CVE-2026-22879

Publié : 25 juin 2026

Modifié : 26 juin 2026

Lien officiel NVD

Score CVSS

8.1

HIGH

Description détaillée

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Références et Patchs

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2366 https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2366

Dernières Vulnérabilités

CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access.

VOIR DÉTAILS

CVE-2026-9221

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the session ID exposed, an attacker could impersonate the legitimate user and issue authenticated API requests.

VOIR DÉTAILS

CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.

VOIR DÉTAILS