Lucene search
+L

3195 matches found

cnnvd
cnnvd
added 2026/06/03 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the netfilter nftinner module, which incorrectly calculates the transmission header...

9.1CVSS5.3AI score0.00322EPSS
Exploits0References5
nvd
nvd
added 2026/06/02 4:16 p.m.16 views

CVE-2026-10047

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...

8.5CVSS0.00118EPSS
Exploits0References1
euvd
euvd
added 2026/06/02 2:17 p.m.11 views

EUVD-2026-33944

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...

8.5CVSS5.9AI score0.00118EPSS
Exploits0References1
hackerone
hackerone
added 2026/06/02 9:6 a.m.25 views

curl: TFTP upload ignores --continue-at / CURLOPT_RESUME_FROM and leaks skipped local file prefix

Summary TFTP uploads ignore the configured resume offset. When a caller runs curl -C N -T file tftp://... or uses libcurl with CURLOPTUPLOAD and CURLOPTRESUMEFROM, curl should skip the first N bytes of the local source before uploading. Instead, the TFTP code sends the complete local file from by...

5.8AI score
Exploits0
nvd
nvd
added 2026/06/01 10:16 p.m.14 views

CVE-2018-25432

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

8.6CVSS0.00162EPSS
Exploits0References4
cve
cve
added 2026/06/01 9:0 p.m.21 views

CVE-2018-25432

Arm Whois 3.11 is affected by a local buffer overflow that allows code execution via exception handler hijacking. An input file crafted with a 672-byte offset can overwrite nSEH and SEH pointers, enabling arbitrary code execution when the structured exception handler is triggered. CVSS data prese...

8.6CVSS6.7AI score0.00162EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.29 views

PT-2026-45623

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

8.6CVSS6.7AI score0.00162EPSS
Exploits0References5
mscve
mscve
added 2026/05/29 8:3 a.m.9 views

smb: client: validate dacloffset before building DACL pointers

...

9.8CVSS5.4AI score0.00675EPSS
Exploits0
nessus
nessus
added 2026/05/29 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-46195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, a...

9.8CVSS6.7AI score0.00675EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/05/28 2:3 p.m.16 views

CVE-2026-46195

A flaw was found in the Linux kernel's Server Message Block SMB client. A malicious server can exploit this vulnerability on 32-bit systems by providing a crafted dacloffset value. This can cause a pointer wrap, leading to the dereferencing of invalid Discretionary Access Control List DACL fields...

9.8CVSS5.5AI score0.00675EPSS
Exploits0References4
redhat
redhat
added 2026/05/28 1:35 p.m.22 views

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

9.4CVSS5.8AI score0.00337EPSS
Exploits0References5
nvd
nvd
added 2026/05/28 10:16 a.m.19 views

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.5CVSS0.00128EPSS
Exploits0References7
debiancve
debiancve
added 2026/05/28 9:36 a.m.14 views

CVE-2026-46195

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...

9.8CVSS5.7AI score0.00675EPSS
Exploits0
euvd
euvd
added 2026/05/28 9:36 a.m.15 views

EUVD-2026-32820

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.8AI score0.00128EPSS
Exploits0References5
cve
cve
added 2026/05/28 9:36 a.m.37 views

CVE-2026-46193

CVE-2026-46193 concerns a Linux kernel xfrm AH (AH) implementation issue where ESN high bits are not accounted for in async callback paths, causing miscalculation of ICV/auth offsets on IPv4/IPv6 when ESN is enabled and async hmac is used. The vulnerability arises from reconstructing the temporar...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References7Affected Software1
redhat
redhat
added 2026/05/28 8:47 a.m.13 views

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

9.4CVSS5.8AI score0.00337EPSS
Exploits0References5
susecve
susecve
added 2026/05/28 3:55 a.m.11 views

SUSE CVE-2026-45967

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

5.8AI score0.00107EPSS
Exploits0References3
redhat
redhat
added 2026/05/28 2:41 a.m.11 views

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

9.4CVSS5.8AI score0.00337EPSS
Exploits0References5
redhat
redhat
added 2026/05/28 2:21 a.m.19 views

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

9.4CVSS5.8AI score0.00337EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/05/27 9:14 p.m.12 views

CVE-2026-46006

A flaw was found in the Linux kernel's drm/nouveau driver. An integer overflow vulnerability exists in the nouveaugempushbufrelocapply function. This occurs when a 32-bit unsigned integer relocbooffset is used in a bounds check, and the addition of a small value can cause it to wrap around, leadi...

7.8CVSS6AI score0.00143EPSS
Exploits0References4
Rows per page
Query Builder