Protecting Privacy Build Trust

Protecting Privacy Build Trust
Menu
  • Contact Us
Request Demo
Protecting Privacy Build Trust

CyberSecurity

on February 18, 2026 at 9:22 am — CVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users) an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. 

Leave a Comment / Threats & Vulnerabilities /

Information published. 

on February 18, 2026 at 9:22 am — CVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users) an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.  Read More »

on February 18, 2026 at 9:37 am — CVE-2021-20255 A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host resulting in a denial of service. The highest threat from this vulnerability is to system availability. 

Leave a Comment / Threats & Vulnerabilities /

Information published. 

on February 18, 2026 at 9:37 am — CVE-2021-20255 A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host resulting in a denial of service. The highest threat from this vulnerability is to system availability.  Read More »

on February 18, 2026 at 9:30 am — CVE-2021-20270 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file as demonstrated by input that only contains the “exception” keyword. 

Leave a Comment / Threats & Vulnerabilities /

Information published. 

on February 18, 2026 at 9:30 am — CVE-2021-20270 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file as demonstrated by input that only contains the “exception” keyword.  Read More »

on February 18, 2026 at 9:02 am — CVE-2017-14867 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. 

Leave a Comment / Threats & Vulnerabilities /

Information published. 

on February 18, 2026 at 9:02 am — CVE-2017-14867 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.  Read More »

on February 18, 2026 at 2:00 am — Chromium: CVE-2026-2323 Inappropriate implementation in Downloads 

Leave a Comment / Threats & Vulnerabilities /

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. 

on February 18, 2026 at 2:00 am — Chromium: CVE-2026-2323 Inappropriate implementation in Downloads  Read More »

on February 17, 2026 at 4:00 pm — CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability 

Leave a Comment / Threats & Vulnerabilities /

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. 

on February 17, 2026 at 4:00 pm — CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability  Read More »

on February 18, 2026 at 2:00 am — Chromium: CVE-2026-2320 Inappropriate implementation in File input 

Leave a Comment / Threats & Vulnerabilities /

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. 

on February 18, 2026 at 2:00 am — Chromium: CVE-2026-2320 Inappropriate implementation in File input  Read More »

on February 18, 2026 at 2:00 am — Chromium: CVE-2026-2441 Use after free in CSS 

Leave a Comment / Threats & Vulnerabilities /

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. Google is aware that an exploit for CVE-2026-2441 exists in the wild. 

on February 18, 2026 at 2:00 am — Chromium: CVE-2026-2441 Use after free in CSS  Read More »