Vulnerabilities
Vulnerable Software
Security Vulnerabilities
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory.
CVSS Score
5.6
EPSS Score
0.002
Published
2026-06-16
A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.
CVSS Score
5.6
EPSS Score
0.002
Published
2026-06-16
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data.
CVSS Score
5.6
EPSS Score
0.002
Published
2026-06-16
Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.
CVSS Score
5.5
EPSS Score
0.001
Published
2026-06-16
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.
CVSS Score
8.8
EPSS Score
0.003
Published
2026-06-16
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVSS Score
7.1
EPSS Score
0.003
Published
2026-06-16
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVSS Score
7.1
EPSS Score
0.003
Published
2026-06-16
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVSS Score
7.1
EPSS Score
0.002
Published
2026-06-16
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVSS Score
6.9
EPSS Score
0.002
Published
2026-06-16
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVSS Score
7.6
EPSS Score
0.002
Published
2026-06-16


Contact Us

Shodan ® - All rights reserved