Vuldb Updates

A vulnerability identified as critical has been detected in FirebirdSQL Firebird up to 3.0.13/4.0.6/5.0.3. The impacted element is the function xdr_datum of the component Packet Handler. Performing a manipulation results in buffer overflow. This vulnerability is identified as CVE-2026-33337. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability described as problematic has been identified in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-6491. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor confirms that they will "be removing the deprecated area in libvips 8.19".

A vulnerability was found in FirebirdSQL Firebird up to 3.x and classified as problematic. This affects an unknown part. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2025-65104. It is possible to launch the attack on the local host. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in FirebirdSQL Firebird up to 3.0.13/4.0.6/5.0.3. This impacts the function xdr_status_vector. The manipulation results in improper handling of syntactically invalid structure. This vulnerability is reported as CVE-2026-34232. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in FirebirdSQL Firebird up to 3.0.13/4.0.6/5.0.3. The affected element is the function op_crypt_key_callback. Such manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2026-28224. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in FirebirdSQL Firebird up to 3.0.13/4.0.6/5.0.3. This affects the function sdl_desc. Executing a manipulation can lead to divide by zero. This vulnerability is tracked as CVE-2026-35215. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability classified as problematic was found in LibRaw d20315b. This vulnerability affects the function x3f_load_huffman of the component File Handler. Such manipulation leads to integer overflow. This vulnerability is traded as CVE-2026-24660. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability was found in FirebirdSQL Firebird up to 3.0.13/4.0.6/5.0.3. It has been rated as problematic. Impacted is the function ClumpletReader::getClumpletSize of the component Batch Handler. This manipulation causes integer overflow. The identification of this vulnerability is CVE-2026-28214. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in LibRaw d20315b. Affected by this vulnerability is the function x3f_thumb_loader of the component File Handler. The manipulation leads to integer overflow. This vulnerability is documented as CVE-2026-20889. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability described as critical has been identified in LibRaw 0b56545/d20315b. Affected by this issue is the function lossless_jpeg_load_raw of the component File Handler. The manipulation results in improper validation of array index. This vulnerability is reported as CVE-2026-21413. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability classified as problematic has been found in LibRaw 8dc68e2. This affects the function uncompressed_fp_dng_load_raw of the component File Handler. This manipulation causes integer overflow. This vulnerability appears as CVE-2026-24450. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.

A vulnerability identified as problematic has been detected in LibRaw. This impacts the function deflate_dng_load_raw of the component File Handler. Performing a manipulation results in integer overflow. This vulnerability is cataloged as CVE-2026-20884. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in Linux Kernel up to 6.6.93/6.12.33/6.15.2 and classified as critical. This vulnerability affects the function phy_detach. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-38149. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.2. It has been rated as problematic. The affected element is an unknown function of the file kernel/locking/mutex.c of the component af_packet. Performing a manipulation results in improper locking. This vulnerability is reported as CVE-2025-38150. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.15.2. It has been classified as critical. Affected by this issue is the function txopt_get of the component calipso. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-38147. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.1.141/6.6.93/6.12.33/6.15.2 and classified as critical. This affects an unknown part of the component net. The manipulation leads to memory leak. This vulnerability is listed as CVE-2025-38148. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15.2. Affected by this vulnerability is the function aspeed_lpc_enable_snoop of the component soc. Performing a manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-38145. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.15.2. Affected by this issue is the function __be32 of the component openvswitch. Executing a manipulation can lead to improper validation of array index. This vulnerability is tracked as CVE-2025-38146. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.15.2. The impacted element is the function devm_ioremap of the component watchdog. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38144. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.15.2. This impacts the function wled_configure of the component backlight. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2025-38143. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.