that ...
PT-2026-29340
Name of the Vulnerable Software and Affected Versions PX4 Autopilot affected versions not specified Description The MAVLink communication protocol, as used by PX4 Autopilot, does not require cryptographic authentication by default. Without MAVLink 2.0 message signing enabled, unauthenticated...
PT-2026-29395
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in IccProfLib/IccIO.cpp caused by an implicit conversion from a negative signed integer to size t unsigned, which changes the value...
VulnCheck KEV: CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...
iccDEV 安全漏洞
iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities. These vulnerabilities were caused by an implicit conversion from signed integers to unsigned integers in the XML...
Fedora 44 : bind / bind-dyndb-ldap (2026-19d899e92d)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-19d899e92d advisory. Update to 9.18.47 rhbz2440561 Security Fixes: - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. CVE-2026-1519 Source:...
Fedora 43 : bind / bind-dyndb-ldap (2026-b2ec0d8a47)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-b2ec0d8a47 advisory. Update to 9.18.47 rhbz2440561 Security Fixes: - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. CVE-2026-1519 Source:...
GO-2026-4764 Unsigned SAML LogoutRequest Acceptance in gosaml2 in github.com/russellhaering/gosaml2
Unsigned SAML LogoutRequest Acceptance in gosaml2 in github.com/russellhaering/gosaml2...
EUVD-2014-9820
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when...
UBUNTU-CVE-2014-125112
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when...
CVE-2014-125112
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when...
CVE-2014-125112
CVE-2014-125112 affects Plack::Middleware::Session::Cookie for Perl, with versions through 0.21 vulnerable. The issue allows an attacker to execute arbitrary code on the server during deserialization of cookie data when there is no secret used to sign the cookie. This results in remote code execu...
Plack::Middleware::Session::Cookie 安全漏洞
Plack::Middleware::Session::Cookie is a Perl-based web session management middleware component developed by MIYAGAWA’s individual developers. Versions of Plack::Middleware::Session::Cookie prior to version 0.21 contain security vulnerabilities. These vulnerabilities stem from the lack of key...
[slackware-security] bind
New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.18.47-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Fix unbounded NSEC3 iterations when validating referrals...