Lucene search
+L

334 matches found

redhat
redhat
added 2026/07/09 5:24 p.m.12 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS6.1AI score0.00502EPSS
Exploits1References7
redhat
redhat
added 2026/06/30 12:6 a.m.8 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS5.9AI score0.00502EPSS
Exploits1References7
redhat
redhat
added 2026/06/29 9:14 p.m.5 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS5.9AI score0.00502EPSS
Exploits1References7
redhat
redhat
added 2026/06/29 8:26 p.m.6 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS5.9AI score0.00502EPSS
Exploits1References7
redhat
redhat
added 2026/06/29 6:1 p.m.5 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS5.9AI score0.00502EPSS
Exploits1References7
redhat
redhat
added 2026/06/29 4:27 p.m.9 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS5.9AI score0.00502EPSS
Exploits1References7
attackerkb
attackerkb
added 2026/06/25 7:59 p.m.7 views

CVE-2026-10097

wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...

8.3CVSS5.8AI score0.00161EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/06/25 7:59 p.m.20 views

CVE-2026-10097

Summary: CVE-2026-10097 affects wolfSSL’s ML-KEM-1024 x64 AVX2 implementation. The Fujisaki-Okamoto decapsulation path performs an incomplete ciphertext check, failing to compare the final portion of the 1568-byte ciphertext. As a result, ciphertexts manipulated in those final bytes can bypass im...

8.3CVSS5.8AI score0.00161EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/25 7:59 p.m.36 views

CVE-2026-10097 ML-KEM-1024 x64 AVX2 incomplete cipher text comparison enables IND-CCA2 break and static private-key recovery

wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...

8.3CVSS0.00161EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.17 views

PT-2026-52560

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The AVX2-optimized ML-KEM implementation contains a logic error in the mlkem cmp avx2 function during the Fujisaki-Okamoto transform. In ML-KEM-1024 decapsulation, the constant-time ciphertex...

8.3CVSS5.8AI score0.00161EPSS
Exploits0References6
astralinux
astralinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Set numsyncs to a limit to prevent excessively large allocations. The exec and vmbind ioctls allow userspace to specify an arbitrary value for numsyncs. Without bounds checking, a very large value of numsyncs can result i...

5.9AI score0.00166EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7468

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS6.7AI score0.00356EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33361

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS5.5AI score0.00167EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.15 views

PT-2026-47181

Albatross-console doesn't properly terminate when looping over the ringbuffer. This leads to denial of service and memory exhaustion. Scenario A user that has access to albatross-console either via the unix domain socket requires root:albatross by default or via albatross-tls-endpoint requires a...

7.1CVSS5.7AI score
Exploits0References2
euvd
euvd
added 2026/05/11 6:31 p.m.9 views

EUVD-2026-29105

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References3
nvd
nvd
added 2026/05/11 5:16 p.m.14 views

CVE-2026-33361

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS0.00167EPSS
Exploits0References2
cve
cve
added 2026/05/11 4:3 p.m.33 views

CVE-2026-33361

Affected software: Meari IoT SDK image handling (libmrplayer.so) as used in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (≤ 1.8.x). Vulnerability detail: baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key der...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/11 4:3 p.m.5 views

CVE-2026-33361

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/11 4:3 p.m.9 views

CVE-2026-33361 Meari weak XOR obfuscation

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/11 4:3 p.m.39 views

CVE-2026-33361 Meari weak XOR obfuscation

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS0.00167EPSS
Exploits0References2
Rows per page
Query Builder