1269 matches found
CVE-2026-21676
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...
CVE-2026-21676 iccDEV has a Heap-based Buffer Overflow in its CIccMBB::Validate() function
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...
CVE-2026-21676 iccDEV has a Heap-based Buffer Overflow in its CIccMBB::Validate() function
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...
EUVD-2026-1151
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...
CVE-2026-21676
ICCDev iccDEV contains a Heap-based Buffer Overflow in CIccMBB::Validate that affects versions 2.3.1 and earlier. The issue is fixed in version 2.3.1.1. This CVE-2026-21676 entry is supported by Red Hat and NVD descriptions, identifying the vulnerable component and the fixed version. Remediation:...
CVE-2026-21676 iccDEV has a Heap-based Buffer Overflow in its CIccMBB::Validate() function
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...
iccDEV 安全漏洞
iccDEV is a color configuration codebase open-sourced by the International Color Consortium ICC. A security vulnerability exists in iccDEV 2.3.1 and earlier versions, which stems from a heap buffer overflow in the CIccMBB::Validate function, which could lead to a heap buffer overflow attack...
PT-2026-1406
Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.1 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Heap-based Buffer Overflow in the CIccMBB::Validate function, which is...
PT-2026-1325
Name of the Vulnerable Software and Affected Versions Passy version 1.6.3 Description A flaw exists in Passy that could allow a remote attacker to execute arbitrary commands. This can occur through the serial interface by sending a specific code sequence. Additionally, a remote authenticated...
CVE-2025-66398
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...
CVE-2025-66023
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free UAF vulnerability within the MQTT bridge client component implemented via the underlying NanoNNG library. The vulnerability is triggered when NanoMQ acts as a bridge connecting ...
GHSA-W3X5-7C4C-66P9 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
Summary An unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files e.g., security.json,...
CVE-2025-66398 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...
CVE-2025-66398
Summary (CVE-2025-66398) : Signal K Server (signalk-server) before version 2.19.0 is vulnerable to unauthenticated state pollution via the /skServer/validateBackup endpoint. An attacker can pollute the global restoreFilePath, hijack the administrator’s Restore workflow, and overwrite critical con...
Improper Control of Interaction Frequency
Overview django-phone-verify is an A Django app to support phone number verification using security code sent via SMS. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to the absence of failed attempt tracking and lockout mechanisms in the...
CVE-2022-50859
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
CVE-2025-15280
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...
EUVD-2022-55839
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
CVE-2023-54300
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 "wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg", ath9khtcrxmsg should validate pktlen before accessing...
CVE-2022-50859
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...