Threats Tagged 'gcve'

Red Hat has issued a security advisory for an update to Red Hat Hardened Images RPMs addressing CVE-2026-11850 in the krb5 packages. The update includes multiple krb5-related RPMs for aarch64 and x86_64 architectures. The vulnerability is associated with CWE-191. No CVSS score is provided, and no known exploits are reported in the wild.

A security update for qemu addresses multiple vulnerabilities including unbounded memory allocation, out-of-bounds heap access, heap buffer overflow, integer overflow, and information leaks. These issues affect various components such as virtio-crypto, virtio-snd, VMDK file processing, and hyperv/syndbg. The vulnerabilities can lead to denial of service, potential memory corruption, information disclosure, and host out-of-bounds writes.

A security update for Python addresses multiple vulnerabilities including directory traversal during wheel archive extraction, improper ZIP file validation in pip, incomplete command injection mitigation in webbrowser.open(), insufficient neutralization of embedded characters in BaseCookie.js_output(), use-after-free leading to arbitrary code execution or information disclosure in decompression modules, and pip self-update importing newly installed modules improperly. These issues collectively pose a high risk to affected systems. The update also includes a change for SLE-12-SP1 to use a vendored libffi version.

A security update for GraphicsMagick addresses a stack buffer overflow vulnerability in the XTileImage function identified as CVE-2026-42050. This vulnerability could potentially allow memory corruption via a stack buffer overflow. The issue is fixed by the update provided by the SUSE Product Security Team. No known exploits are reported in the wild. The severity is assessed as medium based on the available information.

CVE-2026-52860 is a vulnerability in Vim version 3.0 involving arbitrary code execution via Python omni-completion. The vulnerability is categorized under CWE-94, indicating code injection or execution issues. No CVSS score is provided, and no known exploits are reported in the wild. There is no information about available patches or vendor advisories specifying remediation. The affected version explicitly stated is Vim 3.0.

CVE-2026-52859 is an out-of-bounds read vulnerability in Vim related to terminal screen snapshot functionality. It affects version 3.0 of the software. The vulnerability is categorized under CWE-125, indicating a bounds check error. No CVSS score or detailed impact information is provided. There are no known exploits in the wild and no patch or remediation information is available at this time.

A vulnerability identified as CVE-2026-47167 affects Vim version 3.0, involving code injection in the Vimscript via a crafted step-definition regex in the cucumber filetype plugin. This vulnerability relates to CWE-94, indicating improper control of code generation or execution. No CVSS score is provided, and no known exploits are reported in the wild. There is no information about available patches or fixes.

CVE-2026-47162 is a vulnerability in Vim version 3.0 involving code injection through the netrw plugin's NetrwBookHistSave() function when processing crafted directory names. This vulnerability is categorized under CWE-74, indicating improper neutralization of code elements. No patch or remediation information is currently provided, and no known exploits are reported in the wild. The vulnerability affects exactly version 3.0 of Vim.

CVE-2026-45445 is a vulnerability in Microsoft product version 3.0 where the AES-OCB encryption mode's initialization vector (IV) is ignored when using the EVP_Cipher() function path. This issue relates to improper use of cryptographic parameters, classified under CWE-325. No patch or fix information is currently provided, and no known exploits are reported in the wild.

CVE-2026-34183 is a vulnerability in Microsoft software version 3.0 involving unbounded memory growth in the QUIC PATH_CHALLENGE handler. This issue relates to improper memory management that could lead to excessive memory consumption. No CVSS score is provided, and no known exploits are reported in the wild. There is no information about an available patch or remediation from the vendor advisory. The affected version explicitly stated is version 3.0.