CVE-2026-9259

Publié : 16 juin 2026

Modifié : 16 juin 2026

Lien officiel NVD

Score CVSS

6.5

MEDIUM

Description détaillée

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Références et Patchs

https://canon.jp/support/support-info/260615vulnerability-response https://psirt.canon/advisory-information/cp2026-005/https://www.canon-europe.com/support/product-security/https://www.usa.canon.com/about-us/to-our-customers/cpa2026-005-vulnerability-remediation-for-eos-network-setting-tool

Dernières Vulnérabilités

CVE-2026-42014

A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.

VOIR DÉTAILS

CVE-2026-1767

A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.

VOIR DÉTAILS

CVE-2026-1766

A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory.

VOIR DÉTAILS