Vuldb Updates

A vulnerability identified as problematic has been detected in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2026-2903. The attack can only be executed locally. Furthermore, there is an exploit available. It is suggested to install a patch to address this issue.

A vulnerability was found in libvips up to 8.19.0. It has been rated as problematic. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. This vulnerability is handled as CVE-2026-2913. It is possible to launch the attack on the local host. Additionally, an exploit exists. Applying a patch is the recommended action to fix this issue. The confirmation of the bugfix mentions: "[T]he impact of this is negligible, since this only affects custom seekable sources larger than 4 GiB (and the crash occurs in user code rather than libvips itself)."

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.10.174/5.15.102/6.1.15/6.2.2. This impacts the function vmx_vcpu_create. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2023-53756. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.15/6.2.2. It has been rated as critical. This affects the function pt_issue_pending of the component PTDMA Driver. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2023-53755. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.3.1. It has been declared as critical. The impacted element is the function lpfc_sli4_pci_mem_setup of the component scsi. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2023-53754. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.15/6.2.2. This impacts an unknown function. The manipulation results in out-of-bounds read. This vulnerability was named CVE-2023-53753. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

It seems this issue is a false-positive. Please confirm the sources provided and consider disregarding this entry.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.29/6.3.3. The affected element is the function queue_setup. Performing a manipulation results in out-of-bounds read. This vulnerability is known as CVE-2023-53748. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.53/6.4.15/6.5.2. Affected by this issue is the function kmalloc_reserve of the file net/core/skbuff.c of the component net. The manipulation results in integer overflow. This vulnerability was named CVE-2023-53752. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Linux Kernel up to 6.3.12/6.4.3. The impacted element is the function num_configs of the component pinctrl. Executing a manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2023-53750. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.27/6.2.14/6.3.1. This affects the function TCP_Server_Info::hostname of the component cifs. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2023-53751. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.4.239/5.10.176/5.15.105/6.1.22/6.2.9. This affects the function vfio_ap. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-53746. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.3.3. This impacts the function vcs_write of the file drivers/tty/vt/vc_screen.c. Performing a manipulation results in use after free. This vulnerability is known as CVE-2023-53747. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.2.4. It has been rated as critical. Impacted is the function uml_parse_vector_ifspec. The manipulation leads to unchecked return value. This vulnerability is documented as CVE-2023-53745. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in OWASP ModSecurity Core Rule Set up to 3.3.4. This impacts an unknown function of the component Content-Header Handler. Performing a manipulation results in improper access controls. This vulnerability is cataloged as CVE-2023-38199. It is possible to initiate the attack remotely. There is no exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability identified as problematic has been detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. This vulnerability is identified as CVE-2026-2889. The attack is only possible with local access. Additionally, an exploit exists. You should upgrade the affected component.

A vulnerability has been found in D-Link DWR-M960 1.01.07 and classified as critical. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. This vulnerability is known as CVE-2026-2882. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in D-Link DWR-M960 1.01.07 and classified as critical. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2026-2883. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in D-Link DWR-M960 1.01.07. It has been classified as critical. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-2884. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in D-Link DWR-M960 1.01.07. It has been declared as critical. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. This vulnerability was named CVE-2026-2885. The attack may be performed from remote. In addition, an exploit is available.